Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 has huge (several GB) file that can't be deleted?


  • This topic is locked This topic is locked
29 replies to this topic

#1 davidaosborne

davidaosborne

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 05 February 2014 - 10:35 AM

Hello.

I've been having issues with a virus/rootkit that we believed to have deleted, but still seems to be causing problems. Despite having 2.5GHZ of RAM, we continue to be encountering issues where programs are having to close. We're only running two programs, so there should be sufficient ram.

 

In addition, the harddrive should have a couple hundred gigs of space (there are very, very few programs installed) the space is down to 1.2 gigs. I believe I've found a large file in the CONTENT.IE5 folder that my virus scanners get hung up on for days and I can't seem to either find or delete it. I'll be standing by for any help you can provide. Thanks!



BC AdBot (Login to Remove)

 


#2 davidaosborne

davidaosborne
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 05 February 2014 - 11:05 AM

Oh, and here's the dds file.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16660
Run by Herotintwise at 9:47:38 on 2014-02-05
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1944.841 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.MATCHRITE\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\DYMO\DYMO Label Software\DLSService.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
C:\Windows\system32\SAsrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\HERO_SW\bin\MAIN\HERO_Main.exe
C:\HERO_SW\Bin\Main\Hero_TintWise.exe
C:\Program Files\Benjamin Moore & Co\ColorTech\ColoRx\ColoRx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://dell13-comm.msn.com
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [DymoQuickPrint] "c:\program files\dymo\dymo label software\DymoQuickPrint.exe" /startup
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DLSService] "c:\program files\dymo\dymo label software\DLSService.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{F149E9DB-3FD2-4612-86C8-8AE2991461A8} : DHCPNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{F9FD5B4D-D353-4A55-8227-60C288D9BCB6} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2012-2-2 458464]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\intel\intel® management engine components\dal\Jhi_service.exe [2012-12-21 161560]
R2 MSSQL$MATCHRITE;SQL Server (MATCHRITE);c:\program files\microsoft sql server\mssql10_50.matchrite\mssql\binn\sqlservr.exe [2010-4-3 42884448]
R2 SAService;Conexant SmartAudio service;c:\windows\system32\SASrv.exe [2012-12-21 446592]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-11-3 2367360]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2013-9-26 36624]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2012-12-21 363800]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-12-21 280576]
R3 MCHPUSB;MCHPUSB;c:\windows\system32\drivers\mchpusb.sys [2011-3-22 53760]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-12-21 46080]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-12-21 394856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2010-1-6 1500160]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2014-1-20 30976]
S3 netvsc;netvsc;c:\windows\system32\drivers\netvsc60.sys [2010-11-20 126464]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynthVid;SynthVid;c:\windows\system32\drivers\VMBusVideoM.sys [2010-11-20 19456]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2013-9-26 51792]
S3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2013-9-26 689416]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-2-20 1343400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
S4 SQLAgent$MATCHRITE;SQL Server Agent (MATCHRITE);c:\program files\microsoft sql server\mssql10_50.matchrite\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-01-20 13:03:57 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2014-01-20 13:02:18 -------- d-----w- c:\programdata\HitmanPro
.
==================== Find3M ====================
.
.
============= FINISH: 9:58:02.76 ===============

Attached Files

  • Attached File  dds.txt   8.76KB   6 downloads

Edited by Oh My, 10 February 2014 - 04:05 PM.
Log posted


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 AM

Posted 10 February 2014 - 10:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/523270 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:22 AM

Posted 10 February 2014 - 04:10 PM

Greetings davidaosborne and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this for me.

===================================================

ATF Cleaner by Atribune

--------------------
  • Download ATF Cleaner and save it to your desktop
  • Double-click ATF-Cleaner.exe
  • Under Main choose Select All
  • Uncheck cookies
  • Click the Empty Selected button
If you use Firefox web browser
  • Click Firefox at the top and choose: Select All
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Uncheck cookies
  • Click the Empty Selected button
If you use Opera web browser
  • Click Opera at the top and choose: Select All
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Uncheck cookies
  • Click the Empty Selected button
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure Addition.txt is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did ATF run properly?
  • Farbar logs (2)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 davidaosborne

davidaosborne
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 13 February 2014 - 11:32 AM

Yes, Farbar ran correctly. 

