Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus removed still have after effects


  • Please log in to reply
27 replies to this topic

#1 IH.MY.PC

IH.MY.PC

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 19 October 2012 - 06:59 AM

Had either S.M.A.R.T. HDD or Windows 7 Recovery Virus. Managed to remove virus but start menu folders are empty. Ran UNHIDE.EXE to bring them back and they are there untill restart and they are empty again. Don't kow what else to do.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:12 AM

Posted 19 October 2012 - 07:27 AM

If you have a restore point,try this to restore your startmenu programs

Right click on your startmenu-properties

Check mark

store and display recently opened programs
store and display recently items


Click on customize

Click on Use default settings at the bottom,click ok and apply

Now go to

c:\ProgramData\Microsoft\Windows

right click on startmenu folder,click on restore previous versions

Now select a snapshot before you were infected by the rogue,click on restore

You should get back the startmenu programs.

Check for rogue folders in startmenu after restore.You can delete them manually.

good luck

#3 IH.MY.PC

IH.MY.PC
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 19 October 2012 - 08:38 AM

That did not work it said had to have permission to preform this action. All the folders have little locks net to them. I am the only user on this computer and I am the administrator so I don't understand that at all. This is driving me crazy. I have been working on it for a week.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:12 AM

Posted 19 October 2012 - 08:56 AM

Press Windows+R key and type

%temp% and click ok

Do you have a folder called SMTMP?

#5 IH.MY.PC

IH.MY.PC
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 19 October 2012 - 09:05 AM

No I do not see one there.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:12 AM

Posted 19 October 2012 - 09:08 AM

Try a system restore before you were infected.We could check for malware after restoring the startmenu programs.

#7 IH.MY.PC

IH.MY.PC
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 19 October 2012 - 09:50 AM

Already did a system restore to no avail. What I can understand is unhide.exe will restore them all untill I do a reboot. I have ran all the virus and malware programs I can find and there is no longer an infection. Do you think it could be a leftover registry entry issue?

On the system restore I went back as far as possible. So I am at a loss.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:12 AM

Posted 19 October 2012 - 09:54 AM

. What I can understand is unhide.exe will restore them all untill I do a reboot


Can you explain this?

Do you say that UNHIDE is able to restore it but it goes missing again after reboot?

UNHIDE tool can only unhide the files.It cannot restore the startmenu programs.

#9 IH.MY.PC

IH.MY.PC
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 19 October 2012 - 10:08 AM

Yes when I run unhide the start folders show the contents, then when I reboot the start folders say (empty) under them untill I run unhide again.

Don't know if this is related but when I goto to the folders for those programs under My Computer and check there properties they don't have a check mark in read only they have a blue block no check.

But yes when i run unhide startmenu folders show there contents and work.

Edited by IH.MY.PC, 19 October 2012 - 10:09 AM.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:12 AM

Posted 19 October 2012 - 10:10 AM

Lets run some scans to make sure system is clean

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#11 IH.MY.PC

IH.MY.PC
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 19 October 2012 - 01:22 PM

Here is the information you ask for:


