Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.Heur & No Browser Connectiong


  • This topic is locked This topic is locked
11 replies to this topic

#1 Ernde38

Ernde38

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 17 December 2012 - 03:41 AM

About a month or so ago, my computer started running really slow. I thought maybe it might just be an outdated add-on for Firefox (the browser I use), but I noticed that the slowness wasn't just happening when the browser was open. I leave my PC on when I go to bed, and noticed that when I would wake up, and then wake the computer up, it would take forever for the desktop to appear. It seemed to have cleared up about a week and a half ago. I just recently bought a used gaming steering wheel from a friend in Washington state. It came this past Tuesday. So I plugged it in, and installed the software and drivers, no problem. Then, I decided to run DriverMax and update the rest of my drivers. Once I restarted my computer, I found that my wireless adapter said I had a full connection, and excellent signal strength. When I opened Firefox however, it said "web page can not be displayed". I tried Internet Explorer, same deal. I ran every security scanning program I have, and Advanced SystemCare was the only one that found the Trojan. The weird thing is, it found it in my video drivers at the following location:
C:\NVIDIA\DisplayDriver\285.38\Winvista_Win7_64\English\setup.exe

I manually deleted the file. I still have no internet connection though. I've tried every trick I could think of, and find on the internet. Still no luck. I've come to the conclusion that I've had the Trojan for this last whole month or so, and the gaming wheel, and/or other driver updates, were enough to "move" the trojan and mess up my internet connection.

Here's my DDS logs:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by JASBY at 3:14:03 on 2012-12-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1832 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Aware *Enabled/Outdated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Advanced SystemCare Ultimate *Enabled/Outdated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Enabled/Outdated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe
C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\ProgramData\Search Protection\SearchProtection.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={F4C762F3-2136-49FE-B3CF-73510895A63D}&mid=156649d04fb747d1a4082da790c8860c-4b4e6883f50edfbdd7ce80c085e1e141a89ee9aa&lang=en&ds=is015&pr=sa&d=2012-11-11 18:13:02&v=13.2.0.5&sap=hp
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://www.yahoo.com/?ilc=8
mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
uURLSearchHooks: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - <orphaned>
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\coieplg.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120109215959.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.12.1012.1\NativeBHO.dll
BHO: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - <orphaned>
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\coieplg.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare with Antivirus 2013\ASCTray.exe" /AutoStart
uRun: [Advanced SystemCare Ultimate] "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe" /AutoStart
uRun: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent
uRun: [Start WingMan Profiler] <no file>
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SearchProtection] C:\ProgramData\Search Protection\_run.bat
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
TCP: Interfaces\{6EF95094-7CC0-456B-8E3B-02B3A8C4A1B4}\C696E6B6379737 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{E12600FE-B7AB-45E6-8C6B-C78CA7A32F26} : DHCPNameServer = 75.75.76.76 75.75.75.75
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
x64-mStart Page = hxxp://acer.msn.com
x64-mDefault_Page_URL = hxxp://acer.msn.com
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20100826191604.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JASBY\AppData\Roaming\Mozilla\Firefox\Profiles\csuoojd2.default-1339414248216\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\JASBY\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\JASBY\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-10-23 22:27; idvaultaddin@whitesky; C:\Users\JASBY\AppData\Roaming\Mozilla\Firefox\Profiles\csuoojd2.default-1339414248216\extensions\idvaultaddin@whitesky
FF - ExtSQL: 2012-11-11 18:13; avg@toolbar; C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5
FF - ExtSQL: 2012-11-27 13:23; wtxpcom@mybrowserbar.com; C:\Program Files (x86)\Common Files\Spigot\wtxpcom
FF - ExtSQL: 2012-11-27 13:23; ytd@mybrowserbar.com; C:\Program Files (x86)\YTD Toolbar\FF
FF - ExtSQL: 2012-11-27 23:12; {87934c42-161d-45bc-8cef-ef18abe2a30c}; C:\Users\JASBY\AppData\Roaming\Mozilla\Firefox\Profiles\csuoojd2.default-1339414248216\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - ExtSQL: 2012-11-27 23:12; jid1-yZwVFzbsyfMrqQ@jetpack; C:\Users\JASBY\AppData\Roaming\Mozilla\Firefox\Profiles\csuoojd2.default-1339414248216\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - ExtSQL: 2012-12-05 04:44; ascsurfingprotection@iobit.com; C:\Users\JASBY\AppData\Roaming\Mozilla\Firefox\Profiles\csuoojd2.default-1339414248216\extensions\ascsurfingprotection@iobit.com
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2012-12-11 12368]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2012-12-11 262656]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2012-11-27 14456]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-1-5 528232]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-1-5 279752]
R0 MxEFUF;Matrox Extio Upper Function Filter;C:\Windows\System32\drivers\MxEFUF64.sys [2012-6-10 157696]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2012-2-27 17720]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0604000.009\symds64.sys [2012-10-9 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0604000.009\symefa64.sys [2012-10-9 1129120]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\drivers\aswFW.sys [2012-12-11 132864]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-12-11 21136]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-1-9 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-1-9 370288]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-11 30568]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-12-3 1384608]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\System32\drivers\N360x64\0604000.009\ccsetx64.sys [2012-10-9 167072]
R1 ccSet_NST;Norton Safe Web Lite Settings Manager;C:\Windows\System32\drivers\NSTx64\0200000.010\ccSetx64.sys [2012-6-14 167048]
R1 GIDv2;GIDv2;C:\Windows\System32\drivers\gidv2.sys [2012-8-28 29288]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121211.002\IDSviA64.sys [2012-12-11 513184]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-1-5 75288]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2012-11-27 258848]
R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-1-9 57976]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0604000.009\ironx64.sys [2012-10-9 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0604000.009\symnets.sys [2012-10-9 405624]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-11-21 1236368]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCSvc.exe [2012-12-5 1050496]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-11-28 793600]
R2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe [2012-12-5 625536]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-1-9 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-1-9 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-12-10 44808]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-10-16 61552]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-11-19 821592]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-14 355440]
R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-8-26 199032]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-8-26 244840]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-8-26 148520]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\ccsvchst.exe [2012-10-9 138272]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NSL;Norton Safe Web Lite;C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2012-6-14 138760]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-9-12 82872]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-8-26 243232]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-11 711112]
R3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2012-11-11 101504]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-29 138912]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-11-19 21384]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\Windows\System32\drivers\AE2500w764.sys [2012-1-8 1254464]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-1-5 189880]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-1-5 440688]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-11-19 33224]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2012-11-27 120064]
R3 SBHIPS;SBHIPS;C:\Windows\System32\drivers\sbhips.sys [2012-11-27 61216]
R3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2012-9-20 86816]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-11-19 21904]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;C:\Windows\System32\drivers\whfltr2k.sys [2012-2-23 10368]
S2 0080951346212306mcinstcleanup;McAfee Application Installer Cleanup (0080951346212306); [x]
S2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-12-11 133912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-1-5 62416]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-11-25 102368]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-1-9 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2012-12-2 35456]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-1-5 93840]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-26 305520]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2012-11-27 120064]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-11-25 203104]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-24 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-9 1255736]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-14 355440]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-12-17 05:26:08 -------- d-----w- C:\Program Files\HTC
2012-12-17 05:22:51 -------- d-----w- C:\Program Files (x86)\HTC
2012-12-17 05:21:01 -------- d-----w- C:\Temp
2012-12-15 09:46:55 -------- d-----w- C:\Users\JASBY\AppData\Local\Google
2012-12-15 09:36:30 -------- d-----w- C:\Program Files (x86)\WinMend
2012-12-14 04:07:09 -------- d-----w- C:\Program Files (x86)\Pure Networks
2012-12-14 04:04:14 33328 ----a-w- C:\Windows\System32\drivers\pnarp.sys
2012-12-14 04:04:05 35376 ----a-w- C:\Windows\System32\drivers\purendis.sys
2012-12-14 04:03:56 -------- d-----w- C:\Program Files (x86)\Common Files\Pure Networks Shared
2012-12-12 04:12:32 -------- d-----w- C:\Program Files (x86)\Common Files\Logitech
2012-12-12 04:11:26 53248 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\msihook.dll
2012-12-12 04:11:25 126976 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe
2012-12-12 04:11:21 114688 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\scpthdlr.dll
2012-12-11 18:09:01 132864 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2012-12-11 18:08:10 262656 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2012-12-11 18:08:07 21136 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2012-12-11 18:08:04 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys
2012-12-06 06:43:12 -------- d-----w- C:\Users\JASBY\AppData\Local\{4777FF03-DFC8-4A50-B397-5BB428C61D60}
2012-12-05 09:44:46 329800 ----a-w- C:\Windows\System32\drivers\trufos.sys
2012-12-05 09:44:45 431176 ----a-w- C:\Windows\System32\drivers\bdfsfltr.sys
2012-12-05 09:44:31 -------- d-----w- C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2012-12-04 18:43:18 -------- d-----w- C:\Program Files (x86)\YTD Toolbar
2012-12-02 17:00:18 35456 ----a-w- C:\Windows\System32\drivers\gfiark.sys
2012-12-02 01:17:23 261600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\components\browsercomps.dll
2012-12-02 01:17:22 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2012-12-02 01:17:22 18912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2012-12-02 01:17:22 128624 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\CommonDotNET.dll
2012-11-28 19:28:47 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-28 19:28:47 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-28 19:28:02 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-28 19:28:02 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-28 19:28:02 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-28 19:28:02 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-28 19:28:02 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-28 19:28:01 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-28 19:28:01 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-28 19:26:12 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-28 19:26:12 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-28 19:26:12 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-28 19:26:12 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-28 19:13:29 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-28 19:05:26 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-11-28 19:05:25 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-11-28 19:05:25 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-11-28 19:05:25 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-11-28 19:03:54 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-11-28 19:03:54 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-11-28 19:03:53 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-11-28 19:03:53 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-11-28 19:03:53 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-11-28 19:03:52 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-11-28 19:03:52 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-11-28 19:03:52 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-11-28 19:03:52 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-11-28 19:03:51 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2012-11-28 19:03:51 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-11-28 19:03:51 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-11-28 04:26:38 61216 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-11-28 04:26:17 120064 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-11-28 04:26:16 258848 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-11-28 04:21:57 -------- d-----w- C:\Users\JASBY\AppData\Local\adawarebp
2012-11-28 04:21:10 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus
2012-11-28 04:18:53 -------- d-----w- C:\Users\JASBY\AppData\Roaming\LavasoftStatistics
2012-11-28 04:14:00 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2012-11-28 04:13:45 -------- d-----w- C:\ProgramData\Search Protection
2012-11-28 04:13:42 -------- d-----w- C:\ProgramData\blekko toolbars
2012-11-28 04:12:28 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-11-28 03:18:57 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll
2012-11-28 03:17:58 390424 ----a-w- C:\Windows\System32\xactengine2_5.dll
2012-11-28 03:12:38 -------- d--h--w- C:\Windows\msdownld.tmp
2012-11-28 03:12:33 -------- d-----w- C:\Windows\SysWow64\directx
2012-11-28 03:11:58 -------- d-----w- C:\Users\JASBY\AppData\Roaming\ts3overlay_hook_win64
2012-11-25 09:08:18 -------- d-----w- C:\ProgramData\YTD Video Downloader
2012-11-25 09:08:09 -------- d-----w- C:\Program Files (x86)\GreenTree Applications
2012-11-25 05:09:50 203104 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-11-25 05:09:49 102368 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2012-11-25 04:44:28 -------- d-----w- C:\Program Files (x86)\MyFree Codec
2012-11-25 04:17:06 -------- d-----w- C:\Users\JASBY\AppData\Local\Samsung
2012-11-25 04:17:02 -------- d-----w- C:\Users\JASBY\AppData\Roaming\Samsung
2012-11-25 04:10:39 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2012-11-25 04:09:56 -------- d-----w- C:\Program Files (x86)\MarkAny
2012-11-25 04:08:04 -------- d-----w- C:\ProgramData\Samsung
2012-11-25 04:08:04 -------- d-----w- C:\Program Files (x86)\Samsung
2012-11-19 07:45:43 -------- d-----w- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2012-11-19 07:45:37 -------- d-----w- C:\ProgramData\{6F2F3866-38AD-4f48-852C-2FF5DE7A7588}
.
==================== Find3M ====================
.
2012-12-12 04:03:08 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 04:03:08 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-28 19:29:48 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-11-28 19:29:48 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-11-28 19:29:48 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-11-28 19:15:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-28 19:15:32 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-28 19:15:31 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-28 19:15:30 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-28 19:15:29 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-28 19:15:29 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-28 19:15:27 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-28 19:15:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-28 19:15:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-28 19:15:26 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-28 19:15:23 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-28 19:15:23 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-11 23:40:55 12542472 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2012-11-11 23:40:18 15115376 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-11-11 23:12:31 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-10-30 23:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-10-30 23:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-10-30 23:51:07 41224 ----a-w- C:\Windows\avastSS.scr
2012-10-29 03:09:26 45320 ----a-w- C:\Windows\SysWow64\MAMACExtract.dll
2012-10-25 03:59:42 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-10-25 03:59:42 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-10-25 03:59:42 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-10-25 03:59:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-10-25 03:59:42 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2012-10-25 03:59:41 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-10-25 03:59:41 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-10-25 03:59:39 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-10-25 03:59:38 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-10-25 03:58:38 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-25 03:58:38 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-25 03:56:46 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-25 03:56:45 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-25 03:56:45 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-25 03:56:44 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-25 03:56:44 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-25 03:56:44 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-25 03:54:24 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-25 03:54:23 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-25 03:51:36 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-10-25 03:51:36 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-10-25 03:50:30 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-10-25 03:50:30 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-10-25 03:50:28 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-10-25 03:50:27 67072 ----a-w- C:\Windows\splwow64.exe
2012-10-25 03:47:58 136704 ----a-w- C:\Windows\System32\browser.dll
2012-10-25 03:47:57 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-10-25 03:47:57 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-10-25 03:43:01 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-25 03:43:01 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-10-25 03:43:01 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-10-25 03:40:46 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-25 03:40:45 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-25 03:40:09 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-25 03:37:44 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-10-25 03:37:07 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-10-25 03:37:07 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-10-25 03:36:17 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-10-25 03:36:17 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-10-25 03:35:54 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-10-25 03:35:54 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-10-25 03:35:27 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-10-25 03:34:55 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-10-25 03:34:55 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-10-25 03:34:55 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-10-25 03:34:55 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-10-25 03:34:55 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-10-25 03:34:55 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-10-25 03:34:11 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-10-25 03:31:25 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-10-25 03:31:25 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-10-20 00:35:55 6222696 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-20 00:35:52 3310440 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-20 00:35:10 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-10-20 00:35:09 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-20 00:35:09 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-20 00:35:09 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-10-15 16:59:28 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-10-06 04:14:20 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-10-06 04:14:20 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-25 03:16:33 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-20 10:40:04 47496 ----a-w- C:\Windows\SysWow64\sbbd.exe
2012-09-20 10:40:04 47496 ----a-w- C:\Windows\System32\sbbd.exe
2012-09-20 10:11:58 86816 ----a-w- C:\Windows\System32\drivers\sbwtis.sys
2012-09-19 15:02:08 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2012-09-19 15:02:06 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
.
============= FINISH: 3:16:07.13 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:18 AM