 

Here are the logs:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2014 01
Ran by Herotintwise at 2014-02-13 10:24:06
Running from C:\Users\Herotintwise\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) (Version: 11.0.04 - Adobe Systems Incorporated)
Benjamin Moore COLORx 6 (Version: 6.27.6000 - )
CCleaner (Version: 4.06 - Piriform)
ColorDesigner PLUS 1.0.0 (Version: 1.0.0 - X-Rite)
Conexant Audio Filter Agent (Version: 1.7.36.0 - Conexant Systems)
Conexant HD Audio (Version: 8.50.5.51 - Conexant)
Conexant SmartAudio (Version: 6.0.109.0 - Conexant Systems)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Client System Update (Version: 1.2.3 - Dell Inc.)
Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)
DYMO Label v.8 (Version: 8.2.2.996 - Sanford, L.P.)
DYMO LabelWriter Drivers (Version: 8.1.0.364 - Sanford L.P.)
HERO TintWise_POS 5.2.0.0 (Version: 5.2.0.0 - HERO Europe s.r.l.)
Intel® Management Engine Components (Version: 8.0.3.1427 - Intel Corporation)
Intel® Processor Graphics (Version: 8.15.10.2639 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.605.1 - Intel Corporation)
Java Auto Updater (Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 20 (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Native Client (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
PL-2303 USB-to-Serial (Version: 1.2.10 - Prolific Technology INC)
Realtek Ethernet Controller All-In-One Windows Driver (Version: 1.12.0019 - Realtek)
SQL Server 2008 R2 Common Files (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SUPERAntiSpyware (Version: 5.6.1032 - SUPERAntiSpyware.com)
TeamViewer 6 Host (Version: 6.0.11656 - TeamViewer GmbH)
Trend Micro AntiVirus (Version: 17.50 - Trend Micro Inc.)
Trend Micro AntiVirus (Version: 17.50 - Trend Micro Inc.) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
X-Rite Cixx Driver(silent) (Version: v0.3 - X-Rite, Inc.)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {18E1CF18-1731-4D51-8749-310DBDDCF069} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-27] (Google Inc.)
Task: {4CBD6CB9-89AA-44DB-B4DF-D4DE213BDACD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-27] (Google Inc.)
Task: {BAEAD2B6-B935-42C2-A016-91A00CE22EA8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {F2A41A85-0FE9-4BE2-943D-586D1253FD88} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-17] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-12-21 22:49 - 2012-02-01 12:34 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2010-05-10 21:52 - 2010-05-10 21:52 - 00094208 _____ () C:\Program Files\DYMO\DYMO Label Software\DYMO.Common.dll
2013-02-01 12:36 - 2010-09-30 19:02 - 00318464 _____ () C:\HERO_SW\bin\MAIN\HERO_Main.exe
2013-02-01 12:36 - 2010-09-24 17:01 - 00007680 _____ () C:\HERO_SW\bin\MAIN\HERO_Translater.dll
2013-02-01 12:36 - 2010-09-30 19:02 - 00121856 _____ () C:\HERO_SW\bin\MAIN\HERO_UpgradeUtilities.dll
2013-02-01 12:36 - 2010-06-11 13:09 - 00011776 _____ () C:\HERO_SW\bin\MAIN\HERO_ProcessManager.dll
2013-02-01 12:36 - 2010-09-30 19:01 - 00045056 _____ () C:\HERO_SW\bin\MAIN\HERO_Utilities.dll
2013-02-01 12:36 - 2010-08-17 18:17 - 00046592 _____ () C:\HERO_SW\bin\MAIN\HERO_License.dll
2013-02-01 12:36 - 2010-09-24 12:53 - 00007680 _____ () C:\HERO_SW\bin\MAIN\HERO_TranslaterUtilities.dll
