Inactive Corrupt file errors & computer reboots about every 15 minutes without warning

Not2bashful

Not2bashful

Posts: 86   +0
Since 10-20-2014 my computer has been giving me error messages and then after 15-20 min it reboots without any warning. The error messages I keep getting state that certain files ( ehtray.exe, crashplantray.exe) are corrupt files. Then in the body of the error message it states on them all that the following file is the issue Roxio Shared\9.0\DLL Shared.

I updated and ran malwarebytes and here is a copy of the application log. After seeing other peoples logs I don't think this is the right log but not finding anything else for today's date in this section. Can you tell me if I copied the wrong thing?
Thanks.


Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 10/21/2014 10:14:29 AM, SYSTEM, LASHLEYHOME, Manual, Rootkit Database, 2014.8.21.1, 2014.10.20.1,
Update, 10/21/2014 10:14:42 AM, SYSTEM, LASHLEYHOME, Manual, Malware Database, 2014.9.8.10, 2014.10.21.6,
Update, 10/21/2014 10:25:34 AM, SYSTEM, LASHLEYHOME, Manual, Malware Database, 2014.10.21.6, 2014.10.21.7,

(end)
 
After reading the instructions again. I see that it says to copy to clipboard the scan log. The only logs that show up in my application logs are update logs. There are no scan logs available. Is there another way to find the scan logs?
 
The exact error message reads: The file or directory C;\Program Files\Common Files\Roxio Shared\ 9.0\DLLShared is corrupt and unreadable. Please run the chkdsk utility. I have ran the chkdsk utility and nothing ever changes after doing it. The body of the error message always states this same message but the top part always states another file is corrupt such as Crashplan Tray.exe- corrupt file or ehtray.exe - corrupt file.
 
I reran Malwarebytes and before it closed I copied the scan file since it doesn't seem to show up in the history later. Here is it:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/21/2014
Scan Time: 11:29:28 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.21.08
Rootkit Database: v2014.10.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Lashley Home

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 366769
Time Elapsed: 41 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 37
PUP.Optional.Extutil.A, C:\Users\Lashley Home\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, , [df78fd1a0478d85e4088de284ab9da26],
PUP.Optional.Managera.A, C:\Users\Lashley Home\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, , [b4a38a8d16666accd2f7ee18a3600af6],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\CacheIcons, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\AddedAppDialog, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\DefualtImages, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\DetectedAppDialog, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\EngineFirstTimeDialog, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\NewSearchProtectorDialog, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\NewSearchProtectorDialog\images, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\SearchProtectorBubbleDialog, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\SearchProtectorBubbleDialog\images, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\SearchProtectorDialog, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\SearchProtectorDialog\Images, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\SearchProtectorRetakeoverDialog, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\SearchProtectorRetakeoverDialog\Images, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\ToolbarFirstTimeDialog, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\ToolbarFirstTimeDialog\images, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\ToolbarUntrustedAppsApprovalDialog, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\UntrustedAddedAppDialog, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\UntrustedAppApprovalDialog, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\UntrustedAppPendingDialog, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\EmailNotifier, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\ExternalComponent, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Logs, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\MyStuffApps, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Repository, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061\DynamicDialogs, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061\ToolbarHiddenLogin, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061\ToolbarHiddenSettings, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061\ToolbarSettings, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Repository\conduit_CT3306061_en, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Repository\conduit_CT3306061_en\ToolbarTranslation, , [5ef9fb1c77053204c99d16ff56ad54ac],
PUP.Optional.WhiteSmoke.A, C:\Users\Lashley Home\AppData\LocalLow\WhiteSmoke_New, , [2c2b1502a0dc64d27ac2aa7032d1cd33],
PUP.Optional.WhiteSmoke.A, C:\Users\Lashley Home\AppData\LocalLow\WhiteSmoke_New\SearchInNewTab, , [2c2b1502a0dc64d27ac2aa7032d1cd33],

Files: 1
PUP.Optional.Bandoo.A, C:\Users\Lashley Home\Desktop\Old Firefox Data\u18v3ypd.default\extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}.xpi, , [acab8d8ac2baf442a59de055e1205ba5],

Physical Sectors: 0
(No malicious items detected)


