Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems with Browsers not starting


  • This topic is locked This topic is locked
4 replies to this topic

#1 crASHed

crASHed

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:04:11 PM

Posted 23 November 2012 - 08:50 PM

Hello,

Suddenly, I am no longer able to open any web browsers and in the ones that are still open, I can no longer reach a website. This is a new problem. This issue disappears for a little while once I restart the computer. Thank you for your help.

crASHed

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_23
Run by Flo at 19:43:23 on 2012-11-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.5549 [GMT -6:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Flo\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
C:\Users\Flo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\SpywareGuard\sgbhp.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Flo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Flo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Flo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Flo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.charter.net/
uURLSearchHooks: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\bh\zonealarm.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\zonealarmTlbr.dll
TB: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "C:\Users\Flo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Amazon Cloud Drive] C:\Users\Flo\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Flo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Flo\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Flo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYWAR~1.LNK - C:\Program Files (x86)\SpywareGuard\sgmain.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMAZON~1.LNK - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: NameServer = 24.177.176.38 71.92.29.130 24.217.201.67
TCP: Interfaces\{2FA8D418-BE55-4EF9-B7CF-0A1C03F0A0BC} : DHCPNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
TCP: Interfaces\{2FA8D418-BE55-4EF9-B7CF-0A1C03F0A0BC}\E6564777F627B6 : DHCPNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
x64-Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\afl4doc2.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Users\Flo\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: 2012-10-31 07:45; mwaddonclient@mwaddon.com; C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\afl4doc2.default\extensions\mwaddonclient@mwaddon.com
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.zonealarm.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.zonealarm.autoRvrt - true
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN112495956482175-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=08fb23e0000000000000ac811277425a&q=
FF - user.js: extensions.zonealarm.id - 08fb23e0000000000000ac811277425a
FF - user.js: extensions.zonealarm.instlDay - 15437
FF - user.js: extensions.zonealarm.vrsn - 1.5.20.3
FF - user.js: extensions.zonealarm.vrsni - 1.5.20.3
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.20.312:18:08
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1600
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN112495956482175-1600
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-7-21 75904]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-7-21 38016]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-4-7 27760]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-21 203264]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-4-7 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-4-7 110032]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-6-13 792512]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-4-7 98848]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-3-16 33672]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-3-16 827520]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-7-21 1127448]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-5-18 1153368]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-7-21 1041760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-21 412776]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-7-21 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2012-2-24 2000760]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2011-10-9 19936]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2011-10-9 13280]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-10 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-11-23 23:24:04 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B586AF84-D393-4B93-B11C-4413BE2C2345}\mpengine.dll
2012-11-19 22:22:46 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2012-11-15 09:07:26 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-15 09:07:26 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-15 09:07:26 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-15 09:07:26 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-14 10:52:58 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
.
==================== Find3M ====================
.
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-10 04:33:07 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 04:33:07 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 19:44:00.82 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:11 PM

Posted 24 November 2012 - 07:11 AM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 crASHed

crASHed
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:04:11 PM

Posted 26 November 2012 - 01:53 PM

Thank you. I want to add that I had forgotten that I still needed to do a restart to have Zone Alarm completed. I did what you told me to do, then did a restart and after this restart, Zone Alarm was fully functioning. So, I don't know if I should run the scan again, now that Zone Alarm is one of the programs.

Here is the scan:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2012
Ran by SYSTEM at 26-11-2012 12:42:44
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20]

(Hewlett-Packard)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2782096 2010-07-25] (CANON

INC.)
HKLM\...\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" [1127592 2012-11-02]

(Check Point Software Technologies)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

[102400 2010-05-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-

08] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete

Inc)
HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1213848

2010-09-14] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX

\CNMNSST.exe /FORCE [452016 2010-09-09] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552

2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [393640 2011

-11-30] ()
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira

Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03]

(Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

[1111432 2012-10-16] (Spigot, Inc.)
HKLM-x32\...\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [73392 2012-11-19] (Check