MA
13:19:41.0410 4824 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:19:41.0412 4824 seclogon - ok
13:19:41.0434 4824 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:19:41.0436 4824 SENS - ok
13:19:41.0451 4824 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:19:41.0453 4824 SensrSvc - ok
13:19:41.0468 4824 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
13:19:41.0469 4824 Serenum - ok
13:19:41.0473 4824 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
13:19:41.0474 4824 Serial - ok
13:19:41.0482 4824 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:19:41.0483 4824 sermouse - ok
13:19:41.0505 4824 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:19:41.0507 4824 SessionEnv - ok
13:19:41.0518 4824 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:19:41.0519 4824 sffdisk - ok
13:19:41.0525 4824 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:19:41.0526 4824 sffp_mmc - ok
13:19:41.0532 4824 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:19:41.0533 4824 sffp_sd - ok
13:19:41.0547 4824 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:19:41.0548 4824 sfloppy - ok
13:19:41.0579 4824 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:19:41.0585 4824 SharedAccess - ok
13:19:41.0602 4824 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:19:41.0606 4824 ShellHWDetection - ok
13:19:41.0618 4824 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
13:19:41.0619 4824 SiSRaid2 - ok
13:19:41.0629 4824 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:19:41.0630 4824 SiSRaid4 - ok
13:19:41.0649 4824 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:19:41.0651 4824 Smb - ok
13:19:41.0673 4824 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:19:41.0675 4824 SNMPTRAP - ok
13:19:41.0685 4824 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:19:41.0686 4824 spldr - ok
13:19:41.0711 4824 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:19:41.0714 4824 Spooler - ok
13:19:41.0784 4824 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:19:41.0799 4824 sppsvc - ok
13:19:41.0812 4824 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:19:41.0814 4824 sppuinotify - ok
13:19:41.0834 4824 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:19:41.0836 4824 srv - ok
13:19:41.0843 4824 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:19:41.0845 4824 srv2 - ok
13:19:41.0850 4824 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:19:41.0851 4824 srvnet - ok
13:19:41.0876 4824 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:19:41.0878 4824 SSDPSRV - ok
13:19:41.0889 4824 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:19:41.0890 4824 SstpSvc - ok
13:19:41.0904 4824 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
13:19:41.0905 4824 stexstor - ok
13:19:41.0941 4824 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:19:41.0951 4824 stisvc - ok
13:19:42.0001 4824 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
13:19:42.0002 4824 stllssvr - ok
13:19:42.0017 4824 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:19:42.0018 4824 swenum - ok
13:19:42.0030 4824 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:19:42.0035 4824 swprv - ok
13:19:42.0069 4824 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:19:42.0077 4824 SysMain - ok
13:19:42.0090 4824 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:19:42.0092 4824 TabletInputService - ok
13:19:42.0115 4824 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:19:42.0121 4824 TapiSrv - ok
13:19:42.0139 4824 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:19:42.0143 4824 TBS - ok
13:19:42.0166 4824 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:19:42.0182 4824 Tcpip - ok
13:19:42.0203 4824 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:19:42.0211 4824 TCPIP6 - ok
13:19:42.0224 4824 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:19:42.0225 4824 tcpipreg - ok
13:19:42.0247 4824 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:19:42.0248 4824 TDPIPE - ok
13:19:42.0256 4824 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:19:42.0257 4824 TDTCP - ok
13:19:42.0269 4824 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:19:42.0270 4824 tdx - ok
13:19:42.0286 4824 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:19:42.0287 4824 TermDD - ok
13:19:42.0307 4824 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:19:42.0311 4824 TermService - ok
13:19:42.0340 4824 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:19:42.0342 4824 Themes - ok
13:19:42.0356 4824 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:19:42.0358 4824 THREADORDER - ok
13:19:42.0376 4824 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:19:42.0379 4824 TrkWks - ok
13:19:42.0406 4824 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:19:42.0407 4824 TrustedInstaller - ok
13:19:42.0420 4824 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:19:42.0421 4824 tssecsrv - ok
13:19:42.0433 4824 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:19:42.0435 4824 TsUsbFlt - ok
13:19:42.0445 4824 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
13:19:42.0445 4824 TsUsbGD - ok
13:19:42.0463 4824 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:19:42.0464 4824 tunnel - ok
13:19:42.0479 4824 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:19:42.0480 4824 uagp35 - ok