(end)
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 4/28/2009 12:18:15 PM
System Uptime: 10/21/2014 11:20:55 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0C142H
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2003/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 4.909 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 3.149 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
V: is FIXED (FAT) - 0 GiB total, 0.03 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom 802.11n Network Adapter
Device ID: PCI\VEN_14E4&DEV_4328&SUBSYS_02261028&REV_03\FF4E002400
Manufacturer: Broadcom
Name: Broadcom 802.11n Network Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4328&SUBSYS_02261028&REV_03\FF4E002400
Service: BCM43XX
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: facap, FastAccess Video Capture
Device ID: ROOT\IMAGE\0001
Manufacturer: Sensible Vision
Name: facap, FastAccess Video Capture
PNP Device ID: ROOT\IMAGE\0001
Service: FACAP
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.3 (remove only)
7-Zip 9.20
ABC Amber BlackBerry Converter
AC3Filter (remove only)
Adblock Plus for IE (32-bit)
Adobe AIR
Adobe Digital Editions 2.0
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader XI
Adobe Shockwave Player 12.0
Adobe Shockwave Player 12.1
Advanced Audio FX Engine
Akamai NetSession Interface
Akamai NetSession Interface Service
Amazon Games & Software Downloader
Amazon Kindle
Amazon MP3 Downloader 1.0.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
ArcSoft Photo Book Screen Saver
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Brochures & Flyers
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Funhouse II
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
ArcSoft Print Creations - Poster Creator
ArcSoft Print Creations - Quick Photo Book
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft Print Creations ActiveX
ArcSoft RAW Thumbnail Viewer
ArcSoft Scan-n-Stitch Deluxe
ArcSoft Video Downloader
Audacity 1.3.12 (Unicode)
Audacity 2.0.5
Audible Download Manager
AudibleManager
Auslogics Duplicate File Finder
AVerMedia MCE Encoder x86 3.2.1.84
AVerMedia MiniCard Hybrid TV
AVSDK5
Banctec Service Agreement
Bing Maps 3D
Bing Rewards Client Installer
BitPim 1.0.6
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
Blackboard Collaborate Launcher
blinkx beat
Bonjour
Bonjour Print Services
BufferChm
C5500
Cards
Catalina Savings Printer
CCleaner
CDDRV_Installer
Clean Water Action TriMini Reminder by We-Care.com v5.0.2.2
Compatibility Pack for the 2007 Office system
Complete Care Business Service Agreement
Complete Care Consumer Service Agreement
Consumer In-Home Service Agreement
CopyTrans Suite Remove Only
CrashPlan
Creative MediaSource 5
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell Support Center
Dell System Detect
Dell Video Chat
Dell Webcam Central
Destination Component
DeviceDiscovery
DocProc
Documents To Go Desktop for iPhone
Dropbox
Duplicate Photo Cleaner
erLT
Eusing Free Registry Cleaner
Facebook Video Calling 1.2.0.287
FastAccess
FlipShare
Free M4a to MP3 Converter 8.1
Free YouTube to MP3 Converter Studio 8.2
Freemake Video Downloader
Gamers Unite! Snag Bar
Google Chrome
Google Drive
Google Earth
Google Update Helper
GoToAssist 8.0.0.514
GoToMeeting 5.3.0.1009
GPBaseService2
HitmanPro 3.7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 12.0
HP Imaging Device Functions 12.0
HP Photosmart C5500 All-In-One Driver Software 12.0 Rel .4
HP Photosmart Essential 3.5
HP Smart Web Printing
HP Solution Center 12.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
iCloud
iExplorer 3.3.2.1
iLivid
Integrated Webcam Driver (1.00.04.0603)
Intel(R) Graphics Media Accelerator Driver
iolo technologies' System Mechanic Professional
iPhone Backup Extractor
iTunes
iYogi Support Dock
Java 7 Update 60
Java Auto Updater
Java(TM) 6 Update 5
John Deere American Farmer Deluxe
KhalInstallWrapper
Legalsounds Download Manager
Live! Cam Avatar Creator
Logitech SetPoint
Luxor
LyricsFetcher v0.5.1
Macro Recorder 5.6.5
Malwarebytes Anti-Malware version 2.0.2.1012
MarketResearch
MediaButtons 1.0.1.4
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Default Manager
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MMI
MobileMe Control Panel
Motorola Driver Installation 4.2.0
Mozilla Firefox 31.0 (x86 en-US)
Mozilla Maintenance Service
Mp3 Editor Pro v2.2.1
MP3 Rocket
Mplayer 0.6.9
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netflix in Windows Media Center
NETGEAR USB Control Center
NirSoft IE PassView
Norton Internet Security
OCR Software by I.R.I.S. 12.0
OfficeSharedAddInSetup
OGA Notifier 2.0.0048.0
OverDrive Media Console
Photo Pos Pro
Photopos Toolbar