Point Software Technologies LTD)
HKU\Flo\...\Run: [Google Update] "C:\Users\Flo\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-10]

(Google Inc.)
HKU\Flo\...\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [6065784 2012-04-27] (SlySoft, Inc.)
HKU\Flo\...\Run: [Amazon Cloud Drive] C:\Users\Flo\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe [646528

2012-11-12] ()
HKU\Flo\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17877168 2012-11-09]

(Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 24.177.176.38 71.92.29.130 24.217.201.67
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma

Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe

(Amazon.com)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft

Corporation)
Startup: C:\Users\Flo\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Flo\Start Menu\Programs\Startup\SpywareGuard.lnk
ShortcutTarget: SpywareGuard.lnk -> C:\Program Files (x86)\SpywareGuard\sgmain.exe ()

==================== Services (Whitelisted) ===================

2 ADVService; "C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe" [25704 2011-11-23]

(Amazon.com)
2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-05-08] (Avira

Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-05-08] (Avira Operations

GmbH & Co. KG)
2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
2 IswSvc; "C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe" [827560 2012-11-02] (Check Point Software

Technologies)
3 MediaMall Server; "C:\Program Files (x86)\MediaMall\MediaMallServer.exe" [2000760 2012-02-24] (MediaMall

Technologies, Inc.)
2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -service [2447440 2012-11-19] (Check Point Software

Technologies LTD)

==================== Drivers (Whitelisted) =====================

3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138360 2012-03-26] (SlySoft, Inc.)
3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138360 2012-03-26] (SlySoft, Inc.)
2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132832 2012-05-08] (Avira GmbH)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
2 ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-02] (Check Point Software

Technologies)
3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2010-04-29] (MediaMall Technologies, Inc.)
3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [19936 2011-09-02] ()
3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [13280 2011-09-02] ()
1 Vsdatant; C:\Windows\System32\Drivers\Vsdatant.sys [450136 2012-11-01] (Check Point Software Technologies LTD)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-26 09:39 - 2012-11-26 10:09 - 00000000 ____D C:\NEWHERFGIS
2012-11-24 14:21 - 2012-11-24 15:44 - 00026112 ____A C:\Users\Flo\Documents\Backup of Othello.wbk
2012-11-24 12:30 - 2012-11-24 12:30 - 00415815 ____A C:\Windows\System32\Drivers\vsconfig.xml
2012-11-24 12:30 - 2012-11-24 12:30 - 00000762 ____A C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2012-11-24 12:28 - 2012-11-24 12:28 - 02201896 ____A (Check Point Software Technologies LTD) C:\Users\Flo

\Downloads\zafwSetupWeb_110_000_020.exe
2012-11-24 12:23 - 2012-11-24 12:23 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar
2012-11-24 12:23 - 2012-11-24 12:23 - 00000000 ____D C:\Program Files (x86)\Application Updater
2012-11-24 12:18 - 2012-11-24 12:18 - 00000000 ____D C:\Users\Flo\Documents\ForceField Shared Files
2012-11-23 17:44 - 2012-11-23 17:44 - 00023253 ____A C:\Users\Flo\Desktop\dds.txt
2012-11-23 17:44 - 2012-11-23 17:44 - 00008677 ____A C:\Users\Flo\Desktop\attach.txt
2012-11-23 17:42 - 2012-11-23 17:42 - 00688992 ____R (Swearware) C:\Users\Flo\Downloads\dds.com
2012-11-23 17:28 - 2012-11-23 17:28 - 01402880 ____A C:\Users\Flo\Downloads\HiJackThis.msi
2012-11-23 17:25 - 2012-11-23 17:25 - 00240092 ____A C:\Users\Flo\Downloads\Othello (German Edition).azw
2012-11-23 17:22 - 2012-11-23 17:22 - 00201084 ____A C:\Users\Flo\Downloads\Othello.azw
2012-11-23 17:22 - 2012-11-23 17:22 - 00201084 ____A C:\Users\Flo\Downloads\Othello (1).azw
2012-11-22 09:24 - 2012-11-22 09:24 - 00000352 ____A C:\Users\Flo\Desktop\walmart.txt
2012-11-19 14:24 - 2012-11-19 14:24 - 00002187 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2012-11-19 14:22 - 2012-11-19 14:22 - 00000000 ____D C:\Users\All Users\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2012-11-15 08:21 - 2012-11-15 08:21 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Avira
2012-11-15 08:15 - 2012-11-15 08:15 - 00000000 ____D C:\Users\Sabrina\Documents\ForceField Shared Files
2012-11-15 08:15 - 2012-11-15 08:15 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\CheckPoint
2012-11-15 01:07 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers

\Wdf01000.sys
2012-11-15 01:07 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-15 01:07 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-15 01:07 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers

\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-15 01:02 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-15 01:02 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-15 01:02 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-15 01:02 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-15 01:02 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-15 01:02 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-15 01:02 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-15 01:02 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-15 01:02 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-15 01:02 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-15 01:02 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-15 01:01 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-15 01:01 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-15 01:01 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-15 01:01 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-15 01:01 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-15 01:01 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-15 01:01 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-15 01:01 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-15 01:01 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-15 01:01 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-15 01:01 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-15 01:01 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-15 01:01 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-15 01:01 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-15 01:01 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-15 01:01 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-15 01:01 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-15 01:01 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-15 01:01 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-15 01:01 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-15 01:01 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-15 01:01 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-15 01:01 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-15 01:01 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-15 01:01 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-15 01:01 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows

\System32\WUDFCoinstaller.dll
2012-11-15 01:01 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-15 01:01 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-15 01:01 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers

\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-14 02:52 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-14 02:52 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-14 02:52 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-14 02:52 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-14 02:52 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-14 02:52 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-14 02:52 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-14 02:52 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-14 02:52 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-14 02:52 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-14 02:52 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-14 02:52 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-14 02:52 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-14 02:52 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-14 02:52 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-14 02:52 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers

\tcpipreg.sys
2012-11-14 02:52 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-14 02:52 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-14 02:52 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-12 08:46 - 2012-11-12 09:00 - 00000000 ____D C:\Users\Flo\Desktop\PICS u doc von leo 12112012
2012-11-10 08:52 - 2012-11-10 09:12 - 00026624 ____A C:\Users\Flo\Documents\Backup of shipman.wbk
2012-11-06 06:37 - 2012-11-06 06:37 - 00190780 ____A C:\Users\Flo\Downloads\pg3212.mobi
2012-11-05 18:52 - 2012-11-05 18:52 - 01964426 ____A C:\Users\Flo\Downloads\Unconfirmed 880901.crdownload
2012-11-05 18:52 - 2012-11-05 18:52 - 01964426 ____A C:\Users\Flo\Downloads\Unconfirmed 274897.crdownload
2012-11-04 16:49 - 2012-11-04 16:49 - 00273314 ____A C:\Users\Flo\Downloads\Verliebt (German

Edition).azw
2012-11-04 16:44 - 2012-11-04 16:44 - 00340508 ____A C:\Users\Flo\Downloads\Berlin_ Thriller (Berlin

1) (German Edition).azw
2012-11-04 14:06 - 2012-11-04 14:29 - 00037376 ____A C:\Users\Flo\Downloads\Backup of H_Reality or

Fiction.wbk
2012-11-03 12:20 - 2012-11-03 16:16 - 00026624 ____A C:\Users\Flo\Documents\Backup of The Knight's Tale Reading

Journal.wbk
2012-11-03 12:20 - 2012-11-03 16:04 - 00026624 ____A C:\Users\Flo\Documents\~WRL3692.tmp
2012-11-03 12:20 - 2012-11-03 13:25 - 00026112 ____A C:\Users\Flo\Documents\~WRL0369.tmp
2012-11-03 12:20 - 2012-11-03 12:44 - 00025600 ____A C:\Users\Flo\Documents\~WRL2493.tmp
2012-11-02 13:15 - 2012-11-02 13:17 - 00069632 ____A C:\Users\Flo\Documents\Backup of Sabrina New Revised Chapter

