Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer randomly shuts off and icons switch unexpectedly


  • Please log in to reply
12 replies to this topic

#1 AzueroGeoffrey

AzueroGeoffrey

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 21 January 2014 - 02:16 PM

My HP Pavillion Elite HPE will shut off and restart on its own. Also, icons are being switched around, i.e., the excel icon shows up for word documents and vice versa. There are no messages associated with this action.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2
Run by Administrator at 14:08:34 on 2014-01-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16367.13525 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files\IDT\WDM\beats64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\X-Rite\ColorMunki Display\ColorMunkiDisplayTray.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Users\Carlos\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com?pc=HPDTDF
uDefault_Page_URL = hxxp://www.bing.com?pc=HPDTDF
mWinlogon: Userinit = userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Carlos\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\COLORM~1.LNK - C:\Program Files (x86)\X-Rite\ColorMunki Display\ColorMunkiDisplayTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\XRGamma.lnk - C:\Program Files (x86)\X-Rite\ColorMunki Display\XRGamma.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 10.158.45.165
TCP: Interfaces\{A8099378-591A-4962-B8FC-5BB0763AA29B} : DHCPNameServer = 200.3.200.5 200.3.200.6
TCP: Interfaces\{B28B9E48-5276-494E-A28B-574FDFC211A8} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{E53BBCEF-859E-4498-8309-8FF941294C32} : DHCPNameServer = 10.158.45.165
TCP: Interfaces\{E53BBCEF-859E-4498-8309-8FF941294C32}\1454057796669623 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E53BBCEF-859E-4498-8309-8FF941294C32}\94E6475627E656470516271645F646F637C2 : DHCPNameServer = 201.221.253.254 201.221.253.252
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\COMMON~1\JAKSTA~1\AUDIOC~1\jaudcap.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\e5ufvrf0.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys [2013-11-19 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys [2013-11-19 1147480]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140110.001\BHDrvx64.sys [2014-1-13 1526488]
R1 bizVSerial;Franson VSerial;C:\Windows\System32\drivers\bizVSerialNT.sys [2011-8-8 25616]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys [2013-11-19 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140118.001\IDSviA64.sys [2014-1-20 521944]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys [2013-11-19 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys [2013-11-19 590936]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-1-18 89600]
R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-1-24 21880]
R2 ArcGIS License Manager;ArcGIS License Manager;C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [2008-11-6 1500424]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-2-11 21992]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;C:\ProgramData\MobileBrServ\mbbService.exe [2012-10-4 230240]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [2013-11-19 264360]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2013-7-26 230416]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-1-18 1121304]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-18 2655768]
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\Windows\System32\drivers\DDCDrv.sys [2011-10-7 20832]
R2 xrdd.exe;X-Rite Device Services Manager;C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [2011-3-10 203088]
R3 CamSuiteVAC;CamSuite Virtual Audio;C:\Windows\System32\drivers\CamSuiteVAC.sys [2011-6-14 56320]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-23 137648]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-1-18 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-1-18 180224]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-21 452200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2013-5-5 38080]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-5-5 103064]
S3 Franson GpsGate 2.0;Franson GpsGate 2.0;C:\Program Files (x86)\Franson\GpsGate 2.0\GpsGateService.exe [2011-6-27 258048]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-5-5 37344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2011-8-17 171008]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-30 19456]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2013-5-5 169288]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2013-5-5 21320]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2013-5-5 188232]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-5-5 203672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-30 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-11 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-01-21 18:56:18    --------    d-----w-    C:\Program Files (x86)\SpeedFan
2014-01-20 21:40:44    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-20 20:23:54    --------    d-----r-    C:\Users\Administrator\Dropbox
2014-01-17 17:58:38    --------    d-----w-    C:\Users\Administrator\AppData\Local\Programs
2014-01-17 17:10:16    --------    d-----w-    C:\Users\Administrator\AppData\Local\Macromedia
2014-01-15 02:38:51    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 02:38:51    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2014-01-15 02:38:51    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2014-01-15 02:38:51    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2014-01-15 02:38:51    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2014-01-15 02:38:51    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2014-01-15 02:38:51    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-15 02:38:51    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 02:38:51    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2014-01-06 19:23:36    4558848    ----a-w-    C:\Windows\SysWow64\GPhotos.scr
.
==================== Find3M  ====================
.
2013-12-11 02:22:27    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 02:22:27    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 08:02:06    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2013-11-26 08:02:06    194048    ----a-w-    C:\Windows\SysWow64\elshyph.dll
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-20 02:30:08    177752    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
.
============= FINISH: 14:09:10.00 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 PM