Photopos Toolbar (Remove Toolbar Only)
PS_AIO_04_C5500_Software_Min
QualXServ Service Agreement
QuickTime 7
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
RehanFX Shader Transitions and Effects (ShaderTFX)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Media Manager
Roxio Update Manager
Safari
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
SAMSUNG USB Driver for Mobile Phones
Scan
ScanSoft PaperPort Viewer 7.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2883013) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shop for HP Supplies
Skype Click to Call
Skype™ 6.3
Smart PDF Converter 6.3.0.485
SmartWebPrinting
SolutionCenter
Sony Picture Utility
Sound Blaster Audigy ADVANCED MB
Spybot - Search & Destroy
Stamps.com
Stamps.com Application Support for Microsoft Word 2000-2010
Stamps.com support for Microsoft Word 2000-2010
Status
SUPERAntiSpyware
swMSM
System Mechanic 14 Professional
TidySongs
Toolbox
Total Defense PC Tune-Up 4.0.0.5
TouchCopy 12
TrayApp
Trojan Killer
TuneUp 3.0.7.0
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Verizon Wireless Software Upgrade Assistant - Samsung
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC)
VoiceOver Kit
Vuze
WD My Cloud
WD Quick View
WD SmartWare
WD SmartWare Installer
WebReg
WeFi 4.0.0.16
WIDCOMM Bluetooth Software 6.1.0.4700
Windows 7 Upgrade Advisor
Windows Live ID Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
WinPcap 4.1.2
Wondershare Video Editor(Build 4.1.2)
Xilisoft iPhone SMS Backup
XPS One Tour
Xvid 1.2.2 final uninstall
Yahoo! BrowserPlus 2.9.8
Yahoo! Software Update
.
==== End Of File ===========================
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16584 BrowserJavaVersion: 10.60.2
Run by Lashley Home at 12:21:55 on 2014-10-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3292.1069 [GMT -6:00]
.
AV: System Shield *Enabled/Updated* {3030810C-E2AC-B12D-8BB1-B1B8C0193798}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: System Shield *Enabled/Updated* {8B5160E8-C496-BEA3-B101-8ACABB9E7D25}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe
C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe
C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iolo\System Mechanic Professional\iologovernor.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\System32\MediaButtons.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\DELLOSD.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\Lashley Home\AppData\Local\Apps\2.0\0XHOA97A.BN2\JWAD0JBN.M2J\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = Preserve
uProxyOverride = <-loopback>
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - c:\program files\adblock plus for ie\AdblockPlus32.dll
TB: Gamers Unite! Snag Bar: {25515A79-C1C7-4B97-97F8-31A711694487} - c:\program files\gamers unite! snag bar\Toolbar.dll
TB: Gamers Unite! Snag Bar: {25515A79-C1C7-4B97-97F8-31A711694487} - c:\program files\gamers unite! snag bar\Toolbar.dll
TB: Photopos Toolbar: {59509308-4e15-4619-8e8d-0154e1588cdd} - c:\program files\photopostb\photoposDx.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [DellSystemDetect] c:\users\lashley home\appdata\local\apps\2.0\0xhoa97a.bn2\jwad0jbn.m2j\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [MediaButtons] c:\windows\system32\MediaButtons.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [FATrayAlert] c:\program files\sensible vision\fast access\FATrayMon.exe
mRun: [FAStartup] <no file>
dRun: [Bomgar_Cleanup_ZD6620630358] cmd.exe /C rd /S /Q "c:\programdata\iyogi-scc-52411f96" & reg delete hkcu\software\microsoft\windows\currentversion\Run /v Bomgar_Cleanup_ZD6620630358 /f
dRun: [Bomgar_Cleanup_ZD15946410449] cmd.exe /C rd /S /Q "c:\programdata\bomgar-scc-0x53feb81d" & reg delete hkcu\software\microsoft\windows\currentversion\Run /v Bomgar_Cleanup_ZD15946410449 /f
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\crashp~1.lnk - c:\program files\crashplan\CrashPlanTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mediab~1.lnk - c:\windows\system32\MediaButtons.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - <orphaned>
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxps://secure.iolo.com/PURCHASE/WebResource.axd?d=PO7P-LiUBjyfGDiabIpF4fQExoDwbhOUWJ_W4YtJ_7kls_MShO2kWyWaeuTGxOJpZkbc1QaYKZxdi0XTIz9vutu_lVOhiFAz6nG6Ai_mtip3Vay2jcxaHSE2ukEZ70YimPNPDQ2&t=635424015650000000
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{18FFEC72-9D64-47EE-A7E4-F6907A56E528} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{A47B25DE-BCEE-4F80-A891-6AE810A37C1B} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{ADC23A46-8D93-4FFC-A1F8-9681BCA75B96} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{C313C20E-348F-40EA-BF45-3106AD24660E} : DHCPNameServer = 172.20.10.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: !SASWinLogon - <no file>