1.wbk
2012-11-01 17:40 - 2012-11-01 17:40 - 00024064 ____A C:\Users\Flo\Documents\Backup of mama elephant.wbk
2012-11-01 13:31 - 2012-11-01 13:31 - 00450136 ____A (Check Point Software Technologies LTD) C:\Windows

\System32\Drivers\vsdatant.sys


==================== One Month Modified Files and Folders =======

2012-11-26 10:37 - 2011-10-17 11:33 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Skype
2012-11-26 10:37 - 2011-10-08 16:49 - 01415763 ____A C:\Windows\WindowsUpdate.log
2012-11-26 10:37 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-

1.C7483456-A289-439d-8115-601632D005A0
2012-11-26 10:37 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-

0.C7483456-A289-439d-8115-601632D005A0
2012-11-26 10:33 - 2012-04-10 19:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-26 10:17 - 2011-12-10 13:52 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1007133077-

4100184563-4248207412-1000UA.job
2012-11-26 10:12 - 2012-08-29 17:52 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Dropbox
2012-11-26 10:10 - 2012-08-26 17:28 - 28583502 ____A C:\Users\Flo\Desktop\NEWHERFGIS.zip
2012-11-26 10:09 - 2012-11-26 09:39 - 00000000 ____D C:\NEWHERFGIS
2012-11-26 09:46 - 2012-07-06 14:25 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-26 08:17 - 2011-12-10 13:52 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1007133077-

4100184563-4248207412-1000Core.job
2012-11-26 07:46 - 2009-07-13 21:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-26 06:54 - 2012-07-18 14:38 - 00000000 ____D C:\Users\Flo\Desktop\Books
2012-11-26 06:46 - 2012-07-06 14:25 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-25 05:05 - 2012-10-14 05:00 - 00000324 ____A C:\Windows\Tasks\HPCeeScheduleForFlo.job
2012-11-25 05:05 - 2011-10-09 12:11 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-11-25 05:05 - 2011-10-08 16:49 - 00000000 ____D C:\users\Flo
2012-11-25 05:04 - 2011-10-16 07:27 - 00000000 ____D C:\Users\Flo\AppData\Roaming\HpUpdate
2012-11-25 05:04 - 2011-10-16 07:27 - 00000000 ____D C:\Users\Flo\AppData\Roaming\HP Support Assistant
2012-11-24 18:36 - 2011-12-12 16:17 - 00000000 ____D C:\Users\Flo\AppData\Local\CrashDumps
2012-11-24 18:07 - 2009-07-13 20:51 - 00091632 ____A C:\Windows\setupact.log
2012-11-24 17:41 - 2012-08-29 17:55 - 00000000 ___RD C:\Users\Flo\Dropbox
2012-11-24 15:44 - 2012-11-24 14:21 - 00026112 ____A C:\Users\Flo\Documents\Backup of Othello.wbk
2012-11-24 12:30 - 2012-11-24 12:30 - 00415815 ____A C:\Windows\System32\Drivers\vsconfig.xml
2012-11-24 12:30 - 2012-11-24 12:30 - 00000762 ____A C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2012-11-24 12:28 - 2012-11-24 12:28 - 02201896 ____A (Check Point Software Technologies LTD) C:\Users\Flo