13:19:42.0495 4824 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:19:42.0499 4824 udfs - ok
13:19:42.0517 4824 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:19:42.0519 4824 UI0Detect - ok
13:19:42.0539 4824 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:19:42.0539 4824 uliagpkx - ok
13:19:42.0563 4824 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:19:42.0564 4824 umbus - ok
13:19:42.0579 4824 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
13:19:42.0580 4824 UmPass - ok
13:19:42.0601 4824 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:19:42.0605 4824 upnphost - ok
13:19:42.0622 4824 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
13:19:42.0623 4824 usbccgp - ok
13:19:42.0653 4824 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:19:42.0654 4824 usbcir - ok
13:19:42.0670 4824 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:19:42.0671 4824 usbehci - ok
13:19:42.0681 4824 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:19:42.0683 4824 usbhub - ok
13:19:42.0698 4824 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:19:42.0698 4824 usbohci - ok
13:19:42.0709 4824 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
13:19:42.0710 4824 usbprint - ok
13:19:42.0720 4824 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:19:42.0720 4824 USBSTOR - ok
13:19:42.0734 4824 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:19:42.0734 4824 usbuhci - ok
13:19:42.0747 4824 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:19:42.0749 4824 UxSms - ok
13:19:42.0760 4824 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:19:42.0761 4824 VaultSvc - ok
13:19:42.0773 4824 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:19:42.0774 4824 vdrvroot - ok
13:19:42.0802 4824 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:19:42.0808 4824 vds - ok
13:19:42.0823 4824 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:19:42.0824 4824 vga - ok
13:19:42.0833 4824 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:19:42.0833 4824 VgaSave - ok
13:19:42.0851 4824 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:19:42.0852 4824 vhdmp - ok
13:19:42.0858 4824 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:19:42.0859 4824 viaide - ok
13:19:42.0862 4824 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:19:42.0864 4824 volmgr - ok
13:19:42.0871 4824 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:19:42.0874 4824 volmgrx - ok
13:19:42.0880 4824 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:19:42.0884 4824 volsnap - ok
13:19:42.0901 4824 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:19:42.0902 4824 vsmraid - ok
13:19:42.0920 4824 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:19:42.0928 4824 VSS - ok
13:19:42.0962 4824 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:19:42.0963 4824 vwifibus - ok
13:19:42.0986 4824 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:19:42.0986 4824 vwififlt - ok
13:19:42.0994 4824 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:19:42.0997 4824 W32Time - ok
13:19:43.0025 4824 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:19:43.0025 4824 WacomPen - ok
13:19:43.0029 4824 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:19:43.0030 4824 WANARP - ok
13:19:43.0033 4824 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:19:43.0034 4824 Wanarpv6 - ok
13:19:43.0094 4824 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:19:43.0103 4824 WatAdminSvc - ok
13:19:43.0130 4824 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:19:43.0152 4824 wbengine - ok
13:19:43.0171 4824 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:19:43.0174 4824 WbioSrvc - ok
13:19:43.0180 4824 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:19:43.0183 4824 wcncsvc - ok
13:19:43.0191 4824 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:19:43.0193 4824 WcsPlugInService - ok
13:19:43.0208 4824 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
13:19:43.0209 4824 Wd - ok
13:19:43.0258 4824 [ 9C6CADA6CBA8A88AB2C7C9C4EDFA5304 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
13:19:43.0261 4824 WDDMService - ok
13:19:43.0287 4824 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:19:43.0296 4824 Wdf01000 - ok
13:19:43.0352 4824 [ F1361E91BC6E118A6ED0480BA60EAB39 ] WDFME C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
13:19:43.0361 4824 WDFME - ok
13:19:43.0381 4824 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:19:43.0383 4824 WdiServiceHost - ok
13:19:43.0385 4824 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:19:43.0387 4824 WdiSystemHost - ok
13:19:43.0402 4824 [ ADC618715CC7DB1E35D847DBC6557046 ] WDSC C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
13:19:43.0404 4824 WDSC - ok
13:19:43.0427 4824 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:19:43.0431 4824 WebClient - ok
13:19:43.0441 4824 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:19:43.0445 4824 Wecsvc - ok
13:19:43.0458 4824 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:19:43.0460 4824 wercplsupport - ok
13:19:43.0480 4824 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:19:43.0481 4824 WerSvc - ok
13:19:43.0504 4824 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:19:43.0505 4824 WfpLwf - ok
13:19:43.0533 4824 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
13:19:43.0535 4824 WimFltr - ok