2013-02-01 12:36 - 2010-09-24 15:32 - 00008704 _____ () C:\HERO_SW\Data\Translation\Starter\en\Translater.resources.dll
2013-02-01 12:36 - 2010-06-23 17:27 - 00006656 _____ () C:\HERO_SW\bin\MAIN\HERO_StarterUtilities.dll
2013-02-01 12:36 - 2010-06-23 17:27 - 00006656 _____ () C:\HERO_SW\Bin\Main\HERO_StarterUtilities.dll
2013-02-01 12:36 - 2010-08-17 18:17 - 00046592 _____ () C:\HERO_SW\Bin\Main\HERO_License.dll
2013-02-01 12:36 - 2009-12-02 17:21 - 00018432 _____ () C:\HERO_SW\bin\Dll\.NET\HERO_SAETModbusRedirector.dll
2013-02-01 12:36 - 2009-12-02 17:20 - 00142336 _____ () C:\HERO_SW\bin\Dll\.NET\HERO_MPUSBDrv.dll
2009-07-13 15:03 - 2009-07-13 19:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
2013-02-01 12:34 - 2013-06-20 13:43 - 03623424 _____ () C:\Program Files\Benjamin Moore & Co\ColorTech\ColoRx\ColoRx.exe
2013-02-01 12:34 - 2002-02-11 05:08 - 00061440 _____ () C:\Program Files\Benjamin Moore & Co\ColorTech\ColoRx\GMMathEngine.Dll
2013-02-01 12:34 - 2001-10-28 18:19 - 00151552 _____ () C:\Program Files\Benjamin Moore & Co\ColorTech\ColoRx\NWFrmEng.dll
2013-02-01 12:34 - 2001-09-12 14:50 - 00077824 _____ () C:\Program Files\Benjamin Moore & Co\ColorTech\ColoRx\NWPigEdt.dll
2013-02-01 12:34 - 2001-09-12 14:49 - 00413696 _____ () C:\Program Files\Benjamin Moore & Co\ColorTech\ColoRx\AssoEdit_M2.dll
2013-02-01 12:34 - 2001-09-12 14:50 - 00479232 _____ () C:\Program Files\Benjamin Moore & Co\ColorTech\ColoRx\GMUtils_M2.dll
2013-02-01 12:34 - 2001-09-12 14:50 - 01019904 _____ () C:\Program Files\Benjamin Moore & Co\ColorTech\ColoRx\SV_WIN32_M2.dll
2013-02-01 12:34 - 2001-09-12 14:49 - 00135168 _____ () C:\Program Files\Benjamin Moore & Co\ColorTech\ColoRx\GMDBLib_M2.dll
2013-02-01 12:34 - 2001-09-12 14:50 - 00200704 _____ () C:\Program Files\Benjamin Moore & Co\ColorTech\ColoRx\GMSPM_M2.dll
2013-02-01 12:34 - 2001-09-12 14:49 - 00286720 _____ () C:\Program Files\Benjamin Moore & Co\ColorTech\ColoRx\GMDBObj_M2.dll
2013-02-01 12:34 - 2001-09-12 14:50 - 00606208 _____ () C:\Program Files\Benjamin Moore & Co\ColorTech\ColoRx\RzptBase_M2.dll
2013-02-01 12:34 - 2001-09-12 14:50 - 00061440 _____ () C:\Program Files\Benjamin Moore & Co\ColorTech\ColoRx\GMUserad_M2.dll
2013-02-01 12:34 - 2013-11-04 08:47 - 01596928 ____R () C:\Program Files\Benjamin Moore & Co\ColorTech\Common\ColorLibrary.dll
2013-02-01 12:34 - 2011-11-07 09:58 - 07346016 ____R () C:\Program Files\Benjamin Moore & Co\ColorTech\Common\ColorRoutines.dll
2013-02-01 12:34 - 2011-04-15 08:39 - 01700352 ____R () C:\Program Files\Benjamin Moore & Co\ColorTech\Common\SpectroLib.dll
2013-02-01 12:34 - 2013-11-18 20:14 - 01565184 _____ () C:\Program Files\Benjamin Moore & Co\ColorTech\Common\DispenserLib.dll
2013-02-01 12:34 - 2013-04-22 09:23 - 02008064 ____R () C:\Program Files\Benjamin Moore & Co\ColorTech\ColoRx\POS\posTomax.dll
2013-02-01 12:34 - 2008-05-28 10:18 - 00952832 ____R () C:\Program Files\Benjamin Moore & Co\ColorTech\Common\Drivers\Dispensers\dpHeroTintWise_File.drv
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/05/2014 03:00:26 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume OS (C:) was not defragmented because an error was encountered: Not enough storage is available to complete this operation. (0x8007000E)
 