Posted 18 December 2012 - 06:08 PM

Hello Ernde38,

Welcome to the forum.

Please refrain from doing any fix or making any changes to the system from now on until we are done unless you decide you can do the rest on your own. Thank you.

If you have still the issue please update me on the current condition of the computer and do the following.

  • Please download Farbar Service Scanner and run it on the computer with the issue.
    • Check all the boxes.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List installed programs.
    • List Devices (only check the box and let the default radio button as it is).
    • List Restore Points.
    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.


#3 Ernde38

Ernde38
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 19 December 2012 - 04:04 AM

Thanks for going out of your way to help Farbar!

The PC condition has changed. Now I can't even connect to a network on my adapter. I'm typing in the right security key/password, but I still get the "Windows cannot connect at this time" error when I hit the connect button. Here are my logs:

Farbar Service Scanner Version: 10-12-2012
Ran by JASBY (administrator) on 19-12-2012 at 03:39:58
Running from "E:\"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

MiniToolBox by Farbar Version: 25-11-2012
Ran by JASBY (administrator) on 19-12-2012 at 03:54:09
Running from "E:\"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

NVIDIA nForce 10/100/1000 Mbps Ethernet = Local Area Connection (Connecting)
Linksys AE2500 = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : JASBY-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : C0-C1-C0-60-D6-04
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Linksys AE2500
Physical Address. . . . . . . . . : C0-C1-C0-60-D6-04
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.hsd1.pa.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{0B47D2C2-3636-4E51-B6DA-6EEF1042FFAC}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
76...c0 c1 c0 60 d6 04 ......Microsoft Virtual WiFi Miniport Adapter
72...c0 c1 c0 60 d6 04 ......Linksys AE2500
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/19/2012 03:40:23 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (12/19/2012 03:40:23 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (12/19/2012 02:54:07 AM) (Source: Google Update) (User: JASBY-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (12/18/2012 11:54:06 PM) (Source: Google Update) (User: JASBY-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (12/18/2012 08:54:06 PM) (Source: Google Update) (User: JASBY-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (12/18/2012 05:54:07 PM) (Source: Google Update) (User: JASBY-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (12/18/2012 02:54:06 PM) (Source: Google Update) (User: JASBY-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (12/18/2012 11:54:31 AM) (Source: Google Update) (User: JASBY-PC)
Description: Network Request Error.
Error: 0x80072efd. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (12/18/2012 08:54:19 AM) (Source: Google Update) (User: JASBY-PC)
Description: Network Request Error.
Error: 0x80072efd. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (12/18/2012 05:54:06 AM) (Source: Google Update) (User: JASBY-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80


System errors:
=============
Error: (12/19/2012 03:39:11 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (12/19/2012 03:39:10 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (12/19/2012 03:39:10 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (12/19/2012 03:39:09 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (12/18/2012 05:34:32 PM) (Source: DCOM) (User: )
Description: {9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2}

Error: (12/18/2012 05:32:00 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
papycpu2
papyjoy

Error: (12/18/2012 05:30:02 PM) (Source: Service Control Manager) (User: )
Description: The avast! Firewall service failed to start due to the following error:
%%1053

Error: (12/18/2012 05:30:02 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the avast! Firewall service to connect.

Error: (12/18/2012 05:29:46 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:26:38 PM on ?12/?18/?2012 was unexpected.