13:19:43.0553 4824 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:19:43.0555 4824 WIMMount - ok
13:19:43.0567 4824 WinDefend - ok
13:19:43.0577 4824 WinHttpAutoProxySvc - ok
13:19:43.0629 4824 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:19:43.0632 4824 Winmgmt - ok
13:19:43.0694 4824 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:19:43.0727 4824 WinRM - ok
13:19:43.0771 4824 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:19:43.0775 4824 Wlansvc - ok
13:19:43.0806 4824 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:19:43.0806 4824 wlcrasvc - ok
13:19:43.0882 4824 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:19:43.0901 4824 wlidsvc - ok
13:19:43.0914 4824 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:19:43.0914 4824 WmiAcpi - ok
13:19:43.0938 4824 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:19:43.0941 4824 wmiApSrv - ok
13:19:43.0970 4824 WMPNetworkSvc - ok
13:19:43.0990 4824 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:19:43.0993 4824 WPCSvc - ok
13:19:44.0017 4824 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:19:44.0020 4824 WPDBusEnum - ok
13:19:44.0036 4824 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:19:44.0038 4824 ws2ifsl - ok
13:19:44.0054 4824 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:19:44.0058 4824 wscsvc - ok
13:19:44.0062 4824 WSearch - ok
13:19:44.0105 4824 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:19:44.0125 4824 wuauserv - ok
13:19:44.0159 4824 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:19:44.0160 4824 WudfPf - ok
13:19:44.0164 4824 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:19:44.0165 4824 WUDFRd - ok
13:19:44.0178 4824 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:19:44.0180 4824 wudfsvc - ok
13:19:44.0196 4824 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:19:44.0200 4824 WwanSvc - ok
13:19:44.0258 4824 [ BB0049F8A5BD76FE045BC64D19FE10EA ] XCPSPWD C:\Program Files\Xerox Office Printing\PrintingScout\XCPWDN.EXE
13:19:44.0260 4824 XCPSPWD - ok
13:19:44.0268 4824 [ 540862CED0FB8F6516C37E4A6F2570B4 ] XCPSSDB C:\Program Files\Xerox Office Printing\PrintingScout\XCSDBN.EXE
13:19:44.0271 4824 XCPSSDB - ok
13:19:44.0286 4824 ================ Scan global ===============================
13:19:44.0311 4824 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:19:44.0334 4824 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
13:19:44.0343 4824 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
13:19:44.0374 4824 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:19:44.0397 4824 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:19:44.0401 4824 [Global] - ok
13:19:44.0402 4824 ================ Scan MBR ==================================
13:19:44.0419 4824 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
13:19:44.0670 4824 \Device\Harddisk0\DR0 - ok
13:19:44.0670 4824 ================ Scan VBR ==================================
13:19:44.0672 4824 [ 07BE7E762A90AB95D90C2305411AB237 ] \Device\Harddisk0\DR0\Partition1
13:19:44.0673 4824 \Device\Harddisk0\DR0\Partition1 - ok
13:19:44.0702 4824 [ 84CB1F17F73ECA442EC32E20B2F381D9 ] \Device\Harddisk0\DR0\Partition2
13:19:44.0704 4824 \Device\Harddisk0\DR0\Partition2 - ok
13:19:44.0704 4824 ============================================================
13:19:44.0704 4824 Scan finished
13:19:44.0704 4824 ============================================================
13:19:44.0715 4524 Detected object count: 0
13:19:44.0715 4524 Actual detected object count: 0
13:22:00.0854 3256 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-19 13:38:38
-----------------------------
13:38:38.521 OS Version: Windows x64 6.1.7601 Service Pack 1
13:38:38.521 Number of processors: 4 586 0x2A07
13:38:38.522 ComputerName: DESKTOP1-PC UserName: Desktop1
13:38:40.051 Initialize success
13:38:40.108 AVAST engine defs: 12101900
13:38:48.913 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:38:48.916 Disk 0 Vendor: WDC_WD10EALX-759BA1 19.01H19 Size: 953869MB BusType: 3
13:38:48.940 Disk 0 MBR read successfully
13:38:48.942 Disk 0 MBR scan
13:38:48.944 Disk 0 Windows VISTA default MBR code
13:38:48.952 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
13:38:48.958 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15166 MB offset 81920
13:38:48.973 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938662 MB offset 31141888
13:38:49.008 Disk 0 scanning C:\Windows\system32\drivers
13:38:54.581 Service scanning
13:39:03.666 Modules scanning
13:39:03.677 Disk 0 trace - called modules:
13:39:03.705 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
13:39:03.711 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800656f060]
13:39:03.718 3 CLASSPNP.SYS[fffff880018a043f] -> nt!IofCallDriver -> [0xfffffa80062c49b0]
13:39:03.727 5 ACPI.sys[fffff88000f867a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80062c9060]
13:39:04.934 AVAST engine scan C:\Windows
13:39:07.568 AVAST engine scan C:\Windows\system32
13:40:29.225 AVAST engine scan C:\Windows\system32\drivers
13:40:34.467 AVAST engine scan C:\Users\Desktop1
13:42:08.982 AVAST engine scan C:\ProgramData
13:42:27.426 Scan finished successfully
13:45:00.998 Disk 0 MBR has been saved successfully to "C:\Users\Desktop1\Desktop\MBR.dat"
13:45:01.002 The log file has been saved successfully to "C:\Users\Desktop1\Desktop\aswMBR.txt"