Posted 26 January 2014 - 02:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/521589 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 AzueroGeoffrey

AzueroGeoffrey
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 27 January 2014 - 11:06 AM

My HP Pavillion Elite HPE will shut off and restart on its own. Also, icons are being switched around, i.e., the excel icon shows up for word documents and vice versa. There are no messages associated with this action.  I do not have my original Windows CD/DVD available, though I will continue looking for it.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2
Run by Carlos at 11:01:49 on 2014-01-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16367.11312 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files\IDT\WDM\beats64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\X-Rite\ColorMunki Display\ColorMunkiDisplayTray.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Users\Carlos\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\dnrgps\dnrgps.exe
C:\Windows\splwow64.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ArcGIS\Desktop10.0\Bin\ArcMap.exe
C:\Program Files (x86)\ArcGIS\Desktop10.0\bin\AppROT.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com?pc=hpdtdf
uDefault_Page_URL = hxxp://www.bing.com?pc=HPDTDF
mWinlogon: Userinit = userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Carlos\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Carlos\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\COLORM~1.LNK - C:\Program Files (x86)\X-Rite\ColorMunki Display\ColorMunkiDisplayTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\XRGamma.lnk - C:\Program Files (x86)\X-Rite\ColorMunki Display\XRGamma.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 10.158.45.165
TCP: Interfaces\{A8099378-591A-4962-B8FC-5BB0763AA29B} : DHCPNameServer = 200.3.200.5 200.3.200.6
TCP: Interfaces\{B28B9E48-5276-494E-A28B-574FDFC211A8} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{E53BBCEF-859E-4498-8309-8FF941294C32} : DHCPNameServer = 10.158.45.165
TCP: Interfaces\{E53BBCEF-859E-4498-8309-8FF941294C32}\1454057796669623 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E53BBCEF-859E-4498-8309-8FF941294C32}\94E6475627E656470516271645F646F637C2 : DHCPNameServer = 201.221.253.254 201.221.253.252
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\COMMON~1\JAKSTA~1\AUDIOC~1\jaudcap.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys [2013-11-19 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys [2013-11-19 1147480]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-22 1526488]
R1 bizVSerial;Franson VSerial;C:\Windows\System32\drivers\bizVSerialNT.sys [2011-8-8 25616]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys [2013-11-19 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140124.001\IDSviA64.sys [2014-1-24 521944]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys [2013-11-19 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys [2013-11-19 590936]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-1-18 89600]
R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-1-24 21880]
R2 ArcGIS License Manager;ArcGIS License Manager;C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [2008-11-6 1500424]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-2-11 21992]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;C:\ProgramData\MobileBrServ\mbbService.exe [2012-10-4 230240]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [2013-11-19 264360]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2013-7-26 230416]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-1-18 1121304]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-1-27 5341536]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-18 2655768]
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\Windows\System32\drivers\DDCDrv.sys [2011-10-7 20832]
R2 xrdd.exe;X-Rite Device Services Manager;C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [2011-3-10 203088]
R3 CamSuiteVAC;CamSuite Virtual Audio;C:\Windows\System32\drivers\CamSuiteVAC.sys [2011-6-14 56320]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-23 137648]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-1-18 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-1-18 180224]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-21 452200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2013-5-5 38080]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-5-5 103064]
S3 Franson GpsGate 2.0;Franson GpsGate 2.0;C:\Program Files (x86)\Franson\GpsGate 2.0\GpsGateService.exe [2011-6-27 258048]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-5-5 37344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2011-8-17 171008]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-30 19456]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2013-5-5 169288]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2013-5-5 21320]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2013-5-5 188232]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-5-5 203672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-30 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-11 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-01-27 15:08:25 -------- d-----w- C:\Users\Carlos\AppData\Roaming\TeamViewer
2014-01-27 14:31:50 -------- d-----w- C:\Program Files (x86)\TeamViewer
2014-01-24 16:25:33 -------- d-----w- C:\Users\Carlos\AppData\Roaming\Map Maker
2014-01-21 18:56:18 -------- d-----w- C:\Program Files (x86)\SpeedFan
2014-01-20 21:40:44 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-15 02:38:51 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 02:38:51 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 02:38:51 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 02:38:51 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-15 02:38:51 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 02:38:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 02:38:51 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-15 02:38:51 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 02:38:51 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-06 19:23:36 4558848 ----a-w- C:\Windows\SysWow64\GPhotos.scr
.
==================== Find3M  ====================
.
2013-12-11 02:22:27 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 02:22:27 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 08:02:06 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2013-11-26 08:02:06 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-20 02:30:08 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
.
============= FINISH: 11:02:10.04 ===============