Error: (12/18/2012 05:28:44 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\papyjoy.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office Sessions:
=========================
Error: (12/19/2012 03:40:23 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (12/19/2012 03:40:23 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (12/19/2012 02:54:07 AM) (Source: Google Update)(User: JASBY-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (12/18/2012 11:54:06 PM) (Source: Google Update)(User: JASBY-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (12/18/2012 08:54:06 PM) (Source: Google Update)(User: JASBY-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (12/18/2012 05:54:07 PM) (Source: Google Update)(User: JASBY-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (12/18/2012 02:54:06 PM) (Source: Google Update)(User: JASBY-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (12/18/2012 11:54:31 AM) (Source: Google Update)(User: JASBY-PC)
Description: Network Request Error.
Error: 0x80072efd. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (12/18/2012 08:54:19 AM) (Source: Google Update)(User: JASBY-PC)
Description: Network Request Error.
Error: 0x80072efd. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (12/18/2012 05:54:06 AM) (Source: Google Update)(User: JASBY-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
18 Wheels of Steel - American Long Haul (Version: 2.2.0.95)
Acer Arcade Deluxe (Version: 4.5.7828)
Acer Arcade Movie (Version: 9.0.6629)
Acer eRecovery Management (Version: 4.05.3013)
Acer Game Console
Acer Games (Version: 1.0.1.3)
Acer Registration (Version: 1.03.3003)
Acer ScreenSaver (Version: 1.1.0825.2010)
Acer Updater (Version: 1.02.3001)
Ad-Aware Antivirus (Version: 10.4.43.4155)
Ad-Aware Security Add-on (Version: 2.2.0.17)
Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Flash Player 11 Plugin (Version: 11.5.502.135)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.7.637)
Advanced SystemCare Ultimate 6 (Version: 6.0.0)
Advertising Center (Version: 0.0.0.2)
Agatha Christie - Death on the Nile (Version: 2.2.0.95)
Ancestral Author 2.9
Ares 2.1.7 (Version: 2.1.7-Build#3041)
Audacity 1.3.14 (Unicode)
avast! Internet Security (Version: 7.0.1474.0)
AVG Security Toolbar (Version: 13.2.0.5)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Blackhawk Striker 2 (Version: 2.2.0.95)
Build-a-lot 2 (Version: 2.2.0.95)
CFM 2007 (Version: 2.0.1.84)
Chuzzle Deluxe (Version: 2.2.0.95)
Constant Guard Protection Suite (Version: 1.12.1012.1)
Coupon Printer for Windows (Version: 5.0.0.0)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's Carnival Adventure (Version: 2.2.0.95)
DriverMax 6 (Version: 6.38.0.356)
eBay Worldwide (Version: 2.1.0901)
EndItAll 2.0 (Version: 2.0)
eSobi v2 (Version: 2.0.4.000274)
Extra Video to Audio MP3 Converter Free 6.76
Facebook Messenger 2.1.4651.0 (Version: 2.1.4651.0)
FATE (Version: 2.2.0.95)
FFmpeg v0.6.2 for Audacity
Fraps
GuardedID (Version: 0.03.1038)
Hotkey Utility (Version: 2.05.3009)
HP Deskjet 2050 J510 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 2050 J510 series Help (Version: 140.0.61.61)
HP Deskjet 2050 J510 series Product Improvement Study (Version: 22.50.231.0)
HP Photo Creations (Version: 1.0.0.3781)
HP Update (Version: 5.002.006.003)
Identity Card (Version: 1.00.3003)
ImagXpress (Version: 7.0.74.0)
IObit Malware Fighter (Version: 1.0)
IObit Toolbar v6.5 (Version: 6.5)
Jasc Paint Shop Pro 8 (Version: 8.00.0000)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
JavaFX 2.1.1 (Version: 2.1.1)
Jewel Quest - Heritage (Version: 2.2.0.95)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
John Deere Drive Green (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
LAME v3.98.3 for Audacity
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
MediaShow Espresso (Version: 5.5.1713_26701)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
MP3 Rocket
MSVCRT (Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyFreeCodec
MyWinLocker (Version: 3.1.212.0)
MyWinLocker Suite (Version: 3.1.212.0)
NASCAR Craftsman Truck Racing
NASCAR Racing 1999 Edition
NASCAR® Racing 2002 Season
NASCAR® Racing 2003 Season
NASCAR® Racing 3 Craftsman Truck Expansion Pack
NASCAR® Racing 4
Nero 9 Essentials
Nero ControlCenter (Version: 9.0.0.1)
Nero DiscSpeed (Version: 5.4.13.100)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero DriveSpeed (Version: 4.4.12.100)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express Help (Version: 9.4.37.100)
Nero InfoTool (Version: 6.4.12.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero StartSmart (Version: 9.4.37.100)
Nero StartSmart Help (Version: 9.4.27.100)
Nero StartSmart OEM (Version: 9.16.0.100)
NeroExpress (Version: 9.4.37.100)
neroxml (Version: 1.0.0)
Network Magic (Version: 5.5.9195.0)
Norton Online Backup (Version: 2.1.17869)
Norton Safe Web Lite (Version: 2.0.0.16)
Norton Security Scan (Version: 3.7.2.5)
Norton Security Suite (Version: 6.4.0.9)
NRatings (Version: 3.2.1)
NVIDIA Control Panel 310.33 (Version: 310.33)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Graphics Driver 275.33 (Version: 275.33)
NVIDIA Install Application (Version: 2.1002.95.599)
NVIDIA Update 1.3.5 (Version: 1.3.5)
NVIDIA Update Components (Version: 1.3.5)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
PowerISO (Version: 4.9)
Pure Networks Platform (Version: 11.2.09195.1)
Race Points Manager
Razer Game Booster (Version: 3.5.6.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6622)
RLM Arena 4.2
RollerCoaster Tycoon Deluxe
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)
Score4 2.4.0.1 (Version: 2.4.0.1)
Shredder (Version: 2.0.8.3)
Sierra Utilities
Skype™ 5.10 (Version: 5.10.116)
Smart Defrag 2 (Version: 2.3)
Spotify (Version: 0.8.4.124.ga3559d86)
swMSM (Version: 12.0.0.1)
System Tray Cleaner 3
TeamSpeak 3 Client (Version: 3.0.9.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Vegas Pro 11.0 (64-bit) (Version: 11.0.521)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
Welcome Center (Version: 1.02.3005)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WingMan Software (Version: 4.11)
WinRAR 4.10 beta 5 (64-bit) (Version: 4.10.5)
WModem Driver Installer (Version: 2.0.6.9)
XFINITY Toolbar (Version: 3.5.2.2)
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
YTD Toolbar v6.6 (Version: 6.6)
YTD Video Downloader 3.9.5
ZapShares 3.9 (Version: 3.9)
Zuma's Revenge (Version: 2.2.0.95)

========================= Devices: ================================

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

========================= Restore Points ==================================

12-12-2012 04:26:03 DMX_DriverMax Driver Installation
13-12-2012 07:48:38 Restore Operation
13-12-2012 08:51:15 Configured NVIDIA ForceWare Network Access Manager
14-12-2012 04:06:03 Installed Cisco Network Magic
17-12-2012 05:21:33 Installed WModem_Installer

**** End of log ****

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:18 AM

Posted 19 December 2012 - 06:06 AM

You have too many security software and antiviruses on the system. We will remove all of them to rule out their interference. After getting access to internet I recommend you to install only one Internet Security of your your choice (Avast or Norton).

  • So please uninstall the following software:

    Ad-Aware Antivirus
    Ad-Aware Security Add-on
    Advanced SystemCare Ultimate 6
    avast! Internet Security
    AVG Security Toolbar
    IObit Malware Fighter
    IObit Toolbar v6.5
    Norton Safe Web Lite
    Norton Security Scan
    Norton Security Suite

  • Please download Avast Uninstall Utility and follow the instruction given there to remove Avast.
  • To remove the Norton leftovers please download and run the Norton Removal Tool.

    Note: Norton removal tool is one and the same for all versions.
  • You have still some leftovers from an incomplete uninstalled McAfee AntiVirus on your computer.
    To remove McAfee AntiVirus I recommend you to use McAfee Consumer Product Removal tool (MCPR.exe).

    For download and instruction to use McAfee Consumer Product Removal tool click on majorgeeks.com
  • Restart the computer.
  • After restart please see if you see any change. Also run MiniToolBox, check only "List IP Configuration" and post the log it makes.

Edited by Farbar, 19 December 2012 - 06:33 AM.


#5 Ernde38

Ernde38
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 20 December 2012 - 01:35 AM

After I uninstalled all of the the security and web browsing software, and restarted, I tried to connect once again. Still got the Windows cannot connect error when I tried connecting to my network. So I re-installed the adapter again, and BINGO, I now have internet access again! THANK YOU SO MUCH!!! This has been a real pain in the butt not having internet access! I'm going to stick with Norton because we get the whole package free from Comcast/Xfinity. What exactly did the Trojan do to knock me offline, and how do I go about preventing it in the future? Thanks again!!! Here's the IP log you wanted:

MiniToolBox by Farbar Version: 25-11-2012
Ran by JASBY (administrator) on 20-12-2012 at 01:29:35
Running from "E:\"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= IP Configuration: ================================

NVIDIA nForce 10/100/1000 Mbps Ethernet = Local Area Connection (Connecting)
Linksys AE2500 = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : JASBY-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.pa.comcast.net.