Notify: FastAccess - c:\program files\sensible vision\fast access\FALogNot.dll
Notify: GoToAssist - <no file>
Notify: igfxcui - igfxdev.dll
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - <orphaned>
LSA: Notification Packages = scecli FAPassSync
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.94\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lashley home\appdata\roaming\mozilla\firefox\profiles\66k5g7mv.default-1409941843299\
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\lashle~1\appdata\roaming\catali~2\npBcsKtTcHW.dll
FF - plugin: c:\users\lashley home\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\lashley home\appdata\roaming\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\drivers\amp.sys [2014-3-25 139528]
R2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\drivers\ampse.sys [2014-8-31 1386760]
R3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\drivers\AVerBDA716x.sys [2009-4-28 932864]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-4-28 29736]
R3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\drivers\cbfs3.sys [2013-7-19 299024]
S3 15699;15699;c:\windows\system32\drivers\15699 [2013-9-23 9072]
S3 19566;19566;c:\windows\system32\drivers\19566 [2013-9-23 9072]
S3 30677;30677;c:\windows\system32\drivers\30677 [2013-9-23 9072]
S3 31352;31352;c:\windows\system32\drivers\31352 [2013-9-24 9072]
S3 31506;31506;c:\windows\system32\drivers\31506 [2013-9-24 9072]
S3 32021;32021;c:\windows\system32\drivers\32021 [2013-9-23 9072]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-1-8 30312]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-10-16 09:18:52 81560 ----a-w- c:\windows\system32\mscories.dll
2014-10-16 09:18:52 156824 ----a-w- c:\windows\system32\mscorier.dll
2014-10-16 09:18:52 1131664 ----a-w- c:\windows\system32\dfshim.dll
2014-10-16 09:12:30 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-10-16 09:11:25 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2014-10-16 09:03:04 66560 ----a-w- c:\windows\system32\packager.dll
2014-10-08 02:32:13 -------- d-sh--w- C:\found.009
2014-10-01 20:44:05 -------- d-sh--w- C:\found.008
2014-09-27 19:59:40 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-24 09:01:33 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2014-10-21 17:27:38 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-19 22:44:32 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-09-19 22:38:15 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-09-19 22:37:34 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-09-19 22:36:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-09-19 22:35:46 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-09-19 22:34:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-09-19 22:34:22 11776 ----a-w- c:\windows\system32\mshta.exe
2014-09-02 01:15:06 18872 ----a-w- c:\windows\system32\drivers\SPPD.sys
2014-09-01 02:14:59 253176 ----a-w- c:\windows\Photo Pos Pro Uninstaller.exe
2014-08-28 03:24:14 74703 ----a-w- c:\windows\system32\mfc45.dat
2014-08-25 20:55:20 528384 ------w- c:\windows\system32\PosGRP.dll
2014-08-23 01:03:46 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-08-13 05:57:14 41616 ----a-w- c:\windows\system32\iolobtdfg.exe
2014-08-13 05:57:06 23568 ----a-w- c:\windows\system32\smrgdf.exe
2014-08-13 05:41:18 2097984 ----a-w- c:\windows\system32\Incinerator32.dll
2014-08-13 05:38:22 28256 ----a-w- c:\windows\system32\drivers\rawdsk3.sys
2014-08-13 05:35:16 118784 ----a-w- c:\windows\system32\iavlsp.dll
2014-08-13 05:35:14 9341 ----a-w- c:\windows\system32\drivers\filedisk.sys
2014-08-13 05:35:10 68464 ----a-w- c:\windows\system32\drivers\PDFsFilter.sys
2014-08-13 05:35:10 56200 ----a-w- c:\windows\system32\offreg.dll
2014-07-31 00:18:56 531496 ----a-w- c:\windows\system32\mcmpeg2mux.ax
2014-07-31 00:18:56 375848 ----a-w- c:\windows\system32\mcm2ve.ax
2014-07-31 00:18:56 257064 ----a-w- c:\windows\system32\mcl2ae.ax
2014-07-31 00:18:56 244776 ----a-w- c:\windows\system32\mcmpgaout.dll
2014-07-31 00:18:56 2140712 ----a-w- c:\windows\system32\mcmpgvout.004
2014-07-31 00:18:56 20520 ----a-w- c:\windows\system32\mcmpgvout.dll
2014-07-30 13:06:26 16128 ----a-w- c:\windows\system32\drivers\gtkdrv.sys
2014-07-28 20:52:00 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll
2014-07-28 20:52:00 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2014-07-25 08:35:46 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
.
============= FINISH: 12:27:30.12 ===============
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