Error: (02/04/2014 09:07:23 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume OS (C:) was not defragmented because an error was encountered: Not enough storage is available to complete this operation. (0x8007000E)
 
Error: (01/28/2014 03:49:18 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b7756bb3-0380-44ab-a1a9-b2d61699372b}
 
Error: (01/25/2014 00:44:28 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume OS (C:) was not defragmented because an error was encountered: Not enough storage is available to complete this operation. (0x8007000E)
 
Error: (01/22/2014 09:18:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/20/2014 07:13:08 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/20/2014 07:07:38 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/20/2014 07:04:27 AM) (Source: Application Error) (User: )
Description: Faulting application name: HitmanPro.exe, version: 3.7.8.208, time stamp: 0x526fcfd0
Faulting module name: HitmanPro.exe, version: 3.7.8.208, time stamp: 0x526fcfd0
Exception code: 0x40000015
Fault offset: 0x00179000
Faulting process id: 0xbd0
Faulting application start time: 0xHitmanPro.exe0
Faulting application path: HitmanPro.exe1
Faulting module path: HitmanPro.exe2
Report Id: HitmanPro.exe3
 
Error: (01/20/2014 07:04:14 AM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of genuine ticket failed (hr=0x80072EE7) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f
 
Error: (01/20/2014 07:04:14 AM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details. 
hr=0x80072EE7
 
 
System errors:
=============
Error: (02/13/2014 04:18:38 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
 
Error: (02/12/2014 04:37:22 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
 
Error: (01/29/2014 10:04:45 AM) (Source: Service Control Manager) (User: )
Description: The Security Center service failed to start due to the following error: 
%%1079
 
Error: (01/29/2014 10:02:33 AM) (Source: Service Control Manager) (User: )
Description: The Security Center service failed to start due to the following error: 
%%1079
 
Error: (01/22/2014 11:14:31 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
 
Error: (01/22/2014 09:20:51 AM) (Source: Service Control Manager) (User: )
Description: The Security Center service failed to start due to the following error: 
%%1079
 
Error: (01/22/2014 09:18:40 AM) (Source: Service Control Manager) (User: )
Description: The Security Center service failed to start due to the following error: 
%%1079
 
Error: (01/22/2014 09:17:26 AM) (Source: Service Control Manager) (User: )
Description: The Security Center service failed to start due to the following error: 
%%1079
 
Error: (01/22/2014 09:17:22 AM) (Source: Service Control Manager) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Base Filtering Engine service which failed to start because of the following error: 
%%1058
 
Error: (01/22/2014 09:17:20 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: 
%%1058
 
 
Microsoft Office Sessions:
=========================
Error: (02/05/2014 03:00:26 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: OS (C:)Not enough storage is available to complete this operation. (0x8007000E)
 
Error: (02/04/2014 09:07:23 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: OS (C:)Not enough storage is available to complete this operation. (0x8007000E)
 
Error: (01/28/2014 03:49:18 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b7756bb3-0380-44ab-a1a9-b2d61699372b}
 
Error: (01/25/2014 00:44:28 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: OS (C:)Not enough storage is available to complete this operation. (0x8007000E)
 