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : C0-C1-C0-60-D6-04
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.pa.comcast.net.
Description . . . . . . . . . . . : Linksys AE2500
Physical Address. . . . . . . . . : C0-C1-C0-60-D6-04
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::14c8:e58b:485b:9134%63(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, December 20, 2012 1:26:02 AM
Lease Expires . . . . . . . . . . : Friday, December 21, 2012 1:26:10 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 1254146496
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-79-77-1F-F8-0F-41-0D-41-F6
DNS Servers . . . . . . . . . . . : 75.75.76.76
75.75.75.75
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet
Physical Address. . . . . . . . . : F8-0F-41-0D-41-F6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::944c:2a4e:642f:10ee%38(Deprecated)
Autoconfiguration IPv4 Address. . : 169.254.16.238(Tentative)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.pa.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{0B47D2C2-3636-4E51-B6DA-6EEF1042FFAC}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns02.comcast.net
Address: 75.75.76.76

Name: google.com
Addresses: 2607:f8b0:4006:801::1009
74.125.226.238
74.125.226.228
74.125.226.227
74.125.226.224
74.125.226.230
74.125.226.226
74.125.226.225
74.125.226.231
74.125.226.229
74.125.226.233
74.125.226.232


Pinging google.com [173.194.43.1] with 32 bytes of data:
Reply from 173.194.43.1: bytes=32 time=20ms TTL=55
Reply from 173.194.43.1: bytes=32 time=19ms TTL=55

Ping statistics for 173.194.43.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 20ms, Average = 19ms
Server: cdns02.comcast.net
Address: 75.75.76.76

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 98.139.183.24
98.138.253.109
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=93ms TTL=49
Reply from 72.30.38.140: bytes=32 time=106ms TTL=49

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 93ms, Maximum = 106ms, Average = 99ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
66...c0 c1 c0 60 d6 04 ......Microsoft Virtual WiFi Miniport Adapter
63...c0 c1 c0 60 d6 04 ......Linksys AE2500
38...f8 0f 41 0d 41 f6 ......NVIDIA nForce 10/100/1000 Mbps Ethernet
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.102 281
192.168.1.102 255.255.255.255 On-link 192.168.1.102 281
192.168.1.255 255.255.255.255 On-link 192.168.1.102 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.102 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.102 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
63 281 fe80::/64 On-link
63 281 fe80::14c8:e58b:485b:9134/128
On-link
1 306 ff00::/8 On-link
63 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

**** End of log ****

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:18 AM

Posted 20 December 2012 - 01:57 AM

Great.:)

Let's make sure there is no malware left at this point.

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flashdrive into the infected PC.
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html


    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]

#7 Ernde38

Ernde38
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 20 December 2012 - 04:02 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-12-2012
Ran by SYSTEM at 20-12-2012 03:42:31
Running from L:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12480616 2012-04-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat [x]
HKLM-x32\...\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [647216 2009-07-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1123720 2012-11-28] (Spigot, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [124136 2010-06-29] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [x]
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [x]
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\JASBY\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare with Antivirus 2013\ASCTray.exe" /AutoStart [x]
HKU\JASBY\...\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent [11324864 2012-11-14] (Innovative Solutions)
HKU\JASBY\...\Run: [Start WingMan Profiler] [x]
HKU\UpdatusUser.JASBY-PC\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secure Backup and Share Status.lnk
ShortcutTarget: Secure Backup and Share Status.lnk -> C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe (Secure Backup and Share)

==================== Services (Whitelisted) ===================

2 ComcastSecureBackupSharebackup; "C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe" [16104 2011-12-15] (Secure Backup and Share)
2 IDVaultSvc; "C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe" [66160 2012-11-29] (White Sky, Inc.)
3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
2 N360; "C:\Program Files (x86)\Norton Security Suite\Engine\20.1.0.24\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton Security Suite\Engine\20.1.0.24\diMaster.dll" /prefetch:1 [531864 2012-08-21] (Symantec Corporation)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
2 RichVideo; "C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe" [244904 2010-05-12] ()