redtarget.gif
Uninstall iolo technologies' System Mechanic Professional.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


redtarget.gif
System Mechanic comes with some weak AV program called System Shield.
I'd assume that it got uninstalled along with System Mechanic.
In that case you don't have any AV program running.
Install ONE of these:

- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
Note for Windows 8 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
You can keep it or you have to disable it before installing another AV program. How to...

- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

Update, run full scan, report on any findings.

Next...

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
 
I am working on these items this afternoon. Thanks so much for replying to me Broni. I will get my results to you as soon as I get them done.
 
Broni- sorry it took so long to reply. Last couple days has been computer hell for me. I can't get my computer to get past windows booting successfully. The user login screen just shows up as a black screen with a cursor. This time I can not get safe mode with networking to work either. I am just about to tears. Do you have any suggestions of what I could do to get the login screen to appear and windows desktop to load.
 
NOTE 1. Use another working computer to download Farbar Recovery Scan Tool. Use USB flash drive to transfer it from good computer to the bad one.
NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note:     Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Here's the FRST log. Thanks for helping me with this Broni. I am so frustrated! The spare computer I had has ended up with this same issue (instead of getting a log in screen it shows only black screen with white cursor. It will not go into safe mode. It is doing the EXACT same thing as my desktop that I am having you help me with. The only thing I know they have in common are.. I used Facebook while being on both computers and I had my iPhone that I was using as a hotspot via USB cable to each of them at the time they would shut off and rebooted without warning and then went into the black screen with cursor.) (Also my laptop never had issues with the corrupt file errors prior to do what it is doing. It was working great up until it shut off and rebooted) Could my iPhone have a virus or something and transferred it to the computer?) I will be opening up a new thread to get help with that computer. Thanks again Broni for everything.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2014
Ran by SYSTEM on MINWINPC on 27-10-2014 09:14:09
Running from G:\
Platform: Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool:
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM\...\Run: [MediaButtons] => C:\Windows\System32\MediaButtons.exe [2482176 2008-08-29] ()
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [446635 2008-06-03] (Creative Technology Ltd.)
HKLM\...\Run: [Dell DataSafe Online] => C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-07-07] ()
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [FATrayAlert] => C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe [98488 2011-04-23] (Sensible Vision )
HKLM\...\Run: [FAStartup] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-04] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [iolo Startup] => C:\Program Files\iolo\Common\Lib\ioloLManager.exe [4449528 2014-08-12] (iolo technologies, LLC)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
Winlogon\Notify\FastAccess: C:\Program Files\Sensible Vision\Fast Access\FALogNot.dll ()
HKU\Default\...\Run: [ooVoo] => C\ooVoo.exe /minimized
HKU\Default User\...\Run: [ooVoo] => C\ooVoo.exe /minimized
HKU\Kids\...\Policies\system: [LogonHoursAction] 2
HKU\Kids\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Lashley Home\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Lashley Home\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6692632 2014-10-06] (SUPERAntiSpyware)
HKU\Lashley Home\...\Run: [DellSystemDetect] => C:\Users\Lashley Home\AppData\Local\Apps\2.0\0XHOA97A.BN2\JWAD0JBN.M2J\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe [265280 2014-09-02] (Dell)
HKU\Lashley Home\...\Policies\system: [LogonHoursAction] 2
HKU\Lashley Home\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
BootExecute: autocheck smrgdf C:\Users\Lashley Home\AppData\Roaming\iolo\鐀༜鿰፥⺰Ǩ!ꮐፇĀĀϧ����†
GroupPolicyUsers\S-1-5-21-1298243350-4168526417-2768172632-1001\User: Group Policy restriction detected <======= ATTENTION
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 AERTFilters; C:\Windows\system32\AERTSrv.exe [81920 2008-07-15] (Andrea Electronics Corporation)
S3 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
S4 Amazon Download Agent; C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com)
S2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [152576 2012-08-16] (CrashPlan)
S4 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [72704 2009-04-28] (Creative Labs)
S3 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 2008-07-27] (Creative Technology Ltd)
S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation)
S4 FAService; C:\Program Files\Sensible Vision\Fast Access\FAService.exe [2412728 2011-04-23] (Sensible Vision )
S4 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [455944 2010-05-14] ()