Error: (01/22/2014 09:18:36 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/20/2014 07:13:08 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/20/2014 07:07:38 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/20/2014 07:04:27 AM) (Source: Application Error)(User: )
Description: HitmanPro.exe3.7.8.208526fcfd0HitmanPro.exe3.7.8.208526fcfd04000001500179000bd001cf15dfd97e878aE:\HitmanPro.exeE:\HitmanPro.exe641a3c67-81d3-11e3-aba9-7845c4355f18
 
Error: (01/20/2014 07:04:14 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EE766c92734-d682-4d71-983e-d6ec3f16059f
 
Error: (01/20/2014 07:04:14 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EE700010001(0x00000000, 07:04:14:196 - http://go.microsoft.com/fwlink/?LinkId=151642)
00020001(0x00000000, 07:04:14:274)
00030001(0x00000000, 07:04:14:274 - http://go.microsoft.com)
00030002(0x00000000, 07:04:14:274 - 0)
00040001(0x00000000, 07:04:14:274 - http://go.microsoft.com)
00040002(0x00000000, 07:04:14:274 - 1, <NULL>, <NULL>, <NULL>)
00040004(0x80072F94, 07:04:14:289 - <NULL>)
00040006(0x00000000, 07:04:14:289 - 1, http://go.microsoft.com, <NULL>, <local>)
00020005(0x00000000, 07:04:14:289 - 0)
00020007(0x80072EE7, 07:04:14:289)
00010002(0x80072EE7, 07:04:14:289 - <NULL>)
00010003(0x80072EE7, 07:04:14:289)
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 57%
Total physical RAM: 1944.07 MB
Available physical RAM: 826.55 MB
Total Pagefile: 1944.07 MB
Available Pagefile: 712.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.4 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:232.11 GB) (Free:1.82 GB) NTFS
Drive e: () (Removable) (Total:1.86 GB) (Free:1.85 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 3E0ABFCD)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 8B3908B2)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)
 
==================== End Of Log ============================
 
 
and here's the other one:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by Herotintwise (administrator) on HEROTINTWISE-PC on 13-02-2014 10:23:44
Running from C:\Users\Herotintwise\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Intel® Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10_50.MATCHRITE\MSSQL\Binn\sqlservr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sanford, L.P.) C:\Program Files\DYMO\DYMO Label Software\DLSService.exe
(Conexant Systems, Inc.) C:\Windows\system32\SAsrv.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Sanford, L.P.) C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\HERO_SW\bin\MAIN\HERO_Main.exe
(HERO) C:\HERO_SW\Bin\Main\Hero_TintWise.exe
() C:\Program Files\Benjamin Moore & Co\ColorTech\ColoRx\ColoRx.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [520320 2011-12-15] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-06-24] (Conexant Systems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [DLSService] - C:\Program Files\DYMO\DYMO Label Software\DLSService.exe [55808 2010-05-10] (Sanford, L.P.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [UfSeAgnt.exe] - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1020248 2010-01-26] (Trend Micro Inc.)
HKU\S-1-5-21-42404510-3256360588-848530467-1000\...\Run: [DymoQuickPrint] - C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe [1885512 2010-05-10] (Sanford, L.P.)
HKU\S-1-5-21-42404510-3256360588-848530467-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5703920 2013-08-14] (SUPERAntiSpyware)
HKU\S-1-5-21-42404510-3256360588-848530467-1000\...\MountPoints2: {f3080c46-7a0b-11e2-8304-7845c4355f18} - E:\LaunchU3.exe -a
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13-comm.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13-comm.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9B6E3629-75C9-4F94-85EF-ED95686D347D} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKCU - DefaultScope {9B6E3629-75C9-4F94-85EF-ED95686D347D} URL = 
SearchScopes: HKCU - {9B6E3629-75C9-4F94-85EF-ED95686D347D} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 68.94.156.1 68.94.157.1
 