==================== Drivers (Whitelisted) =====================

1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [45880 2012-12-19] (Zemana Ltd.)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20120815.002\BHDrvx64.sys [1385120 2012-08-10] (Symantec Corporation)
1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1401000.018\ccSetx64.sys [168096 2012-08-06] (Symantec Corporation)
1 ComcastSecureBackupShareFilter; C:\Windows\System32\DRIVERS\ComcastSecureBackupShare.sys [66552 2011-12-15] (Mozy, Inc.)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-18] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-12-19] (Symantec Corporation)
3 gfiark; C:\Windows\System32\Drivers\gfiark.sys [35456 2012-10-24] (GFI Software)
0 gfibto; C:\Windows\System32\Drivers\gfibto.sys [14456 2012-11-27] (GFI Software)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20120811.001\IDSVia64.sys [512672 2012-08-10] (Symantec Corporation)
3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25336 2012-11-08] (Zemana Ltd.)
3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-29] (Broadcom Corporation)
0 LPCFilter; C:\Windows\System32\Drivers\LPCFilter.sys [30312 2012-03-06] (Windows ® Win 7 DDK provider)
0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20121219.033\ENG64.SYS [126112 2012-12-19] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20121219.033\EX64.SYS [2084000 2012-12-19] (Symantec Corporation)
3 NPF; C:\Windows\System32\Drivers\NPF.sys [40464 2007-11-06] (CACE Technologies)
3 papycpu; C:\Windows\SysWow64\Drivers\papycpu.sys [1984 1998-10-06] ()
0x01000000 papycpu2; C:\Windows\SysWow64\Drivers\papycpu2.sys [1984 2002-01-20] ()
0x01000000 papyjoy; C:\Windows\SysWow64\Drivers\papyjoy.sys [1856 2002-01-20] ()
0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
3 SRTSP; C:\Windows\system32\drivers\N360x64\1401000.018\SRTSP64.SYS [776352 2012-08-10] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360x64\1401000.018\SRTSPX64.SYS [37496 2012-05-24] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\1401000.018\SYMDS64.SYS [493216 2012-07-27] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\1401000.018\SYMEFA64.SYS [1132192 2012-08-07] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-12-19] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360x64\1401000.018\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation)
1 SymNetS; C:\Windows\system32\drivers\N360x64\1401000.018\SYMNETS.SYS [432800 2012-07-22] (Symantec Corporation)
3 whfltr2k; C:\Windows\System32\Drivers\whfltr2k.sys [10368 2009-09-16] ()
2 0080951346212306mcinstcleanup; [x]
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-19 23:38 - 2012-12-19 23:38 - 00000000 ____D C:\FRST
2012-12-19 23:10 - 2012-12-19 23:10 - 00002538 ____A C:\Users\JASBY\Desktop\Norton Security Suite.lnk
2012-12-19 23:03 - 2012-12-19 23:03 - 00000000 ____D C:\Program Files\SecureBackupShare
2012-12-19 23:03 - 2011-12-15 17:44 - 00066552 ____A (Mozy, Inc.) C:\Windows\System32\Drivers\ComcastSecureBackupShare.sys
2012-12-19 22:52 - 2012-12-19 22:52 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-12-19 22:52 - 2012-12-19 22:52 - 00007466 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-12-19 22:52 - 2012-12-19 22:52 - 00000000 ____D C:\Program Files\Symantec
2012-12-19 22:52 - 2012-12-19 22:52 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-12-19 22:51 - 2012-12-19 22:51 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2012-12-19 22:51 - 2012-12-19 22:51 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite
2012-12-19 22:44 - 2012-12-19 22:44 - 00045880 ____A (Zemana Ltd.) C:\Windows\System32\Drivers\AntiLog64.sys
2012-12-19 22:44 - 2012-12-19 22:44 - 00002269 ____A C:\Users\Public\Desktop\Constant Guard.lnk
2012-12-19 22:44 - 2012-12-19 22:44 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst
2012-12-19 22:44 - 2012-12-19 22:44 - 00000000 ____D C:\Users\JASBY\AppData\Local\Zemana
2012-12-19 22:44 - 2012-12-19 22:44 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2012-12-19 22:44 - 2012-11-08 00:14 - 06137080 ____A (Zemana Ltd.) C:\Windows\SysWOW64\ZALSDKCore.dll
2012-12-19 22:44 - 2012-11-08 00:14 - 00025336 ____A (Zemana Ltd.) C:\Windows\System32\Drivers\KeyCrypt64.sys
2012-12-19 22:40 - 2012-05-31 08:25 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-12-16 21:26 - 2012-12-16 21:26 - 00000000 ____D C:\Program Files\HTC
2012-12-16 21:25 - 2012-12-16 21:25 - 00009340 ____A C:\Windows\DPINST.LOG
2012-12-16 21:22 - 2012-12-16 21:22 - 00000000 ____D C:\Program Files (x86)\HTC
2012-12-16 21:21 - 2012-12-16 21:21 - 00000000 ____D C:\Users\JASBY\AppData\Roaming\InstallShield
2012-12-15 01:46 - 2012-12-15 01:46 - 00000000 ____D C:\Users\JASBY\AppData\Local\Google
2012-12-15 01:36 - 2012-12-15 01:36 - 00000000 ____D C:\Program Files (x86)\WinMend
2012-12-13 20:07 - 2012-12-13 20:07 - 00000000 ____D C:\Program Files (x86)\Pure Networks
2012-12-13 20:04 - 2009-07-07 11:48 - 00035376 ____A (Cisco Systems, Inc.) C:\Windows\System32\Drivers\purendis.sys
2012-12-13 20:04 - 2009-07-07 11:48 - 00033328 ____A (Cisco Systems, Inc.) C:\Windows\System32\Drivers\pnarp.sys
2012-12-12 10:29 - 2012-12-12 10:29 - 00002056 ____A C:\{EF596E34-85B3-49C9-9236-3CC30868D595}
2012-12-12 10:22 - 2012-12-12 10:22 - 00002280 ____A C:\{E2352723-FD65-41CF-888A-929AFA377DD2}
2012-12-11 20:12 - 2012-12-11 20:12 - 00000000 ____D C:\Program Files (x86)\Logitech
2012-12-09 22:18 - 2012-12-09 22:18 - 00002148 ____A C:\Users\Public\Desktop\Razer Game Booster.lnk
2012-12-09 22:17 - 2012-12-09 22:17 - 00000000 ____D C:\Users\All Users\Razer
2012-12-09 22:17 - 2012-12-09 22:17 - 00000000 ____D C:\Program Files (x86)\Razer
2012-12-08 09:43 - 2012-12-08 09:43 - 00006204 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-12-05 22:43 - 2012-12-05 22:43 - 00000000 ____D C:\Users\JASBY\AppData\Local\{4777FF03-DFC8-4A50-B397-5BB428C61D60}
2012-12-05 01:44 - 2012-12-05 01:44 - 00000000 ____D C:\Users\All Users\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2012-12-04 10:43 - 2012-12-04 10:43 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar
2012-12-02 09:00 - 2012-10-24 06:32 - 00035456 ____A (GFI Software) C:\Windows\System32\Drivers\gfiark.sys
2012-11-29 21:46 - 2012-11-29 21:46 - 00001738 ____A C:\Windows\SysWOW64\EmailAVConfig.xml
2012-11-28 20:16 - 2012-12-19 22:46 - 00866164 ____A C:\Windows\PFRO.log
2012-11-28 19:38 - 2012-12-20 00:35 - 00009560 ____A C:\Windows\setupact.log
2012-11-28 19:38 - 2012-11-28 19:38 - 00000000 ____A C:\Windows\setuperr.log
2012-11-28 11:28 - 2012-11-28 11:28 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-28 11:28 - 2012-11-28 11:28 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-28 11:28 - 2012-11-28 11:28 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-28 11:28 - 2012-11-28 11:28 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-28 11:28 - 2012-11-28 11:28 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-28 11:28 - 2012-11-28 11:28 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-28 11:28 - 2012-11-28 11:28 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-28 11:28 - 2012-11-28 11:28 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-28 11:28 - 2012-11-28 11:28 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-28 11:28 - 2012-11-28 11:28 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-28 11:26 - 2012-11-28 11:26 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-28 11:26 - 2012-11-28 11:26 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-28 11:26 - 2012-11-28 11:26 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-28 11:26 - 2012-11-28 11:26 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-28 11:15 - 2012-11-28 11:15 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-28 11:15 - 2012-11-28 11:15 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-28 11:15 - 2012-11-28 11:15 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-28 11:15 - 2012-11-28 11:15 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-28 11:15 - 2012-11-28 11:15 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-28 11:15 - 2012-11-28 11:15 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-28 11:15 - 2012-11-28 11:15 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-28 11:13 - 2012-11-28 11:13 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-28 11:05 - 2012-11-28 11:05 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-28 11:05 - 2012-11-28 11:05 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-28 11:05 - 2012-11-28 11:05 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-28 11:05 - 2012-11-28 11:05 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-28 11:03 - 2012-11-28 11:03 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-28 11:03 - 2012-11-28 11:03 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-28 11:03 - 2012-11-28 11:03 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-28 11:03 - 2012-11-28 11:03 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-28 11:03 - 2012-11-28 11:03 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-28 11:03 - 2012-11-28 11:03 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-28 11:03 - 2012-11-28 11:03 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-28 11:03 - 2012-11-28 11:03 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-28 11:03 - 2012-11-28 11:03 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-28 11:03 - 2012-11-28 11:03 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-28 11:03 - 2012-11-28 11:03 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-28 11:03 - 2012-11-28 11:03 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-27 20:18 - 2012-12-19 21:41 - 00000000 ____D C:\Users\JASBY\AppData\Roaming\LavasoftStatistics
2012-11-27 20:14 - 2012-11-27 20:13 - 00014456 ____A (GFI Software) C:\Windows\System32\Drivers\gfibto.sys
2012-11-27 20:13 - 2012-12-19 21:43 - 00000000 ____D C:\Users\All Users\Search Protection
2012-11-27 19:19 - 2010-06-02 01:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2012-11-27 19:19 - 2010-06-02 01:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2012-11-27 19:19 - 2010-06-02 01:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2012-11-27 19:19 - 2010-06-02 01:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2012-11-27 19:19 - 2010-06-02 01:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2012-11-27 19:19 - 2010-06-02 01:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2012-11-27 19:19 - 2010-05-26 08:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2012-11-27 19:19 - 2010-05-26 08:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2012-11-27 19:19 - 2010-05-26 08:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2012-11-27 19:19 - 2010-05-26 08:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2012-11-27 19:19 - 2010-05-26 08:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2012-11-27 19:19 - 2010-05-26 08:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2012-11-27 19:19 - 2010-05-26 08:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2012-11-27 19:19 - 2010-05-26 08:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2012-11-27 19:19 - 2010-05-26 08:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2012-11-27 19:19 - 2010-05-26 08:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2012-11-27 19:19 - 2010-02-04 07:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2012-11-27 19:19 - 2010-02-04 07:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2012-11-27 19:19 - 2010-02-04 07:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2012-11-27 19:19 - 2010-02-04 07:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2012-11-27 19:19 - 2010-02-04 07:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2012-11-27 19:19 - 2010-02-04 07:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2012-11-27 19:19 - 2010-02-04 07:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2012-11-27 19:19 - 2010-02-04 07:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2012-11-27 19:19 - 2009-09-04 14:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2012-11-27 19:19 - 2009-09-04 14:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2012-11-27 19:19 - 2009-09-04 14:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2012-11-27 19:19 - 2009-09-04 14:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2012-11-27 19:19 - 2009-09-04 14:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2012-11-27 19:19 - 2009-09-04 14:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2012-11-27 19:19 - 2009-09-04 14:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2012-11-27 19:19 - 2009-09-04 14:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2012-11-27 19:19 - 2009-09-04 14:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2012-11-27 19:19 - 2009-09-04 14:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2012-11-27 19:19 - 2009-09-04 14:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2012-11-27 19:19 - 2009-09-04 14:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2012-11-27 19:19 - 2009-03-16 11:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2012-11-27 19:19 - 2009-03-16 11:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2012-11-27 19:19 - 2009-03-16 11:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2012-11-27 19:19 - 2009-03-16 11:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2012-11-27 19:19 - 2009-03-16 11:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2012-11-27 19:19 - 2009-03-16 11:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2012-11-27 19:19 - 2009-03-09 12:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2012-11-27 19:19 - 2009-03-09 12:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2012-11-27 19:19 - 2009-03-09 12:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2012-11-27 19:19 - 2009-03-09 12:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2012-11-27 19:19 - 2008-10-27 07:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2012-11-27 19:19 - 2008-10-27 07:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2012-11-27 19:19 - 2008-10-27 07:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2012-11-27 19:19 - 2008-10-27 07:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2012-11-27 19:19 - 2008-10-27 07:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2012-11-27 19:19 - 2008-10-27 07:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2012-11-27 19:19 - 2008-10-27 07:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2012-11-27 19:19 - 2008-10-27 07:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2012-11-27 19:19 - 2008-10-10 01:52 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2012-11-27 19:19 - 2008-10-10 01:52 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2012-11-27 19:19 - 2008-10-10 01:52 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2012-11-27 19:19 - 2008-10-10 01:52 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2012-11-27 19:19 - 2008-10-10 01:52 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2012-11-27 19:19 - 2008-10-10 01:52 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2012-11-27 19:19 - 2008-07-31 07:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2012-11-27 19:19 - 2008-07-31 07:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2012-11-27 19:19 - 2008-07-31 07:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2012-11-27 19:19 - 2008-07-31 07:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2012-11-27 19:19 - 2008-07-31 07:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2012-11-27 19:19 - 2008-07-31 07:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2012-11-27 19:18 - 2008-07-10 08:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2012-11-27 19:18 - 2008-07-10 08:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2012-11-27 19:18 - 2008-07-10 08:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2012-11-27 19:18 - 2008-07-10 08:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2012-11-27 19:18 - 2008-07-10 08:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2012-11-27 19:18 - 2008-07-10 08:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2012-11-27 19:18 - 2008-05-30 11:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2012-11-27 19:18 - 2008-05-30 11:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2012-11-27 19:18 - 2008-05-30 11:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2012-11-27 19:18 - 2008-05-30 11:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2012-11-27 19:18 - 2008-05-30 11:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2012-11-27 19:18 - 2008-05-30 11:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2012-11-27 19:18 - 2008-05-30 11:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2012-11-27 19:18 - 2008-05-30 11:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2012-11-27 19:18 - 2008-05-30 11:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2012-11-27 19:18 - 2008-05-30 11:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2012-11-27 19:18 - 2008-05-30 11:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2012-11-27 19:18 - 2008-05-30 11:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2012-11-27 19:18 - 2008-05-30 11:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2012-11-27 19:18 - 2008-05-30 11:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2012-11-27 19:18 - 2008-03-05 13:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2012-11-27 19:18 - 2008-03-05 13:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2012-11-27 19:18 - 2008-03-05 13:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2012-11-27 19:18 - 2008-03-05 13:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2012-11-27 19:18 - 2008-03-05 13:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2012-11-27 19:18 - 2008-03-05 13:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2012-11-27 19:18 - 2008-03-05 12:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2012-11-27 19:18 - 2008-03-05 12:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2012-11-27 19:18 - 2008-03-05 12:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2012-11-27 19:18 - 2008-03-05 12:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2012-11-27 19:18 - 2008-02-05 20:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2012-11-27 19:18 - 2008-02-05 20:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2012-11-27 19:18 - 2007-10-22 00:40 - 00411656 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
2012-11-27 19:18 - 2007-10-22 00:39 - 00267272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2012-11-27 19:18 - 2007-10-22 00:37 - 00021000 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
2012-11-27 19:18 - 2007-10-22 00:37 - 00017928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2012-11-27 19:18 - 2007-10-12 12:14 - 05081608 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
2012-11-27 19:18 - 2007-10-12 12:14 - 03734536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2012-11-27 19:18 - 2007-10-12 12:14 - 02006552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
2012-11-27 19:18 - 2007-10-12 12:14 - 01374232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2012-11-27 19:18 - 2007-10-02 06:56 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
2012-11-27 19:18 - 2007-10-02 06:56 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2012-11-27 19:18 - 2007-07-19 21:57 - 00411496 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
2012-11-27 19:18 - 2007-07-19 21:57 - 00267112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2012-11-27 19:18 - 2007-07-19 15:14 - 05073256 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
2012-11-27 19:18 - 2007-07-19 15:14 - 03727720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2012-11-27 19:18 - 2007-07-19 15:14 - 01985904 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
2012-11-27 19:18 - 2007-07-19 15:14 - 01358192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2012-11-27 19:18 - 2007-07-19 15:14 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
2012-11-27 19:18 - 2007-07-19 15:14 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2012-11-27 19:18 - 2007-06-20 17:49 - 00409960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
2012-11-27 19:18 - 2007-06-20 17:46 - 00266088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2012-11-27 19:18 - 2007-05-16 13:45 - 04496232 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
2012-11-27 19:18 - 2007-05-16 13:45 - 03497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2012-11-27 19:18 - 2007-05-16 13:45 - 01401200 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
2012-11-27 19:18 - 2007-05-16 13:45 - 01124720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2012-11-27 19:18 - 2007-05-16 13:45 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
2012-11-27 19:18 - 2007-05-16 13:45 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2012-11-27 19:18 - 2007-04-04 15:55 - 00403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2012-11-27 19:18 - 2007-04-04 15:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2012-11-27 19:18 - 2007-04-04 15:54 - 00107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2012-11-27 19:18 - 2007-04-04 15:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2012-11-27 19:18 - 2007-03-15 13:57 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2012-11-27 19:18 - 2007-03-15 13:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2012-11-27 19:18 - 2007-03-12 13:42 - 04494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2012-11-27 19:18 - 2007-03-12 13:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2012-11-27 19:18 - 2007-03-12 13:42 - 01400176 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2012-11-27 19:18 - 2007-03-12 13:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2012-11-27 19:18 - 2007-01-24 12:27 - 00393576 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
2012-11-27 19:18 - 2007-01-24 12:27 - 00255848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2012-11-27 19:17 - 2007-03-05 09:42 - 00017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2012-11-27 19:17 - 2007-03-05 09:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2012-11-27 19:17 - 2006-12-08 09:02 - 00251672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2012-11-27 19:17 - 2006-12-08 09:00 - 00390424 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
2012-11-27 19:17 - 2006-11-29 10:06 - 00469264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
2012-11-27 19:17 - 2006-11-29 10:06 - 00440080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2012-11-27 19:17 - 2006-09-28 13:05 - 03977496 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
2012-11-27 19:17 - 2006-09-28 13:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2012-11-27 19:17 - 2006-09-28 13:05 - 00237848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2012-11-27 19:17 - 2006-09-28 13:04 - 00364824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
2012-11-27 19:17 - 2006-07-28 06:31 - 00083736 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
2012-11-27 19:17 - 2006-07-28 06:30 - 00363288 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
2012-11-27 19:17 - 2006-07-28 06:30 - 00236824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2012-11-27 19:17 - 2006-07-28 06:30 - 00062744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2012-11-27 19:17 - 2006-05-31 04:24 - 00230168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2012-11-27 19:17 - 2006-05-31 04:22 - 00354072 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
2012-11-27 19:17 - 2006-03-31 09:41 - 03927248 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
2012-11-27 19:17 - 2006-03-31 09:40 - 02388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2012-11-27 19:17 - 2006-03-31 09:40 - 00352464 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
2012-11-27 19:17 - 2006-03-31 09:39 - 00229584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2012-11-27 19:17 - 2006-03-31 09:39 - 00083664 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
2012-11-27 19:17 - 2006-03-31 09:39 - 00062672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2012-11-27 19:17 - 2006-02-03 05:43 - 03830992 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
2012-11-27 19:17 - 2006-02-03 05:43 - 02332368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2012-11-27 19:17 - 2006-02-03 05:42 - 00355536 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
2012-11-27 19:17 - 2006-02-03 05:42 - 00230096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2012-11-27 19:17 - 2006-02-03 05:41 - 00016592 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
2012-11-27 19:17 - 2006-02-03 05:41 - 00014032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2012-11-27 19:17 - 2005-12-05 15:09 - 03815120 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
2012-11-27 19:17 - 2005-12-05 15:09 - 02323664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2012-11-27 19:17 - 2005-07-22 16:59 - 03807440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
2012-11-27 19:17 - 2005-07-22 16:59 - 02319568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2012-11-27 19:17 - 2005-05-26 12:34 - 03767504 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
2012-11-27 19:17 - 2005-05-26 12:34 - 02297552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2012-11-27 19:17 - 2005-03-18 14:19 - 03823312 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
2012-11-27 19:17 - 2005-03-18 14:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2012-11-27 19:17 - 2005-02-05 16:45 - 03544272 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
2012-11-27 19:17 - 2005-02-05 16:45 - 02222800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2012-11-27 19:12 - 2012-11-27 19:20 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-11-27 19:12 - 2012-11-27 19:15 - 00000000 ___HD C:\Windows\msdownld.tmp
2012-11-27 19:11 - 2012-11-27 19:12 - 00000000 ____D C:\Users\JASBY\AppData\Roaming\ts3overlay_hook_win64
2012-11-25 05:15 - 2012-11-25 05:18 - 00000000 ____D C:\Users\JASBY\Desktop\U Can't Touch This Super Freak Under Ice Baby
2012-11-25 01:08 - 2012-11-25 01:08 - 00001297 ____A C:\Users\Public\Desktop\YTD Video Downloader.lnk
2012-11-25 01:08 - 2012-11-25 01:08 - 00000000 ____D C:\Users\All Users\YTD Video Downloader
2012-11-25 01:08 - 2012-11-25 01:08 - 00000000 ____D C:\Program Files (x86)\GreenTree Applications
2012-11-25 00:55 - 2012-11-25 00:55 - 00001998 ____A C:\Users\Public\Desktop\MP3 Rocket 6.2.5.lnk
2012-11-24 22:00 - 2012-11-24 22:00 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2012-11-24 21:09 - 2012-09-19 20:35 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-11-24 21:09 - 2012-09-19 20:35 - 00102368 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-11-24 20:44 - 2012-11-24 20:58 - 00000000 ____D C:\Users\JASBY\Documents\SelfMV
2012-11-24 20:44 - 2012-11-24 20:44 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2012-11-24 20:43 - 2012-11-24 20:43 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2012-11-24 20:30 - 2012-11-24 20:30 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2012-11-24 20:17 - 2012-11-24 22:22 - 00000000 ____D C:\Users\JASBY\AppData\Local\Samsung
2012-11-24 20:17 - 2012-11-24 20:17 - 00000000 ____D C:\Users\JASBY\AppData\Roaming\Samsung
2012-11-24 20:10 - 2011-12-23 17:58 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2012-11-24 20:09 - 2012-11-24 20:09 - 00000000 ____D C:\Program Files (x86)\MarkAny
2012-11-24 20:08 - 2012-11-24 20:12 - 00000000 ____D C:\Program Files (x86)\Samsung
2012-11-24 20:08 - 2012-11-24 20:11 - 00000000 ____D C:\Users\All Users\Samsung