S4 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-12-12] (Ellora Assets Corp.)
S2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-12] (iolo technologies, LLC)
S4 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.)
S4 MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [91392 2009-11-09] ()
S3 PCPitstop Scheduling; C:\Program Files\Total Defense\PCPitstopScheduleService.exe [86656 2013-01-24] (PC Pitstop LLC)
S3 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 SupportDockService.exe; C:\Program Files\iYogi Support Dock\Services\CommAgent\SupportDockService.exe [78336 2012-08-07] (iYogi Technical Services)
S2 vseamps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [97544 2014-03-25] (CYREN Inc.)
S2 vsedsps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [97544 2014-03-25] (CYREN Inc.)
S3 vseqrts; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [142600 2014-03-25] (CYREN Inc.)
S2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
S2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)
S4 WefiEngSvc; C:\Program Files\WeFi\WefiEngSvc.exe [120152 2010-09-06] (WeFi)
S2 DcomLaunch; %SystemRoot%\system32\rpcss.dll [X]
S2 RpcSs; %SystemRoot%\system32\rpcss.dll [X]
S3 sprtsvc_dellsupportcenter; No ImagePath
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 15699; C:\Windows\System32\DRIVERS\15699 [9072 2013-09-23] ()
S3 19566; C:\Windows\System32\DRIVERS\19566 [9072 2013-09-23] ()
S3 30677; C:\Windows\System32\DRIVERS\30677 [9072 2013-09-23] ()
S3 31352; C:\Windows\System32\DRIVERS\31352 [9072 2013-09-24] ()
S3 31506; C:\Windows\System32\DRIVERS\31506 [9072 2013-09-23] ()
S3 32021; C:\Windows\System32\DRIVERS\32021 [9072 2013-09-23] ()
S2 AMP; C:\Windows\system32\Drivers\amp.sys [139528 2014-03-25] (CYREN Inc.)
S2 AMPSE; C:\Windows\system32\Drivers\ampse.sys [1386760 2014-03-25] (CYREN Inc.)
S3 AVerBDA6x; C:\Windows\System32\DRIVERS\AVerBDA716x.sys [932864 2008-07-29] (AVerMedia TECHNOLOGIES, Inc.)
S3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
S3 DLXPDisplayName; C:\Windows\System32\DRIVERS\DLACPI.sys [14656 2008-04-27] ()
S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-09-18] (EldoS Corporation)
S3 FACAP; C:\Windows\System32\DRIVERS\facap.sys [232832 2008-09-24] (Sensible Vision )
S1 FileDisk; C:\Windows\System32\Drivers\FileDisk.sys [9341 2014-08-12] (iolo technologies, LLC (based on original work by Bo Brantén))
S1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [36040 2013-01-10] (AnchorFree Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
S2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
S3 OA003Ufd; C:\Windows\System32\DRIVERS\OA003Ufd.sys [144672 2008-07-29] (Creative Technology Ltd.)
S3 OA003Vid; C:\Windows\System32\DRIVERS\OA003Vid.sys [268736 2008-07-29] (Creative Technology Ltd.)
S2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2014-08-12] (Raxco Software, Inc.)
S1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [28256 2014-08-12] (EldoS Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-01-10] (Anchorfree Inc.)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16128 2014-07-30] (Windows (R) Win 7 DDK provider)
S3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-21] ()
S1 bpxutwlc; \??\C:\Windows\system32\drivers\bpxutwlc.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 kkduspht; \??\C:\Windows\system32\drivers\kkduspht.sys [X]
S3 NetgearUDSTcpBus; System32\Drivers\NetgearUDSTcpBus.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-27 09:14 - 2014-10-27 09:14 - 00000000 ____D () C:\FRST
2014-10-26 15:34 - 2014-10-26 15:34 - 00000000 __SHD () C:\found.010
2014-10-21 10:44 - 2014-10-21 10:44 - 00034808 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-10-21 10:44 - 2014-10-21 10:44 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-21 10:42 - 2014-10-21 10:42 - 00015028 _____ () C:\Users\Lashley Home\Documents\DDS 10-21-14.txt
2014-10-21 10:42 - 2014-10-21 10:42 - 00011744 _____ () C:\Users\Lashley Home\Documents\Attach 10-21-14.txt
2014-10-21 10:39 - 2014-10-21 10:39 - 15725144 _____ () C:\Users\Lashley Home\Downloads\RogueKiller.exe
2014-10-21 10:28 - 2014-10-21 10:28 - 00011744 _____ () C:\Users\Lashley Home\Desktop\attach.txt
2014-10-21 10:28 - 2014-10-21 10:27 - 00015028 _____ () C:\Users\Lashley Home\Desktop\dds.txt
2014-10-21 09:48 - 2014-10-21 09:48 - 00688992 ____R (Swearware) C:\Users\Lashley Home\Downloads\dds.com
2014-10-21 08:47 - 2014-10-21 08:47 - 00000385 _____ () C:\10-21-2014 Malware Database.txt
2014-10-21 08:47 - 2014-10-21 08:47 - 00000385 _____ () C:\10-21-2014 malware database 2.txt
2014-10-21 08:46 - 2014-10-21 08:46 - 00000385 _____ () C:\Users\Lashley Home\Desktop\10-21-2014 rootkit database.txt
2014-10-21 08:35 - 2014-10-21 08:35 - 00012991 ____H () C:\Users\Lashley Home\Documents\~WRL0005.tmp
2014-10-19 19:45 - 2014-10-19 19:46 - 06808688 _____ (ParetoLogic, Inc.) C:\Users\Lashley Home\Downloads\RegCureProSetup (1).exe
2014-10-19 18:56 - 2014-10-20 17:07 - 00002910 _____ () C:\Windows\PFRO.log
2014-10-16 22:32 - 2014-10-24 06:19 - 00155050 _____ () C:\Windows\WindowsUpdate.log
2014-10-16 22:31 - 2014-10-24 20:32 - 00000408 _____ () C:\Windows\System32\iolo.ini
2014-10-16 01:18 - 2014-06-15 14:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2014-10-16 01:18 - 2014-06-13 10:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\System32\mscorier.dll