The ESET scanner said no threats found

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:12 AM

Posted 19 October 2012 - 01:27 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#13 IH.MY.PC

IH.MY.PC
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 19 October 2012 - 01:35 PM

I will do that a.s.a.p. I am just out of time for right now. Is that O.K?

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:12 AM

Posted 19 October 2012 - 01:40 PM

:thumbup2:

#15 IH.MY.PC

IH.MY.PC
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 20 October 2012 - 06:54 PM

here is the resiults the last scan would not run.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.20.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Desktop1 :: DESKTOP1-PC [administrator]

10/20/2012 6:52:56 PM
mbam-log-2012-10-20 (18-52-56).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 328098
Time elapsed: 36 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MiniToolBox by Farbar Version: 23-07-2012
Ran by Desktop1 (administrator) on 20-10-2012 at 18:54:18
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Dell Wireless 1502 802.11b/g/n = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=192.168.1.1 publish=Yes
add address name="Local Area Connection" address=192.168.1.106 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Desktop1-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.pa.comcast.net.

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.pa.comcast.net.
Description . . . . . . . . . . . : Dell Wireless 1502 802.11b/g/n
Physical Address. . . . . . . . . : 38-59-F9-41-39-F4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6986:debd:cf22:e426%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, October 20, 2012 6:50:20 PM
Lease Expires . . . . . . . . . . : Sunday, October 21, 2012 6:50:20 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 238574073
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-13-EE-79-F0-4D-A2-FA-7C-FC
DNS Servers . . . . . . . . . . . : 75.75.76.76
75.75.75.75
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : F0-4D-A2-FA-7C-FC
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B22FA4FE-E6A9-47EB-B970-8FDBD93FA7DD}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns02.comcast.net
Address: 75.75.76.76

Name: google.com
Addresses: 2607:f8b0:4006:800::1004
74.125.226.227
74.125.226.228
74.125.226.232
74.125.226.233
74.125.226.226
74.125.226.225
74.125.226.238
74.125.226.230
74.125.226.229
74.125.226.231
74.125.226.224