 

Attached Files



#4 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:05:51 PM

Posted 03 February 2014 - 11:14 AM

Greetings AzueroGeoffrey and Welcome to the forums,

 

I'm looking over this thread and the logs you've provided and will have some suggestions/questions for you in a short while. Thanks very much for your patience!


Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#5 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:05:51 PM

Posted 03 February 2014 - 11:54 AM

OK, my questions are:
1) When was the last time you performed a disk check of that system?
2) Do you use Dropbox?
3) Why do you have both Microsoft Office AND LibreOffice installed?

4) When your system shuts off randomly, does it immediately reboot or does it just shut down entirely?

 

Now...just having glanced over your logs, I do see some out dated software that needs to go. Please uninstall these:
Java 7 Update 9
Java SE Development Kit 7 Update 9
Java 6 Update 22
Java se Development Kit 7 Update 3
JavaFX 2.0.3 SDK (64-bit)

...what Java installations you have remaining are sufficiently up to date. On your next reply, please answer my few questions above and we'll continue at that point. Thanks!


Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#6 AzueroGeoffrey

AzueroGeoffrey
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 03 February 2014 - 03:55 PM

1972vet thanks for your help. I have responded to your questions below in blue.

 

 

1) When was the last time you performed a disk check of that system? Approximately 2 weeks ago
2) Do you use Dropbox? Yes
3) Why do you have both Microsoft Office AND LibreOffice installed? No idea. Was not aware of LibreOffice. This computer has had a number of users in the past. LibreOffice may have been installed prior to Microsoft Office in order to do the Office type computing . If LIbreOffice is not necessary I would like to consider getting rid of it. However, if there are files that have been created using LibreOffice and the program is then uninstalled, will those files be affected? Will Microsoft Office be able to open them for editing and saving?

4) When your system shuts off randomly, does it immediately reboot or does it just shut down entirely? Shuts down entirely.

 

Now...just having glanced over your logs, I do see some out dated software that needs to go. Please uninstall these:
Java 7 Update 9 Uninstalled
Java SE Development Kit 7 Update 9 Uninstalled
Java 6 Update 22 Uninstalled
Java se Development Kit 7 Update 3 Uninstalled
JavaFX 2.0.3 SDK (64-bit) Uninstalled



#7 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:05:51 PM

Posted 04 February 2014 - 06:35 AM

Alright, thanks! Now, as to your answer to question #1, can you remember what the results were (i.e. did you receive the system message that "Windows completed the disk check and found no problems")? If not, can you share with us what those results were? If you need guidance as to how you can find the results to that scan, please let us know and instructions will be provided.

As to question #2, using some sort of file storage in the cloud is fine providing you are aware of the security issues that can result. Dropbox for instance has had it's share of bad press. If you are addicted to that kind of digital delicacy then reading on might be of some benefit for you:
Using Dropbox to steal files...
5 Dropbox Security Warnings...
Dropbox Responds to Security Flap

Now, as to question #3, first let me explain the "basic" differences between those two pieces of software mentioned...there are none. "Basically", LibreOffice (btw, OpenOffice is considered to be another one equal to these) and MS Office can perform the same tasks. My personal preference is LibreOffice and I have used all 3 in the past for comparison.

My recommendation for you would be to consider first your own personal needs and tastes. That is, if you feel that you are adequately trained in the use of MS Office and "change" is something that bothers you, then I would keep that one but if you are comfortable getting by with using LibreOffice then you might consider the cost differences. LibreOffice is an OpenSource program (and so is OpenOffice) which is free vs. MS Office which can cost hundreds of (U.S.) dollars. Using only one of these is all that is necessary so removing either one would be to your benefit. Any "office" related document would still be opened by either program so you shouldn't worry.

I might add, your issue with the icon seeming to change functionality might resolve itself once you remove one or the other of these.