2014-10-16 01:18 - 2014-06-13 10:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\System32\mscories.dll
2014-10-16 01:12 - 2014-09-27 15:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-10-16 01:11 - 2014-09-04 15:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fastfat.sys
2014-10-16 01:03 - 2014-09-16 08:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2014-10-15 22:45 - 2014-09-19 14:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-10-15 22:45 - 2014-09-19 14:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-10-15 22:45 - 2014-09-19 14:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-10-15 22:45 - 2014-09-19 14:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-10-15 22:45 - 2014-09-19 14:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-10-15 22:45 - 2014-09-19 14:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-10-15 22:45 - 2014-09-19 14:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-10-15 22:45 - 2014-09-19 14:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-10-15 22:45 - 2014-09-19 14:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-10-15 22:45 - 2014-09-19 14:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-10-15 22:45 - 2014-09-19 14:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-10-15 22:45 - 2014-09-19 14:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-10-15 22:45 - 2014-09-19 14:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-10-15 22:45 - 2014-09-19 14:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2014-10-15 22:45 - 2014-09-19 14:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-10-15 22:45 - 2014-09-19 14:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-10-15 22:45 - 2014-09-19 14:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-10-15 22:45 - 2014-09-19 14:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-10-15 22:45 - 2014-09-19 14:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2014-10-15 22:45 - 2014-09-19 14:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2014-10-15 22:45 - 2014-09-19 14:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-10-15 12:17 - 2014-10-15 12:18 - 00000000 ____D () C:\Users\Lashley Home\Documents\Mom's TextMessages Exported Oct 15 2014
2014-10-15 11:08 - 2014-10-15 11:08 - 00004602 _____ () C:\Users\Lashley Home\Downloads\download.CSV
2014-10-07 18:32 - 2014-10-07 23:51 - 00000000 __SHD () C:\found.009
2014-10-01 12:44 - 2014-10-01 16:58 - 00000000 __SHD () C:\found.008
2014-09-27 11:59 - 2014-09-27 12:01 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-26 16:14 - 2006-11-02 04:47 - 00436960 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-10-26 14:44 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\winevt
2014-10-24 20:36 - 2014-08-27 21:55 - 00000000 ____D () C:\ProgramData\ioloGovernor
2014-10-24 20:32 - 2014-08-31 01:17 - 00000392 _____ () C:\Windows\System32\iolo.ini.txt
2014-10-24 20:32 - 2006-11-02 04:47 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-24 20:32 - 2006-11-02 04:47 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-24 20:32 - 2006-11-02 04:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-23 10:06 - 2006-11-02 02:33 - 00777676 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-10-22 19:57 - 2011-05-10 09:33 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-22 16:08 - 2011-01-19 16:47 - 00000000 ____D () C:\Users\Lashley Home\AppData\Roaming\TuneUpMedia
2014-10-21 09:27 - 2014-08-27 22:15 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-10-21 09:25 - 2014-09-08 18:16 - 00008192 _____ () C:\Windows\System32\WDPABKP.dat
2014-10-21 08:40 - 2014-09-13 19:35 - 00000000 ____D () C:\Users\Lashley Home\AppData\Local\iLivid
2014-10-20 17:13 - 2012-09-23 11:48 - 00000000 ____D () C:\Program Files\CrashPlan
2014-10-19 12:08 - 2014-08-28 10:49 - 00000000 ____D () C:\Windows\System32\config\SM Registry Backup
2014-10-18 02:07 - 2009-09-19 20:19 - 00017312 _____ () C:\Users\Lashley Home\AppData\Roaming\wklnhst.dat
2014-10-16 22:26 - 2013-05-26 13:20 - 00000000 ____D () C:\Users\Lashley Home\Documents\registry backups
2014-10-16 22:19 - 2010-04-21 21:25 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-16 10:59 - 2009-04-28 10:17 - 00004268 _____ () C:\Windows\bthservsdp.dat
2014-10-16 02:18 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 01:23 - 2010-01-19 17:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-14 09:59 - 2011-01-19 16:47 - 00000000 ____D () C:\ProgramData\TuneUpMedia
2014-10-10 04:44 - 2010-04-21 21:35 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-10-01 12:34 - 2010-05-24 02:19 - 00001356 _____ () C:\Users\Lashley Home\AppData\Local\d3d9caps.dat
2014-10-01 11:51 - 2011-10-18 18:58 - 00000000 ____D () C:\Users\Lashley Home\Documents\My Scans
2014-10-01 06:44 - 2014-08-27 19:24 - 00000000 ____D () C:\ProgramData\iolo
2014-09-29 13:00 - 2010-01-11 19:27 - 00000000 ____D () C:\Windows\Minidump
2014-09-27 12:01 - 2014-08-12 03:43 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-27 12:01 - 2010-02-28 17:10 - 00000000 ____D () C:\Program Files\iTunes
2014-09-27 11:59 - 2010-01-15 20:23 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-27 10:58 - 2009-08-23 12:39 - 00000000 ____D () C:\users\Lashley Home
Files to move or delete:
====================
C:\ProgramData\hash.dat