========================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276248 2012-02-08] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [458464 2012-02-02] (Intel® Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 MSSQL$MATCHRITE; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MATCHRITE\MSSQL\Binn\sqlservr.exe [42884448 2010-04-03] (Microsoft Corporation)
R2 SAService; C:\Windows\system32\SAsrv.exe [446592 2010-11-19] (Conexant Systems, Inc.)
S2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [715440 2010-11-08] (Trend Micro Inc.)
S4 SQLAgent$MATCHRITE; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MATCHRITE\MSSQL\Binn\SQLAGENT.EXE [367456 2010-04-03] (Microsoft Corporation)
S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345352 2013-09-26] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [689416 2013-09-26] (Trend Micro Inc.)
S2 wuauserv; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-01-06] (Atheros Communications, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-01-20] ()
R3 MCHPUSB; C:\Windows\System32\DRIVERS\mchpusb.sys [53760 2007-12-19] (Microchip Technology, Inc.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-10] (Intel Corporation)
S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)
S4 RsFx0150; C:\Windows\System32\DRIVERS\RsFx0150.sys [240608 2010-04-03] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)
S3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [59472 2010-07-19] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [163408 2010-07-19] (Trend Micro Inc.)
S3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [51792 2010-07-19] (Trend Micro Inc.)
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [36624 2011-07-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [89872 2013-09-26] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [262416 2011-07-12] (Trend Micro Inc.)
U3 TrueSight; C:\Windows\system32\TrueSight.sys [26624 2013-09-28] ()
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [1405720 2011-07-12] (Trend Micro Inc.)
U3 mbr; \??\C:\Users\HEROTI~1\AppData\Local\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-13 10:23 - 2014-02-13 10:23 - 00008733 _____ () C:\Users\Herotintwise\Desktop\FRST.txt
2014-02-13 10:23 - 2014-02-13 10:23 - 00000000 ____D () C:\FRST
2014-02-13 10:23 - 2014-02-13 10:22 - 01141248 _____ (Farbar) C:\Users\Herotintwise\Desktop\FRST.exe
2014-02-13 10:22 - 2014-02-13 10:20 - 00050688 _____ (Atribune.org) C:\Users\Herotintwise\Desktop\ATF-Cleaner.exe
2014-02-11 12:40 - 2014-02-11 12:40 - 00008774 _____ () C:\Users\Herotintwise\Desktop\dds.txt
2014-02-11 12:40 - 2014-02-11 12:40 - 00004462 _____ () C:\Users\Herotintwise\Desktop\attach.txt
2014-02-05 09:47 - 2014-02-05 09:49 - 00688992 ____R (Swearware) C:\Users\Herotintwise\Desktop\dds.com
2014-01-20 07:03 - 2014-01-20 07:06 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-01-20 07:02 - 2014-01-20 07:09 - 00000000 ____D () C:\ProgramData\HitmanPro
 
==================== One Month Modified Files and Folders =======
 
2014-02-13 10:23 - 2014-02-13 10:23 - 00008733 _____ () C:\Users\Herotintwise\Desktop\FRST.txt
2014-02-13 10:23 - 2014-02-13 10:23 - 00000000 ____D () C:\FRST
2014-02-13 10:22 - 2014-02-13 10:23 - 01141248 _____ (Farbar) C:\Users\Herotintwise\Desktop\FRST.exe
2014-02-13 10:20 - 2014-02-13 10:22 - 00050688 _____ (Atribune.org) C:\Users\Herotintwise\Desktop\ATF-Cleaner.exe
2014-02-13 09:50 - 2013-09-27 07:45 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-13 09:36 - 2012-12-21 21:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-13 08:50 - 2013-09-27 07:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-11 12:40 - 2014-02-11 12:40 - 00008774 _____ () C:\Users\Herotintwise\Desktop\dds.txt
2014-02-11 12:40 - 2014-02-11 12:40 - 00004462 _____ () C:\Users\Herotintwise\Desktop\attach.txt
2014-02-05 09:51 - 2010-11-20 15:01 - 00870412 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-05 09:49 - 2014-02-05 09:47 - 00688992 ____R (Swearware) C:\Users\Herotintwise\Desktop\dds.com
2014-02-05 09:47 - 2013-10-02 08:09 - 00002998 _____ () C:\Windows\setupact.log
2014-01-28 15:59 - 2013-09-26 15:53 - 00000264 _____ () C:\Windows\ODBC.INI
2014-01-28 15:51 - 2013-02-01 12:34 - 00002091 _____ () C:\Users\Public\Desktop\Benjamin Moore COLORx 6.lnk
2014-01-22 09:24 - 2009-07-13 22:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-22 09:24 - 2009-07-13 22:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-22 09:17 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-01-20 07:09 - 2014-01-20 07:02 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-01-20 07:06 - 2014-01-20 07:03 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-08 00:55
 