Now...you mentioned that a "number of other users" have had access to that computer in the past which has me concerned about a couple things. Have you since then, shored up your security so that NONE of those other users can access that system? Have you spent time looking over that system to consider what software might not be of any use to YOU anymore, now that those "other users" are no longer relevant? Is this now a single user system of which you are the owner?

As to your shutdown issue, we will need to troubleshoot further. On your next reply, please address my several other questions above and let us know how old that system is and how much work (and kind) is done weekly...that is, your answer might be something like "five years old, and it's used to compile data using office software and perhaps hundreds of documents are generated weekly"...see what I mean? What I am trying to learn is how much of what you do weekly can be attributed to this issue, or could the issue be one that remains from whatever was done to that system be these "other users". Thanks!


Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#8 AzueroGeoffrey

AzueroGeoffrey
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 04 February 2014 - 02:43 PM

Alright, thanks! Now, as to your answer to question #1, can you remember what the results were (i.e. did you receive the system message that "Windows completed the disk check and found no problems")? If not, can you share with us what those results were? If you need guidance as to how you can find the results to that scan, please let us know and instructions will be provided. Yes, please let me know how to find the results of that scan.

 

Now...you mentioned that a "number of other users" have had access to that computer in the past which has me concerned about a couple things. Have you since then, shored up your security so that NONE of those other users can access that system? Have you spent time looking over that system to consider what software might not be of any use to YOU anymore, now that those "other users" are no longer relevant? Is this now a single user system of which you are the owner? The computer is a business computer that has had 1 previous user, though others sometimes use the copmuter as well. We are a very small NGO working in a rural setting and nobody on our team is computer saavy enough to intentionally infect one of our machines, as far as I know.

As to your shutdown issue, we will need to troubleshoot further. On your next reply, please address my several other questions above and let us know how old that system is and how much work (and kind) is done weekly...that is, your answer might be something like "five years old, and it's used to compile data using office software and perhaps hundreds of documents are generated weekly"...see what I mean? Bought in Jan of 2011, used to produce maybe 50 word and excel docs weekly and also utilizes GIS software (ArcGIS) daily. What I am trying to learn is how much of what you do weekly can be attributed to this issue, or could the issue be one that remains from whatever was done to that system be these "other users". Thanks! Thank you!



#9 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:05:51 PM

Posted 04 February 2014 - 04:14 PM

Click the start globe then type the word event into the "Search programs and files" box. The "Event Viewer" icon should appear at the top of the list returned in the search. Please click on the event viewer icon to open it.

When it opens, find the "Windows Logs" item in the left pane and double click there to expand it. Next, please right-click on the item labeled "Application" and select "Find". When the "find" search box opens, type or copy and paste the following into the "Find what" box, then click the Find Next button:
chkdsk

...your logs relating to your last chkdsk scan should appear. Please find the latest one, copy the data and paste it back here on your next reply.
 
By the way, please let us know if you noticed any difference in your icon switching issue since you've uninstalled one of those office suites. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#10 AzueroGeoffrey

AzueroGeoffrey
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 04 February 2014 - 04:47 PM

Data from the most recent chkdsk (July, 7 2013):

 