Some content of TEMP:
====================
C:\Users\Lashley Home\AppData\Local\Temp\dllnt_dump.dll

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================

==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 3996.32 MB
Available physical RAM: 3392.73 MB
Total Pagefile: 3709.01 MB
Available Pagefile: 3495.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1959.48 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:3.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:0.04 GB) (Free:0.03 GB) FAT
Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:3.13 GB) NTFS
Drive f: (VISTA_SP1_HOMEPREMIUM) (CDROM) (Total:3.33 GB) (Free:0 GB) UDF
Drive g: (DISKGO) (Removable) (Total:31.23 GB) (Free:29.16 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: F4080ECE)
Partition 1: (Not Active) - (Size=39 MB) - (Type=06)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=283.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 31.3 GB) (Disk ID: 0812635C)
Partition 1: (Active) - (Size=31.2 GB) - (Type=0C)

LastRegBack: 2014-10-26 16:34
==================== End Of Log ============================
 
We do have some infection there and we also have one system file missing.
Both could cause booting issue.

Re-run FRST again.
Type the following in the edit box after "Search Files:".

rpcss.dll

Click Search button and post the log (Search.txt) it makes in your reply.
 
Farbar Recovery Scan Tool (x86) Version: 27-10-2014
Ran by SYSTEM at 2014-10-27 18:00:39
Running from G:\
Boot Mode: Recovery
================== Search: "rpcss.dll" ===================
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
[2009-08-24 15:12][2009-04-10 22:28] 0550400 ____A (Microsoft Corporation) 3B5B4D53FEC14F7476CA29A20CC31AC9
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
[2009-08-23 12:44][2009-03-02 20:32] 0551424 ____A (Microsoft Corporation) 4DFCBDEF3CCAA98F99038DED78945253
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
[2009-08-23 12:44][2009-03-02 20:39] 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
[2008-01-20 18:24][2008-01-20 18:24] 0547328 ____A (Microsoft Corporation) 33FB1F0193EE2051067441492D56113C
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll
[2009-08-23 12:44][2009-03-02 20:17] 0550400 ____A (Microsoft Corporation) B1BB45E24717A7F790B4411C4446EF5E
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
[2009-08-23 12:44][2009-03-02 20:19] 0549888 ____A (Microsoft Corporation) 7B981222A257D076885BFFB66F19B7CE
X:\Windows\System32\rpcss.dll
[2008-01-18 21:49][2008-01-18 23:36] 0547328 ____A (Microsoft Corporation) 33FB1F0193EE2051067441492D56113C
=== End Of Search ===
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

See if you can boot normally.
 

Attachments

  • fixlist.txt
    872 bytes · Views: 5
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
 

Attachments

  • fixlist.txt
    872 bytes · Views: 2
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-10-2014
Ran by SYSTEM at 2014-10-27 18:48:33 Run:1
Running from G:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
Replace: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll C:\Windows\System32\rpcss.dll
HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM\...\Run: [FAStartup] => [X]
GroupPolicyUsers\S-1-5-21-1298243350-4168526417-2768172632-1001\User: Group Policy restriction detected <======= ATTENTION
S3 sprtsvc_dellsupportcenter; No ImagePath
S1 bpxutwlc; \??\C:\Windows\system32\drivers\bpxutwlc.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 kkduspht; \??\C:\Windows\system32\drivers\kkduspht.sys [X]
S3 NetgearUDSTcpBus; System32\Drivers\NetgearUDSTcpBus.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\ProgramData\hash.dat
C:\Users\Lashley Home\AppData\Local\Temp\dllnt_dump.dll
*****************
Could not find C:\Windows\System32\rpcss.dll
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\UpdReg => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\FAStartup => value deleted successfully.
C:\Windows\System32\GroupPolicyUsers\S-1-5-21-1298243350-4168526417-2768172632-1001\User => Moved successfully.
C:\Windows\System32\GroupPolicy\GPT.ini => Moved successfully.
sprtsvc_dellsupportcenter => Service deleted successfully.
bpxutwlc => Service deleted successfully.
IpInIp => Service deleted successfully.
kkduspht => Service deleted successfully.
NetgearUDSTcpBus => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
C:\ProgramData\hash.dat => Moved successfully.
C:\Users\Lashley Home\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
==== End of Fixlog ====
 
No more black screen instead of log in screen.. Can you help me figure out what was causing the other issue that I originally was having?
 
I assume you were able to boot normally?

If so we need to run more scans because your computer was (is) seriously infected.

Re-run MBAM and post fresh log and then follow my reply #7
 
Yup I am running those now! (y)Yup I am replying to you from my all-in-one Dell Desktop that I originally started out using... Oh I appreciate what your doing.. Like I said I wish I could send more...
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
R
Solved Data Hijacking, Help Please
2
Replies
37
Views
5K
Broni
Broni
Nicki
Solved Must have picked up something... some COVID computer variant???
Replies
9
Views
3K
Broni
Broni

Latest posts

Back