Pinging google.com [74.125.226.229] with 32 bytes of data:
Reply from 74.125.226.229: bytes=32 time=24ms TTL=53
Reply from 74.125.226.229: bytes=32 time=24ms TTL=53

Ping statistics for 74.125.226.229:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 24ms, Maximum = 24ms, Average = 24ms
Server: cdns02.comcast.net
Address: 75.75.76.76

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 98.139.183.24
98.138.253.109
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=173ms TTL=50
Reply from 98.139.183.24: bytes=32 time=111ms TTL=50

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 111ms, Maximum = 173ms, Average = 142ms
Server: cdns02.comcast.net
Address: 75.75.76.76

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...38 59 f9 41 39 f4 ......Dell Wireless 1502 802.11b/g/n
11...f0 4d a2 fa 7c fc ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.103 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.103 281
192.168.1.103 255.255.255.255 On-link 192.168.1.103 281
192.168.1.255 255.255.255.255 On-link 192.168.1.103 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.103 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.103 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 281 fe80::/64 On-link
13 281 fe80::6986:debd:cf22:e426/128
On-link
1 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/20/2012 06:50:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2012 02:21:29 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/19/2012 02:21:29 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/19/2012 01:47:41 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/19/2012 01:47:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/19/2012 09:31:29 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16450, time stamp: 0x503723f6
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc00000fd
Fault offset: 0x0003a6c7
Faulting process id: 0x3a0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (10/19/2012 09:23:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2012 09:06:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2012 07:07:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2012 06:52:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/20/2012 06:48:46 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFS

Error: (10/19/2012 00:59:04 PM) (Source: DCOM) (User: Desktop1-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Desktop1-PCDesktop1S-1-5-21-1746446590-2693402077-1048777437-1001LocalHost (Using LRPC)

Error: (10/19/2012 00:59:04 PM) (Source: DCOM) (User: Desktop1-PC)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Desktop1-PCDesktop1S-1-5-21-1746446590-2693402077-1048777437-1001LocalHost (Using LRPC)

Error: (10/19/2012 00:46:00 PM) (Source: DCOM) (User: Desktop1-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Desktop1-PCDesktop1S-1-5-21-1746446590-2693402077-1048777437-1001LocalHost (Using LRPC)

Error: (10/19/2012 00:46:00 PM) (Source: DCOM) (User: Desktop1-PC)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Desktop1-PCDesktop1S-1-5-21-1746446590-2693402077-1048777437-1001LocalHost (Using LRPC)

Error: (10/19/2012 00:14:21 PM) (Source: DCOM) (User: Desktop1-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Desktop1-PCDesktop1S-1-5-21-1746446590-2693402077-1048777437-1001LocalHost (Using LRPC)

Error: (10/19/2012 00:14:21 PM) (Source: DCOM) (User: Desktop1-PC)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Desktop1-PCDesktop1S-1-5-21-1746446590-2693402077-1048777437-1001LocalHost (Using LRPC)

Error: (10/19/2012 00:03:13 PM) (Source: DCOM) (User: Desktop1-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Desktop1-PCDesktop1S-1-5-21-1746446590-2693402077-1048777437-1001LocalHost (Using LRPC)

Error: (10/19/2012 00:03:13 PM) (Source: DCOM) (User: Desktop1-PC)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Desktop1-PCDesktop1S-1-5-21-1746446590-2693402077-1048777437-1001LocalHost (Using LRPC)

Error: (10/19/2012 11:13:28 AM) (Source: DCOM) (User: Desktop1-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Desktop1-PCDesktop1S-1-5-21-1746446590-2693402077-1048777437-1001LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (10/20/2012 06:50:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2012 02:21:29 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Desktop1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1X15DLF\esetsmartinstaller_enu.exe