==================== End Of Log ============================


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:22 AM

Posted 13 February 2014 - 01:26 PM

Greetings,

Thanks for the information. Can you confirm ATF (rather than Farbar) ran correctly?

Please run these for me.

===================================================

ListParts by Farbar for 64 bit Systems

--------------------
  • Please download ListParts64.exe (for 64 bit systems), or and save it to your desktop
  • Double click the icon to launch the program
  • Select Run
  • Place a checkmark in the List BCD box
  • Select Scan
  • Select OK and wait for a Result - Notepad document to open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9B6E3629-75C9-4F94-85EF-ED95686D347D} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKCU - DefaultScope {9B6E3629-75C9-4F94-85EF-ED95686D347D} URL = 
SearchScopes: HKCU - {9B6E3629-75C9-4F94-85EF-ED95686D347D} URL = 
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Please download and run Microsoft Fix it 50688 to fix a non-malware related technical issue with Windows.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ListParts log
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 davidaosborne

davidaosborne
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 13 February 2014 - 03:38 PM

My system is a 32-bit system (that 64bit link didn't work, but no worries, I found and downloaded the 32bit version of listparts!).

In response to your first question, it appeared as though both ATF-cleaner and FRST ran without any problems. 

I installed the microsoft fix it after I followed your instructions. Here are the two log files:

 

ListParts by Farbar Version: 20-10-2013
Ran by Herotintwise (administrator) on 13-02-2014 at 14:27:52
Windows 7 (X86)
Running From: C:\Users\Herotintwise\Desktop
Language: 0409
************************************************************
 
========================= Memory info ====================== 
 
Percentage of memory in use: 53%
Total physical RAM: 1944.07 MB
Available physical RAM: 909.3 MB
Total Pagefile: 1944.07 MB
Available Pagefile: 720.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1955.06 MB
 
======================= Partitions =========================
 
1 Drive c: (OS) (Fixed) (Total:232.11 GB) (Free:1.82 GB) NTFS
3 Drive e: () (Removable) (Total:1.86 GB) (Free:1.85 GB) FAT
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          232 GB  2048 KB         
  Disk 1    Online         1900 MB      0 B         
 
Partitions of Disk 0:
===============
 
Disk ID: 3E0ABFCD
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    OEM                 39 MB    31 KB
  Partition 2    Primary            752 MB    40 MB
  Partition 3    Primary            232 GB   792 MB
 
======================================================================================================
 
Disk: 0
Partition 1
Type  : DE
Hidden: Yes
Active: No
 
There is no volume associated with this partition.
 