- <System>
  <Provider Name="Chkdsk" />
  <EventID Qualifiers="0">26214</EventID>
  <Level>4</Level>
  <Task>0</Task>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2013-07-17T14:37:39.000000000Z" />
  <EventRecordID>585268</EventRecordID>
  <Channel>Application</Channel>
  <Computer>azueroGIS</Computer>
  <Security />
  </System>
- <EventData>
  <Data>Checking file system on H: Volume label is HP v165w. CHKDSK is verifying files (stage 1 of 3)... 2176 file records processed. File verification completed. 0 large file records processed. 0 bad file records processed. 0 EA records processed. 0 reparse records processed. CHKDSK is verifying indexes (stage 2 of 3)... The multi-sector header signature for VCN 0x0 of index $I30 in file 0x4d7 is incorrect. 2d 42 48 0f 0c 37 9c 20 14 04 06 b4 00 21 88 a0 -BH..7 .....!  20 51 8a 02 80 80 80 04 28 1c c0 04 e2 12 09 a1 Q..(...â. ¡ Correcting error in index $I30 for file 1239. The index bitmap $I30 in file 0x4d7 is incorrect. Correcting error in index $I30 for file 1239. The down pointer of current index entry with length 0x80 is invalid. e8 04 00 00 00 00 01 00 80 00 68 00 01 00 00 00 è........h..... d7 04 00 00 00 00 01 00 49 00 c2 ce 91 1a ce 01 ........I...... 00 98 da f1 c2 a1 c6 01 73 bf c4 ce 91 1a ce 01 ..ñ.¡..s...... 49 00 c2 ce 91 1a ce 01 00 c0 11 00 00 00 00 00 I.............. 60 b9 11 00 00 00 00 00 20 00 00 00 00 00 00 00 `....... ....... 13 01 70 00 6d 00 61 00 5f 00 63 00 6d 00 62 00 ..p.m.a._.c.m.b. 5f 00 63 00 61 00 5f 00 6d 00 67 00 5f 00 6b 00 _.c.a._.m.g._.k. 2e 00 73 00 68 00 70 00 ff ff ff ff ff ff ff ff ..s.h.p.ÿÿÿÿÿÿÿÿ ea 04 00 00 00 00 01 00 78 00 5a 00 01 00 00 00 ê.......x.Z..... Sorting index $I30 in file 1239. 2400 index entries processed. Index verification completed. CHKDSK is scanning unindexed files for reconnect to their original directory. Recovering orphaned file log (1240) into directory file 1239. Recovering orphaned file metadata.htm (1241) into directory file 1239. Recovering orphaned file metadata.xml (1242) into directory file 1239. Recovering orphaned file Nivel.cal (1243) into directory file 1239. Recovering orphaned file pma_al.dbf (1244) into directory file 1239. Recovering orphaned file pma_al.prj (1245) into directory file 1239. Recovering orphaned file pma_al.shp (1246) into directory file 1239. Recovering orphaned file PMA_AL~1.XML (1247) into directory file 1239. Recovering orphaned file pma_al.shp.xml (1247) into directory file 1239. Recovering orphaned file pma_al.shx (1248) into directory file 1239. Recovering orphaned file pma_ca.dbf (1249) into directory file 1239. Recovering orphaned file pma_ca.prj (1250) into directory file 1239. Recovering orphaned file pma_ca.shp (1251) into directory file 1239. Recovering orphaned file PMA_CA~1.XML (1252) into directory file 1239. Recovering orphaned file pma_ca.shp.xml (1252) into directory file 1239. Recovering orphaned file pma_ca.shx (1253) into directory file 1239. Recovering orphaned file pma_cmb_ca_mg_k.dbf (1254) into directory file 1239. Recovering orphaned file pma_cmb_ca_mg_k.prj (1255) into directory file 1239. CHKDSK is recovering remaining unindexed files. CHKDSK is verifying security descriptors (stage 3 of 3)... The security data stream entry at offset 0x0 with length 0x74701417 crosses the page boundary. The security data stream entry at offset 0x0 with length 0x3e92f6b crosses the page boundary. Repairing the security file record segment. Deleting an index entry with Id 256 from index $SII of file 9. Deleting an index entry with Id 257 from index $SII of file 9. Deleting an index entry with Id 258 from index $SII of file 9. Deleting an index entry with Id 259 from index $SII of file 9. Deleting an index entry with Id 260 from index $SII of file 9. Deleting an index entry with Id 261 from index $SII of file 9. Deleting an index entry with Id 262 from index $SII of file 9. Deleting an index entry with Id 263 from index $SII of file 9. Deleting an index entry with Id 264 from index $SII of file 9. Deleting an index entry with Id 265 from index $SII of file 9. Deleting an index entry with Id 266 from index $SII of file 9. Deleting an index entry with Id 267 from index $SII of file 9. Deleting an index entry with Id 268 from index $SII of file 9. Deleting an index entry with Id 269 from index $SII of file 9. Deleting an index entry with Id 270 from index $SII of file 9. Deleting an index entry with Id 271 from index $SII of file 9. Deleting an index entry with Id 272 from index $SII of file 9. Deleting an index entry with Id 273 from index $SII of file 9. Deleting an index entry with Id 274 from index $SII of file 9. Deleting an index entry with Id 275 from index $SII of file 9. Deleting an index entry with Id 276 from index $SII of file 9. Deleting an index entry with Id 277 from index $SII of file 9. Deleting an index entry with Id 278 from index $SII of file 9. Deleting an index entry with Id 279 from index $SII of file 9. Deleting an index entry with Id 280 from index $SII of file 9. Deleting an index entry with Id 281 from index $SII of file 9. Deleting an index entry with Id 282 from index $SII of file 9. Deleting an index entry with Id 283 from index $SII of file 9. Deleting an index entry with Id 284 from index $SII of file 9. Deleting an index entry with Id 285 from index $SII of file 9. Deleting an index entry with Id 286 from index $SII of file 9. Deleting an index entry with Id 