==================== One Month Modified Files and Folders =======

2012-12-20 00:37 - 2012-06-24 18:36 - 00000000 ____D C:\Users\JASBY\AppData\Roaming\ID Vault
2012-12-20 00:37 - 2012-01-08 08:11 - 00196608 ____A C:\Windows\System32\Ikeext.etl
2012-12-20 00:35 - 2012-11-28 19:38 - 00009560 ____A C:\Windows\setupact.log
2012-12-20 00:35 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-20 00:29 - 2011-12-15 17:44 - 00001686 ____A C:\Windows\ComcastSecureBackupShare.blk
2012-12-20 00:29 - 2011-12-15 17:44 - 00001484 ____A C:\Windows\ComcastSecureBackupShare.flt
2012-12-20 00:29 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-20 00:29 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-20 00:04 - 2011-12-13 13:10 - 01688070 ____A C:\Windows\WindowsUpdate.log
2012-12-20 00:02 - 2012-07-16 22:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-19 23:55 - 2009-07-13 21:13 - 00006222 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-19 23:54 - 2012-07-29 22:49 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2029448106-3103183201-1086826423-1000UA.job
2012-12-19 23:54 - 2012-07-29 22:49 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2029448106-3103183201-1086826423-1000Core.job
2012-12-19 23:38 - 2012-12-19 23:38 - 00000000 ____D C:\FRST
2012-12-19 23:10 - 2012-12-19 23:10 - 00002538 ____A C:\Users\JASBY\Desktop\Norton Security Suite.lnk
2012-12-19 23:03 - 2012-12-19 23:03 - 00000000 ____D C:\Program Files\SecureBackupShare
2012-12-19 22:54 - 2012-06-12 19:00 - 00000000 ____D C:\Users\All Users\Norton
2012-12-19 22:52 - 2012-12-19 22:52 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-12-19 22:52 - 2012-12-19 22:52 - 00007466 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-12-19 22:52 - 2012-12-19 22:52 - 00000000 ____D C:\Program Files\Symantec
2012-12-19 22:52 - 2012-12-19 22:52 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-12-19 22:51 - 2012-12-19 22:51 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2012-12-19 22:51 - 2012-12-19 22:51 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite
2012-12-19 22:48 - 2012-08-28 19:28 - 00001366 ____A C:\Users\JASBY\Desktop\Norton Installation Files.lnk
2012-12-19 22:48 - 2012-08-28 19:28 - 00000000 ____D C:\Users\Public\Downloads\Norton
2012-12-19 22:46 - 2012-11-28 20:16 - 00866164 ____A C:\Windows\PFRO.log
2012-12-19 22:44 - 2012-12-19 22:44 - 00045880 ____A (Zemana Ltd.) C:\Windows\System32\Drivers\AntiLog64.sys
2012-12-19 22:44 - 2012-12-19 22:44 - 00002269 ____A C:\Users\Public\Desktop\Constant Guard.lnk
2012-12-19 22:44 - 2012-12-19 22:44 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst
2012-12-19 22:44 - 2012-12-19 22:44 - 00000000 ____D C:\Users\JASBY\AppData\Local\Zemana
2012-12-19 22:44 - 2012-12-19 22:44 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2012-12-19 22:44 - 2012-06-24 18:35 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2012-12-19 22:44 - 2012-01-09 15:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-19 22:14 - 2012-01-09 13:45 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-12-19 22:07 - 2012-01-09 13:44 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-12-19 21:58 - 2010-08-26 18:25 - 00000000 ____D C:\Users\All Users\Symantec
2012-12-19 21:43 - 2012-11-27 20:13 - 00000000 ____D C:\Users\All Users\Search Protection
2012-12-19 21:41 - 2012-11-27 20:18 - 00000000 ____D C:\Users\JASBY\AppData\Roaming\LavasoftStatistics
2012-12-18 12:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-12-16 21:26 - 2012-12-16 21:26 - 00000000 ____D C:\Program Files\HTC
2012-12-16 21:25 - 2012-12-16 21:25 - 00009340 ____A C:\Windows\DPINST.LOG
2012-12-16 21:22 - 2012-12-16 21:22 - 00000000 ____D C:\Program Files (x86)\HTC
2012-12-16 21:22 - 2010-08-26 17:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-12-16 21:21 - 2012-12-16 21:21 - 00000000 ____D C:\Users\JASBY\AppData\Roaming\InstallShield
2012-12-16 02:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2012-12-16 02:46 - 2011-12-13 13:12 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-12-16 02:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-12-16 01:47 - 2009-07-13 20:45 - 00012288 _____ C:\Windows\System32\umstartup.etl
2012-12-16 00:30 - 2011-12-13 13:19 - 00110088 ____A C:\Users\JASBY\AppData\Local\GDIPFONTCACHEV1.DAT
2012-12-15 23:52 - 2012-01-09 13:15 - 00000000 ____D C:\users\UpdatusUser.JASBY-PC
2012-12-15 23:49 - 2011-12-13 13:19 - 00000000 ____D C:\users\JASBY
2012-12-15 01:47 - 2012-03-19 22:52 - 00000000 ____D C:\Program Files (x86)\Google
2012-12-15 01:46 - 2012-12-15 01:46 - 00000000 ____D C:\Users\JASBY\AppData\Local\Google
2012-12-15 01:38 - 2009-07-13 18:34 - 72089600 ____A C:\Windows\System32\config\software.bak
2012-12-15 01:38 - 2009-07-13 18:34 - 20971520 ____A C:\Windows\System32\config\system.bak
2012-12-15 01:38 - 2009-07-13 18:34 - 00401408 ____A C:\Windows\System32\config\default.bak
2012-12-15 01:36 - 2012-12-15 01:36 - 00000000 ____D C:\Program Files (x86)\WinMend
2012-12-13 20:07 - 2012-12-13 20:07 - 00000000 ____D C:\Program Files (x86)\Pure Networks
2012-12-13 20:04 - 2012-01-08 07:53 - 00000000 ____D C:\Users\All Users\Pure Networks
2012-12-13 00:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2012-12-12 23:53 - 2011-04-08 18:52 - 00000000 ____D C:\Users\JASBY\Documents\18 WoS American Long Haul
2012-12-12 23:53 - 2011-04-08 18:04 - 00000000 ____D C:\Users\JASBY\Documents\Drive Green
2012-12-12 23:53 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2012-12-12 22:32 - 2012-09-01 14:13 - 00000000 ____D C:\Users\JASBY\AppData\Local\CrashDumps
2012-12-12 10:29 - 2012-12-12 10:29 - 00002056 ____A C:\{EF596E34-85B3-49C9-9236-3CC30868D595}
2012-12-12 10:22 - 2012-12-12 10:22 - 00002280 ____A C:\{E2352723-FD65-41CF-888A-929AFA377DD2}
2012-12-11 20:23 - 2012-01-09 14:16 - 00000000 ____D C:\Users\JASBY\AppData\Roaming\uTorrent
2012-12-11 20:12 - 2012-12-11 20:12 - 00000000 ____D C:\Program Files (x86)\Logitech
2012-12-11 20:03 - 2012-07-01 02:15 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-11 20:03 - 2012-06-25 19:41 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-09 22:18 - 2012-12-09 22:18 - 00002148 ____A C:\Users\Public\Desktop\Razer Game Booster.lnk
2012-12-09 22:17 - 2012-12-09 22:17 - 00000000 ____D C:\Users\All Users\Razer
2012-12-09 22:17 - 2012-12-09 22:17 - 00000000 ____D C:\Program Files (x86)\Razer
2012-12-08 09:43 - 2012-12-08 09:43 - 00006204 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-12-08 09:34 - 2012-07-02 13:25 - 00001117 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-08 09:34 - 2012-07-02 13:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-06 09:11 - 2012-01-04 18:18 - 00000000 ____D C:\Users\JASBY\AppData\Roaming\Audacity
2012-12-05 22:43 - 2012-12-05 22:43 - 00000000 ____D C:\Users\JASBY\AppData\Local\{4777FF03-DFC8-4A50-B397-5BB428C61D60}
2012-12-05 10:48 - 2012-01-09 14:16 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-12-05 01:44 - 2012-12-05 01:44 - 00000000 ____D C:\Users\All Users\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2012-12-05 01:43 - 2012-01-19 17:59 - 00000000 ____D C:\Program Files (x86)\IObit
2012-12-04 10:43 - 2012-12-04 10:43 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar
2012-12-04 10:43 - 2012-10-20 09:58 - 00000000 ____D C:\Program Files (x86)\Application Updater
2012-12-03 21:00 - 2012-06-24 18:37 - 00000000 ____D C:\Users\JASBY\AppData\Local\ID Vault
2012-12-03 20:58 - 2012-01-09 14:31 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-12-02 17:38 - 2012-01-09 15:13 - 00000000 ____D C:\Users\JASBY\Incomplete
2012-12-02 13:57 - 2012-04-27 09:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-01 20:02 - 2011-04-12 09:27 - 00000000 ____D C:\Users\JASBY\Documents\My PSP8 Files
2012-11-29 21:46 - 2012-11-29 21:46 - 00001738 ____A C:\Windows\SysWOW64\EmailAVConfig.xml
2012-11-28 22:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-11-28 20:17 - 2009-07-13 20:45 - 00418176 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-28 19:38 - 2012-11-28 19:38 - 00000000 ____A C:\Windows\setuperr.log
2012-11-28 11:28 - 2012-11-28 11:28 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-28 11:28 - 2012-11-28 11:28 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-28 11:28 - 2012-11-28 11:28 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-28 11:28 - 2012-11-28 11:28 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-28 11:28 - 2012-11-28 11:28 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-28 11:28 - 2012-11-28 11:28 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-28 11:28 - 2012-11-28 11:28 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-28 11:28 - 2012-11-28 11:28 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-28 11:28 - 2012-11-28 11:28 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-28 11:28 - 2012-11-28 11:28 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-28 11:26 - 2012-11-28 11:26 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-28 11:26 - 2012-11-28 11:26 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-28 11:26 - 2012-11-28 11:26 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-28 11:26 - 2012-11-28 11:26 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-28 11:15 - 2012-11-28 11:15 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-28 11:15 - 2012-11-28 11:15 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-28 11:15 - 2012-11-28 11:15 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-28 11:15 - 2012-11-28 11:15 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-28 11:15 - 2012-11-28 11:15 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-28 11:15 - 2012-11-28 11:15 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-28 11:15 - 2012-11-28 11:15 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-28 11:15 - 2012-11-28 11:15 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-28 11:13 - 2012-11-28 11:13 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-28 11:05 - 2012-11-28 11:05 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-28 11:05 - 2012-11-28 11:05 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-28 11:05 - 2012-11-28 11:05 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-28 11:05 - 2012-11-28 11:05 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-28 11:03 - 2012-11-28 11:03 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-28 11:03 - 2012-11-28 11:03 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-28 11:03 - 2012-11-28 11:03 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-28 11:03 - 2012-11-28 11:03 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-28 11:03 - 2012-11-28 11:03 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-28 11:03 - 2012-11-28 11:03 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-28 11:03 - 2012-11-28 11:03 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-28 11:03 - 2012-11-28 11:03 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-28 11:03 - 2012-11-28 11:03 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-28 11:03 - 2012-11-28 11:03 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-28 11:03 - 2012-11-28 11:03 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-28 11:03 - 2012-11-28 11:03 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-28 10:36 - 2012-01-09 14:00 - 00001242 ____A C:\Users\JASBY\Desktop\DriverMax.lnk
2012-11-27 20:36 - 2012-02-19 22:09 - 00000000 ____D C:\Program Files (x86)\Sony
2012-11-27 20:14 - 2012-10-25 15:48 - 00000000 ____D C:\Users\JASBY\AppData\Local\Downloaded Installations
2012-11-27 20:13 - 2012-11-27 20:14 - 00014456 ____A (GFI Software) C:\Windows\System32\Drivers\gfibto.sys
2012-11-27 19:57 - 2012-04-03 15:36 - 00000000 ____D C:\Users\JASBY\AppData\Roaming\TS3Client
2012-11-27 19:20 - 2012-11-27 19:12 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-11-27 19:15 - 2012-11-27 19:12 - 00000000 ___HD C:\Windows\msdownld.tmp
2012-11-27 19:12 - 2012-11-27 19:11 - 00000000 ____D C:\Users\JASBY\AppData\Roaming\ts3overlay_hook_win64
2012-11-27 10:22 - 2009-07-13 21:08 - 00032578 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-11-25 05:18 - 2012-11-25 05:15 - 00000000 ____D C:\Users\JASBY\Desktop\U Can't Touch This Super Freak Under Ice Baby
2012-11-25 01:50 - 2011-12-13 13:21 - 00000000 ____D C:\Users\JASBY\AppData\Local\VirtualStore
2012-11-25 01:08 - 2012-11-25 01:08 - 00001297 ____A C:\Users\Public\Desktop\YTD Video Downloader.lnk
2012-11-25 01:08 - 2012-11-25 01:08 - 00000000 ____D C:\Users\All Users\YTD Video Downloader
2012-11-25 01:08 - 2012-11-25 01:08 - 00000000 ____D C:\Program Files (x86)\GreenTree Applications
2012-11-25 00:55 - 2012-11-25 00:55 - 00001998 ____A C:\Users\Public\Desktop\MP3 Rocket 6.2.5.lnk
2012-11-25 00:55 - 2012-06-18 07:50 - 00000000 ____D C:\Program Files (x86)\MP3 Rocket
2012-11-25 00:55 - 2012-01-09 14:13 - 00000000 ____D C:\Users\JASBY\AppData\Roaming\MP3Rocket
2012-11-24 22:22 - 2012-11-24 20:17 - 00000000 ____D C:\Users\JASBY\AppData\Local\Samsung
2012-11-24 22:00 - 2012-11-24 22:00 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2012-11-24 20:58 - 2012-11-24 20:44 - 00000000 ____D C:\Users\JASBY\Documents\SelfMV
2012-11-24 20:55 - 2012-01-20 07:39 - 00005632 ____A C:\Users\JASBY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-24 20:44 - 2012-11-24 20:44 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2012-11-24 20:43 - 2012-11-24 20:43 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2012-11-24 20:30 - 2012-11-24 20:30 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2012-11-24 20:17 - 2012-11-24 20:17 - 00000000 ____D C:\Users\JASBY\AppData\Roaming\Samsung
2012-11-24 20:12 - 2012-11-24 20:08 - 00000000 ____D C:\Program Files (x86)\Samsung
2012-11-24 20:11 - 2012-11-24 20:08 - 00000000 ____D C:\Users\All Users\Samsung
2012-11-24 20:09 - 2012-11-24 20:09 - 00000000 ____D C:\Program Files (x86)\MarkAny
2012-11-22 20:56 - 2010-08-26 18:25 - 00000000 ____D C:\Users\All Users\Adobe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-11 20:26:50
Restore point made on: 2012-12-12 23:49:16
Restore point made on: 2012-12-13 00:51:52
Restore point made on: 2012-12-13 20:06:39
Restore point made on: 2012-12-16 21:22:44
Restore point made on: 2012-12-19 21:52:40
Restore point made on: 2012-12-19 21:56:49
Restore point made on: 2012-12-19 22:40:10
Restore point made on: 2012-12-19 23:02:59
Restore point made on: 2012-12-19 23:04:22
Restore point made on: 2012-12-19 23:09:41
Restore point made on: 2012-12-20 00:28:43