\Downloads\zafwSetupWeb_110_000_020.exe
2012-11-24 12:23 - 2012-11-24 12:23 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar
2012-11-24 12:23 - 2012-11-24 12:23 - 00000000 ____D C:\Program Files (x86)\Application Updater
2012-11-24 12:18 - 2012-11-24 12:18 - 00000000 ____D C:\Users\Flo\Documents\ForceField Shared Files
2012-11-24 12:18 - 2011-07-21 00:30 - 00000000 ____D C:\Users\All Users\PDFC
2012-11-24 12:18 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-24 12:15 - 2012-05-18 14:40 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-11-24 12:15 - 2012-05-18 14:40 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-11-23 17:44 - 2012-11-23 17:44 - 00023253 ____A C:\Users\Flo\Desktop\dds.txt
2012-11-23 17:44 - 2012-11-23 17:44 - 00008677 ____A C:\Users\Flo\Desktop\attach.txt
2012-11-23 17:42 - 2012-11-23 17:42 - 00688992 ____R (Swearware) C:\Users\Flo\Downloads\dds.com
2012-11-23 17:28 - 2012-11-23 17:28 - 01402880 ____A C:\Users\Flo\Downloads\HiJackThis.msi
2012-11-23 17:25 - 2012-11-23 17:25 - 00240092 ____A C:\Users\Flo\Downloads\Othello (German Edition).azw
2012-11-23 17:22 - 2012-11-23 17:22 - 00201084 ____A C:\Users\Flo\Downloads\Othello.azw
2012-11-23 17:22 - 2012-11-23 17:22 - 00201084 ____A C:\Users\Flo\Downloads\Othello (1).azw
2012-11-23 10:38 - 2011-10-17 11:32 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-11-23 10:38 - 2011-10-17 11:32 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-11-23 10:38 - 2011-10-17 11:32 - 00000000 ____D C:\Users\All Users\Skype
2012-11-22 18:01 - 2012-05-10 08:53 - 00000000 ____D C:\Users\Flo\Desktop\New folder
2012-11-22 09:24 - 2012-11-22 09:24 - 00000352 ____A C:\Users\Flo\Desktop\walmart.txt
2012-11-22 08:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-11-19 14:28 - 2011-07-21 00:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-11-19 14:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2012-11-19 14:24 - 2012-11-19 14:24 - 00002187 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2012-11-19 14:24 - 2011-07-21 00:04 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-11-19 14:23 - 2012-02-06 14:51 - 00000000 ____D C:\Users\Flo\AppData\Roaming\hpqLog
2012-11-19 14:22 - 2012-11-19 14:22 - 00000000 ____D C:\Users\All Users\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2012-11-19 14:21 - 2011-02-10 14:39 - 00000000 ____D C:\swsetup
2012-11-15 11:18 - 2011-10-08 16:52 - 00063160 ____A C:\Users\Flo\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-15 08:21 - 2012-11-15 08:21 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Avira
2012-11-15 08:15 - 2012-11-15 08:15 - 00000000 ____D C:\Users\Sabrina\Documents\ForceField Shared Files
2012-11-15 08:15 - 2012-11-15 08:15 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\CheckPoint
2012-11-15 08:15 - 2011-10-09 05:56 - 00063160 ____A C:\Users\Sabrina\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-15 02:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-11-15 01:28 - 2009-07-13 20:45 - 00289120 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-15 01:26 - 2011-10-09 08:49 - 00000000 ____D C:\Users\All Users\CanonIJPLM
2012-11-12 09:00 - 2012-11-12 08:46 - 00000000 ____D C:\Users\Flo\Desktop\PICS u doc von leo 12112012
2012-11-10 09:12 - 2012-11-10 08:52 - 00026624 ____A C:\Users\Flo\Documents\Backup of shipman.wbk
2012-11-08 01:41 - 2012-05-10 19:40 - 00000000 ____D C:\Windows\Minidump
2012-11-08 01:41 - 2011-07-21 01:05 - 00285298 ____N C:\Windows\Minidump\110812-21434-01.dmp
2012-11-08 01:41 - 2010-11-20 19:47 - 00351020 ____A C:\Windows\PFRO.log
2012-11-07 13:18 - 2011-12-10 13:52 - 00002441 ____A C:\Users\Flo\Desktop\Google Chrome.lnk
2012-11-06 06:37 - 2012-11-06 06:37 - 00190780 ____A C:\Users\Flo\Downloads\pg3212.mobi
2012-11-05 18:52 - 2012-11-05 18:52 - 01964426 ____A C:\Users\Flo\Downloads\Unconfirmed 880901.crdownload
2012-11-05 18:52 - 2012-11-05 18:52 - 01964426 ____A C:\Users\Flo\Downloads\Unconfirmed 274897.crdownload
2012-11-04 16:49 - 2012-11-04 16:49 - 00273314 ____A C:\Users\Flo\Downloads\Verliebt (German