287 from index $SII of file 9. Deleting an index entry with Id 288 from index $SII of file 9. Deleting an index entry with Id 289 from index $SII of file 9. Deleting an index entry with Id 290 from index $SII of file 9. Deleting an index entry with Id 291 from index $SII of file 9. Deleting an index entry with Id 292 from index $SII of file 9. Deleting an index entry with Id 293 from index $SII of file 9. Deleting an index entry with Id 294 from index $SII of file 9. Deleting an index entry with Id 295 from index $SII of file 9. Deleting an index entry with Id 296 from index $SII of file 9. Deleting an index entry with Id 297 from index $SII of file 9. Deleting an index entry with Id 298 from index $SII of file 9. Deleting an index entry with Id 299 from index $SII of file 9. Deleting an index entry with Id 300 from index $SII of file 9. Deleting an index entry with Id 301 from index $SII of file 9. Deleting an index entry with Id 302 from index $SII of file 9. Deleting an index entry with Id 303 from index $SII of file 9. Deleting an index entry with Id 304 from index $SII of file 9. Deleting an index entry with Id 305 from index $SII of file 9. Deleting an index entry with Id 306 from index $SII of file 9. Deleting an index entry with Id 307 from index $SII of file 9. Deleting an index entry with Id 308 from index $SII of file 9. Deleting an index entry with Id 309 from index $SII of file 9. Deleting an index entry with Id 310 from index $SII of file 9. Deleting an index entry with Id 311 from index $SII of file 9. Deleting an index entry with Id 312 from index $SII of file 9. Deleting an index entry with Id 313 from index $SII of file 9. Deleting an index entry with Id 314 from index $SII of file 9. Deleting an index entry with Id 315 from index $SII of file 9. Deleting an index entry with Id 316 from index $SII of file 9. Deleting an index entry with Id 317 from index $SII of file 9. Deleting an index entry with Id 318 from index $SII of file 9. Deleting an index entry with Id 319 from index $SII of file 9. Deleting an index entry with Id 320 from index $SII of file 9. Deleting an index entry with Id 306 from index $SDH of file 9. Deleting an index entry with Id 260 from index $SDH of file 9. Deleting an index entry with Id 314 from index $SDH of file 9. Deleting an index entry with Id 275 from index $SDH of file 9. Deleting an index entry with Id 263 from index $SDH of file 9. Deleting an index entry with Id 261 from index $SDH of file 9. Deleting an index entry with Id 278 from index $SDH of file 9. Deleting an index entry with Id 281 from index $SDH of file 9. Deleting an index entry with Id 313 from index $SDH of file 9. Deleting an index entry with Id 258 from index $SDH of file 9. Deleting an index entry with Id 312 from index $SDH of file 9. Deleting an index entry with Id 311 from index $SDH of file 9. Deleting an index entry with Id 293 from index $SDH of file 9. Deleting an index entry with Id 271 from index $SDH of file 9. Deleting an index entry with Id 303 from index $SDH of file 9. Deleting an index entry with Id 272 from index $SDH of file 9. Deleting an index entry with Id 302 from index $SDH of file 9. Deleting an index entry with Id 290 from index $SDH of file 9. Deleting an index entry with Id 256 from index $SDH of file 9. Deleting an index entry with Id 257 from index $SDH of file 9. Deleting an index entry with Id 273 from index $SDH of file 9. Deleting an index entry with Id 284 from index $SDH of file 9. Deleting an index entry with Id 266 from index $SDH of file 9. Deleting an index entry with Id 262 from index $SDH of file 9. Deleting an index entry with Id 296 from index $SDH of file 9. Deleting an index entry with Id 280 from index $SDH of file 9. Deleting an index entry with Id 259 from index $SDH of file 9. Deleting an index entry with Id 317 from index $SDH of file 9. Deleting an index entry with Id 283 from index $SDH of file 9. Deleting an index entry with Id 268 from index $SDH of file 9. Deleting an index entry with Id 320 from index $SDH of file 9. Deleting an index entry with Id 289 from index $SDH of file 9. Deleting an index entry with Id 300 from index $SDH of file 9. Deleting an index entry with Id 316 from index $SDH of file 9. Deleting an index entry with Id 295 from index $SDH of file 9. Deleting an index entry with Id 279 from index $SDH of file 9. Deleting an index entry with Id 286 from index $SDH of file 9. Deleting an index entry with Id 292 from index $SDH of file 9. Deleting an index entry with Id 269 from index $SDH of file 9. Deleting an index entry with Id 264 from index $SDH of file 9. Deleting an index entry with Id 318 from index $SDH of file 9. Deleting an index entry with Id 315 from index $SDH of file 9. Deleting an index entry with Id 298 from index $SDH of file 9. Deleting an index entry with Id 291 from index $SDH of file 9. Deleting an index entry with Id 294 from index $SDH of file 9. Deleting an index entry with Id 297 from index $SDH of file 9. Deleting an index entry with Id 309 from index $SDH of file 9. Deleting an index entry with Id 304 from index $SDH of file 9. Deleting an index entry with Id 308 from index $SDH of file 9. Deleting an index entry with Id 307 from index $SDH of file 9. Deleting an index entry with Id 276 from index $SDH of file 9. Deleting an index entry with Id 282 from index $SDH of file 9. Deleting an index entry with Id 267 from index $SDH of