Error: (10/19/2012 02:21:29 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Desktop1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1X15DLF\esetsmartinstaller_enu.exe

Error: (10/19/2012 01:47:41 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Desktop1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1X15DLF\esetsmartinstaller_enu.exe

Error: (10/19/2012 01:47:28 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Desktop1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1X15DLF\esetsmartinstaller_enu.exe

Error: (10/19/2012 09:31:29 AM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.16450503723f6ntdll.dll6.1.7601.177254ec49b8fc00000fd0003a6c73a001cdadfe09cef100C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\ntdll.dll493bdfba-19f1-11e2-b312-f04da2fa7cfc

Error: (10/19/2012 09:23:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2012 09:06:18 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2012 07:07:41 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2012 06:52:52 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

ABBYY FineReader 11 (Version: 11.0.275)
Adobe AIR (Version: 2.6.0.19120)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Reader X (10.1.4) MUI (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
avast! Free Antivirus (Version: 7.0.1466.0)
Avery Wizard 4.0 (Version: 4.0.103)
Blio (Version: 2.3.7140)
CCleaner (Version: 3.23)
Conexant HD Audio (Version: 8.50.4.0)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler (Version: 2.11)
Dell Edoc Viewer (Version: 1.0.0)
DirectX 9 Runtime (Version: 1.00.0000)
GoToMeeting 4.8.0.723 (Version: 4.8.0.723)
Intel® Processor Graphics (Version: 8.15.10.2291)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 24 (64-bit) (Version: 6.0.240)
Java™ 6 Update 26 (Version: 6.0.260)
Junk Mail filter update (Version: 15.4.3502.0922)
Lackner Pa InheriTax v7 (Version: 7.0.144)
LANDEX Remote (Version: 3.3.3)
LogMeIn (Version: 4.1.2138)
LogMeIn (Version: 4.1.2504)
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Web Publishing Wizard 1.52
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
PhotoShowExpress (Version: 2.0.063)
PlayReady PC Runtime x86 (Version: 1.3.0)
QualxServ Service Agreement (Version: 2.0.0)
RBVirtualFolder64Inst (Version: 1.00.0000)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio Burn (Version: 1.8)
Roxio Creator Starter (Version: 1.0.439)
Roxio Creator Starter (Version: 12.1.77.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Shared C Run-time for x64 (Version: 10.0.0)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
swMSM (Version: 12.0.0.1)
The Print Shop 21 (Version: 21.00.0000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
WD SmartWare (Version: 1.4.2.5)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Xerox Phaser 6180MFP Utilities Ver.1.2.0.0 (Version: 1.2.0.0)
Xerox PrintingScout (Version: )
Zinio Reader 4 (Version: 4.2.4164)

========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 6056.63 MB
Available physical RAM: 4244.52 MB
Total Pagefile: 12111.45 MB
Available Pagefile: 10054.42 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.2 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:871.89 GB) NTFS

========================= Users: ========================================

User accounts for \\DESKTOP1-PC

Administrator ASPNET Desktop1
Guest

========================= Restore Points ==================================

18-10-2012 12:25:08 Scheduled Checkpoint
19-10-2012 13:14:20 avast! Free Antivirus Setup
19-10-2012 13:25:35 avast! Free Antivirus Setup

**** End of log ****

Farbar Service Scanner Version: 19-10-2012
Ran by Desktop1 (administrator) on 20-10-2012 at 18:56:43
Running from "C:\Users\Desktop1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6W4FQGHR"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

# AdwCleaner v2.005 - Logfile created 10/20/2012 at 19:43:22
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Desktop1 - DESKTOP1-PC
# Boot Mode : Normal
# Running from : C:\Users\Desktop1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1X15DLF\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [935 octets] - [20/10/2012 19:43:22]

########## EOF - C:\AdwCleaner[S1].txt - [994 octets] ##########

Junkware Removale tool won't run. I disabled avast but still would not run.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users