Edition).azw
2012-11-04 16:44 - 2012-11-04 16:44 - 00340508 ____A C:\Users\Flo\Downloads\Berlin _ Thriller (Berlin

1) (German Edition).azw
2012-11-04 14:29 - 2012-11-04 14:06 - 00037376 ____A C:\Users\Flo\Downloads\Backup of H_Reality or Fiction.wbk
2012-11-04 05:07 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2012-11-04 04:39 - 2011-12-21 13:13 - 00000000 ____D C:\Users\Flo\AppData\Roaming\calibre
2012-11-03 16:16 - 2012-11-03 12:20 - 00026624 ____A C:\Users\Flo\Documents\Backup of The Knight's Tale Reading

Journal.wbk
2012-11-03 16:04 - 2012-11-03 12:20 - 00026624 ____A C:\Users\Flo\Documents\~WRL3692.tmp
2012-11-03 13:25 - 2012-11-03 12:20 - 00026112 ____A C:\Users\Flo\Documents\~WRL0369.tmp
2012-11-03 12:44 - 2012-11-03 12:20 - 00025600 ____A C:\Users\Flo\Documents\~WRL2493.tmp
2012-11-02 13:17 - 2012-11-02 13:15 - 00069632 ____A C:\Users\Flo\Documents\Backup of Sabrina New Revised Chapter

1.wbk
2012-11-01 17:40 - 2012-11-01 17:40 - 00024064 ____A C:\Users\Flo\Documents\Backup of mama e.wbk
2012-11-01 13:31 - 2012-11-01 13:31 - 00450136 ____A (Check Point Software Technologies LTD) C:\Windows

\System32\Drivers\vsdatant.sys


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-13 07:44:16
Restore point made on: 2012-11-15 01:00:25
Restore point made on: 2012-11-19 14:23:25
Restore point made on: 2012-11-19 14:27:07
Restore point made on: 2012-11-19 14:28:05
Restore point made on: 2012-11-20 19:06:12
Restore point made on: 2012-11-23 17:04:41
Restore point made on: 2012-11-23 19:50:19

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 7935.29 MB
Available physical RAM: 6938.54 MB
Total Pagefile: 7933.48 MB
Available Pagefile: 6915.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:500.25 GB) (Free:436.79 GB) NTFS
2 Drive d: (Personal_Data) (Fixed) (Total:885.69 GB) (Free:715.43 GB) NTFS
3 Drive f: (HP_RECOVERY) (Fixed) (Total:11.22 GB) (Free:1.37 GB) NTFS ==>[System with boot components (obtained

from reading drive)]
5 Drive h: (KINGSTON) (Removable) (Total:3.73 GB) (Free:1.07 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
11 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from

reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 1397 GB 0 B
Disk 1 Online 3823 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 500 GB 101 MB
Partition 0 Extended 885 GB 500 GB
Partition 4 Logical 885 GB 500 GB
Partition 3 Primary 11 GB 1386 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 500 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D Personal_Da NTFS Partition 885 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_RECOVERY NTFS Partition 11 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H KINGSTON FAT32 Removable 3823 MB Healthy

=========================================================

Last Boot: 2012-11-15 01:58

==================== End Of Log =============================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:11 PM

Posted 26 November 2012 - 07:24 PM

Please run the following

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.



NEXT


Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.
Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:11 PM

Posted 05 December 2012 - 07:37 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users