file 9. Deleting an index entry with Id 305 from index $SDH of file 9. Deleting an index entry with Id 270 from index $SDH of file 9. Deleting an index entry with Id 288 from index $SDH of file 9. Deleting an index entry with Id 265 from index $SDH of file 9. Deleting an index entry with Id 319 from index $SDH of file 9. Deleting an index entry with Id 287 from index $SDH of file 9. Deleting an index entry with Id 285 from index $SDH of file 9. Deleting an index entry with Id 274 from index $SDH of file 9. Deleting an index entry with Id 277 from index $SDH of file 9. Deleting an index entry with Id 310 from index $SDH of file 9. Deleting an index entry with Id 299 from index $SDH of file 9. Deleting an index entry with Id 301 from index $SDH of file 9. Replacing invalid security id with default security id for file 0. Replacing invalid security id with default security id for file 1. Replacing invalid security id with default security id for file 2. Replacing invalid security id with default security id for file 6. Replacing invalid security id with default security id for file 8. Replacing invalid security id with default security id for file 9. Replacing invalid security id with default security id for file 11. Replacing invalid security id with default security id for file 24. Replacing invalid security id with default security id for file 25. Replacing invalid security id with default security id for file 26. Replacing invalid security id with default security id for file 27. Replacing invalid security id with default security id for file 29. Replacing invalid security id with default security id for file 30. Replacing invalid security id with default security id for file 31. Replacing invalid security id with default security id for file 32. Replacing invalid security id with default security id for file 33. Replacing invalid security id with default security id for file 34. Replacing invalid security id with default security id for file 35. Replacing invalid security id with default security id for file 36. Replacing invalid security id with default security id for file 37. Replacing invalid security id with default security id for file 38. Replacing invalid security id with default security id for file 39. Replacing invalid security id with default security id for file 40. Replacing invalid security id with default security id for file 41. Replacing invalid security id with default security id for file 42. Replacing invalid security id with default security id for file 43. Replacing invalid security id with default security id for file 44. Replacing invalid security id with default security id for file 45. Replacing invalid security id with default security id for file 46. Replacing invalid security id with default security id for file 47. Replacing invalid security id with default security id for file 48. Replacing invalid security id with default security id for file 49. Replacing invalid security id with default security id for file 50. Replacing invalid security id with default security id for file 51. Replacing invalid security id with default security id for file 52. Replacing invalid security id with default security id for file 53. Replacing invalid security id with default security id for file 54. Replacing invalid security id with default security id for file 55. Replacing invalid security id with default security id for file 56. Replacing invalid security id with default security id for file 57. Replacing invalid security id with default security id for file 58. Replacing invalid security id with default security id for file 59. Replacing invalid security id with default security id for file 60. Replacing invalid security id with default security id for file 61. Replacing invalid security id with default security id for file 62. Replacing invalid security id with default security id for file 63. Replacing invalid security id with default security id for file 64. Replacing invalid security id with default security id for file 65. Replacing invalid security id with default security id for file 66. Replacing invalid security id with default security id for file 67. Replacing invalid security id with default security id for file 68. Replacing invalid security id with default security id for file 69. Replacing invalid security id with default security id for file 70. Replacing invalid security id with default security id for file 71. Replacing invalid security id with default security id for file 72. Replacing invalid security id with default security id for file 73. Replacing invalid security id with default security id for file 74. Replacing invalid security id with default security id for file 75. Replacing invalid security id with default security id for file 76. Replacing invalid security id with default security id for file 77. Replacing invalid security id with default security id for file 78. Replacing invalid security id with default security id for file 79. Replacing invalid security id with default security id for file 80. Replacing invalid security id with default security id for file 81. Replacing invalid security id with default security id for file 82. Replacing invalid security id with default security id for file 83. Replacing invalid security id with default security id for file 84. Replacing</Data>
  <Binary>80080000ED050000DD080000000000000F000000000000000000000000000000</Binary>
  </EventData>
  </Event>