======================================================================================================
 
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1         RECOVERY     NTFS   Partition    752 MB  Healthy    System (partition with boot components)  
 
======================================================================================================
 
Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   OS           NTFS   Partition    232 GB  Healthy    Boot    
 
======================================================================================================
 
Partitions of Disk 1:
===============
 
Disk ID: 8B3908B2
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           1899 MB    32 KB
 
======================================================================================================
 
Disk: 1
Partition 1
Type  : 06
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     E                FAT    Removable   1899 MB  Healthy            
 
======================================================================================================
============================== MBR Partition Table ==================
 
==============================
Partitions of Disk 0:
===============
Disk ID: 3E0ABFCD
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232 GB) - (Type=07 NTFS)
 
==============================
Partitions of Disk 1:
===============
Disk ID: 8B3908B2
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)
 
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {6f624ffc-4bf2-11e2-ac2f-7845c4355f18}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {6f624ffe-4bf2-11e2-ac2f-7845c4355f18}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {6f624ffc-4bf2-11e2-ac2f-7845c4355f18}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {6f624ffe-4bf2-11e2-ac2f-7845c4355f18}
device                  ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{6f624fff-4bf2-11e2-ac2f-7845c4355f18}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{6f624fff-4bf2-11e2-ac2f-7845c4355f18}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {6f624ffc-4bf2-11e2-ac2f-7845c4355f18}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {6f624fff-4bf2-11e2-ac2f-7845c4355f18}
description             Ramdisk Options
ramdisksdidevice        partition=\Device\HarddiskVolume2
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
****** End Of Log ****** 
 
and here is the second one:
 
ix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-02-2014 01
Ran by Herotintwise at 2014-02-13 14:29:30 Run:1
Running from C:\Users\Herotintwise\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9B6E3629-75C9-4F94-85EF-ED95686D347D} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKCU - DefaultScope {9B6E3629-75C9-4F94-85EF-ED95686D347D} URL = 
SearchScopes: HKCU - {9B6E3629-75C9-4F94-85EF-ED95686D347D} URL = 
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9B6E3629-75C9-4F94-85EF-ED95686D347D} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9B6E3629-75C9-4F94-85EF-ED95686D347D} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9B6E3629-75C9-4F94-85EF-ED95686D347D} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9B6E3629-75C9-4F94-85EF-ED95686D347D} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
 
==== End of Fixlog ====
 
Awaiting further instructions. Also, thanks so much for the response time, Gary! You've been a great help so far!!


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:22 AM

Posted 13 February 2014 - 03:53 PM

Can you tell me what size your hard drive is supposed to be? You say you should have a couple hundred gigabytes of free space but your drive capacity is showing:
 

Disk ID: 3E0ABFCD

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 752 MB 40 MB
Partition 3 Primary 232 GB 792 MB


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:22 AM

Posted 13 February 2014 - 03:54 PM

BTW thanks for hunting down the 32 bit version. :)
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 davidaosborne

davidaosborne
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 14 February 2014 - 08:55 AM

Yes, it should be 232GB. The current free space showing  is 1.25 GB. The reason this is ludicrous is because this computer is only used for work purposes and only has two programs installed on it.  



#11 davidaosborne

davidaosborne
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 14 February 2014 - 09:00 AM

Correction: Now I have 934 MB of free space. It's been fluctuating like this for a while, but it's never gone below 1 gig, and that's got me a little worried. Like I said, there's nowhere near that amount of data stored on that harddrive.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:22 AM

Posted 14 February 2014 - 10:13 AM

Thanks, I just wanted to make sure I was clear.

Please do this.

===================================================

WinDirStat

--------------------
  • Download WinDirStat and save it to your desktop
  • Double click the icon and select Run
  • Click I accept the terms in the License Agreement and click Next
  • Click Next then Install, then Next again
  • Click Close and the program will automatically launch
  • Click OK on the WinDirStat - Select Drives window
  • Monitor the Size category for any potential malicious entries/activities
  • Click the Refresh All icon as necessary to restart the monitoring
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 davidaosborne

davidaosborne
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 14 February 2014 - 10:45 AM

So far, the program has reached 3% and then stopped responding. Should it take several hours?

 

Also, I keep getting messages saying that the computer doesn't have enough memory and that programs will have to be closed. 

 

 

(Sigh)



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:22 AM

Posted 14 February 2014 - 11:18 AM

Please run the program while in Safe Mode.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 davidaosborne

davidaosborne
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 14 February 2014 - 01:57 PM

My computer will not allow me to boot in safe mode....






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users