 



#11 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:05:51 PM

Posted 05 February 2014 - 03:35 AM

Hmmm...well...July isn't what I expected. You said a check of that disk was performed two weeks ago so I'm thinking it didn't complete??

 

Regardless, we need to do the following:

Click Start-->All Programs-->Accessories-->Command Prompt.
Right click on Command Prompt. On the pop-up context menu, select “Run as Administrator”.

When the command window opens, type or copy and paste the following command:

chkdsk /r C:

...then press the enter key.You'll be asked to schedule the check for the next reboot...answer yes, then reboot the computer. Wait for the scan to complete, then reboot the computer again. Post back your results. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#12 AzueroGeoffrey

AzueroGeoffrey
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 06 February 2014 - 08:58 AM

- <System>
  <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
  <EventID Qualifiers="16384">1001</EventID>
  <Version>0</Version>
  <Level>4</Level>
  <Task>0</Task>
  <Opcode>0</Opcode>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2014-02-05T19:47:22.000000000Z" />
  <EventRecordID>593484</EventRecordID>
  <Correlation />
  <Execution ProcessID="0" ThreadID="0" />
  <Channel>Application</Channel>
  <Computer>azueroGIS</Computer>
  <Security />
  </System>
- <EventData>
  <Data>Checking file system on C: The type of the file system is NTFS. Volume label is OS. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... Cleaning up instance tags for file 0x944. 583680 file records processed. File verification completed. 1634 large file records processed. 0 bad file records processed. 49962 EA records processed. 149 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 732638 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 583680 file SDs/SIDs processed. Cleaning up 1305 unused index entries from index $SII of file 0x9. Cleaning up 1305 unused index entries from index $SDH of file 0x9. Cleaning up 1305 unused security descriptors. Security descriptor verification completed. 74480 data files processed. CHKDSK is verifying Usn Journal... 35167568 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... 583664 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 138246026 free clusters processed. Free space verification is complete. Windows has made corrections to the file system. 963034111 KB total disk space. 409091992 KB in 495138 files. 242204 KB in 74481 indexes. 0 KB in bad sectors. 715807 KB in use by the system. 65536 KB occupied by the log file. 552984108 KB available on disk. 4096 bytes in each allocation unit. 240758527 total allocation units on disk. 138246027 allocation units available on disk. Internal Info: 00 e8 08 00 11 b1 08 00 88 ea 0e 00 00 00 00 00 ................ 29 09 00 00 95 00 00 00 00 00 00 00 00 00 00 00 )............... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts.</Data>
  </EventData>
  </Event>


#13 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:05:51 PM

Posted 06 February 2014 - 09:28 AM

Great. I see now we've made some corrections. I know it's only been minutes since your last posting but please let me ask... if you notice any improvement in system performance after any instruction given, DO mention it to us on the next posting.

 

Let's check the fragmentation on that disk now:

Please open a command prompt by clicking on the start globe, then selecting All Programs->Accessories...then right click on the "Command Prompt" and select Run as administrator. When the command prompt opens, copy and paste the following:
@echo off
defrag c:
@exit

...and your disk defragmentation will begin. Please do nothing with the computer while the defragmentation is underway. When completed, you will be shown the following message in the command prompt window:
The operation completed successfully

...and a post defrag report will be presented. The report will provide the volume size, free space, total fragmented space, and largest freespace size. Please copy that data to a notepad document or write it down somewhere so you can copy it and paste it into your next reply. After you have copied the date, you can close out the command prompt by simply pressing the enter key. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users