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3839.23 MB
Available physical RAM: 3111.22 MB
Total Pagefile: 3837.38 MB
Available Pagefile: 3098.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (Acer) (Fixed) (Total:913.84 GB) (Free:832.92 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:17.58 GB) (Free:3.95 GB) NTFS
3 Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.27 GB) (Free:0 GB) UDF
8 Drive k: (OneTouch4) (Fixed) (Total:465.76 GB) (Free:117.56 GB) NTFS
9 Drive l: () (Removable) (Total:0.48 GB) (Free:0.47 GB) FAT
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
11 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 465 GB 1024 KB
Disk 6 Online 489 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 17 GB 1024 KB
Partition 2 Primary 100 MB 17 GB
Partition 3 Primary 913 GB 17 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 17 GB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Acer NTFS Partition 913 GB Healthy

=========================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 31 KB

==================================================================================

Disk: 5
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K OneTouch4 NTFS Partition 465 GB Healthy

=========================================================

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 488 MB 16 KB

==================================================================================

Disk: 6
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 L FAT Removable 488 MB Healthy

=========================================================

Last Boot: 2012-12-15 04:06

==================== End Of Log =============================

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:18 AM

Posted 20 December 2012 - 05:24 AM

It looks good , there are some orphan entries that we need to remove.

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    start
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat [x]
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [x]
    HKLM-x32\...\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [x]
    HKU\JASBY\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare with Antivirus 2013\ASCTray.exe" /AutoStart [x]
    HKU\JASBY\...\Run: [Start WingMan Profiler] [x]
    2 0080951346212306mcinstcleanup; [x]
    1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]
    end
    

    Now please enter System Recovery Options and select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • Please download AdwCleaner and save it to your desktop.
    • Close all open programs.
    • Double click on AdwCleaner.exe to run it.
    • Click on Delete and confirm the prompt.
    • After it is finished the computer will be restarted. A text file will open after the restart.
    • Please post the content of that log to your reply.
    • A copy of the log will be saved at C:\AdwCleaner[S1].txt.
  • Also tell me how is the system running.


#9 Ernde38

Ernde38
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 20 December 2012 - 11:58 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-12-2012
Ran by SYSTEM at 2012-12-20 23:47:40 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SearchProtection Value deleted successfully.
HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt Value deleted successfully.
HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_ssl_v12 Value deleted successfully.
HKEY_USERS\JASBY\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 5 Value deleted successfully.
HKEY_USERS\JASBY\Software\Microsoft\Windows\CurrentVersion\Run\\Start WingMan Profiler Value deleted successfully.
0080951346212306mcinstcleanup service deleted successfully.
SBRE service deleted successfully.

==== End of Fixlog ====

# AdwCleaner v2.101 - Logfile created 12/20/2012 at 23:51:33
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : JASBY - JTS-PC
# Boot Mode : Normal
# Running from : C:\Users\JASBY\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\ProgramData\search protection
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\JASBY\AppData\LocalLow\Search Settings
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Users\JASBY\AppData\Roaming\Mozilla\Firefox\Profiles\zs6925c1.default\prefs.js

C:\Users\JASBY\AppData\Roaming\Mozilla\Firefox\Profiles\zs6925c1.default\user.js ... Deleted !

[OK] File is clean.

Profile name : default-1339414248216 [Profil par défaut]
File : C:\Users\JASBY\AppData\Roaming\Mozilla\Firefox\Profiles\csuoojd2.default-1339414248216\prefs.js

C:\Users\JASBY\AppData\Roaming\Mozilla\Firefox\Profiles\csuoojd2.default-1339414248216\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4230 octets] - [20/12/2012 23:51:33]

########## EOF - C:\AdwCleaner[S1].txt - [4290 octets] ##########


The system is running great. Occassionally, when I open FireFox, it opens for a brief second, and then it closes, and I have to open it again. Other than that, I'm not seeing any problems.

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:18 AM

Posted 21 December 2012 - 05:49 AM

In case FireFox gives you trouble at any stage you can back up the Bookmarks, uninstall it, remove folders then reinstall it and import the Bookmarks.

It looks good and you are good to go. :thumbup2:

  • Please delete FRST tool as we don't need it any more. Also go to C:\FRST and delete the entire FRST folder.
  • You may delete any tool or log we used from your computer.
  • Remove the old restore points and create a new restore point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Setting a new restore point AFTER cleaning your system will enable your computer to "roll-back" to a clean working state if needed. :
  • Go to Start => Right-click "Computer" and select "Properties".
  • In the left pane select "System Protection".
  • Press "Configure".
  • Select "Delete". Then press "Continue" close and "OK".
  • Select your drive (drive C) and press "Create".
    Fill in a name for the restore point and press "Create".
    After finished press "Close".
Recommendations:
  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.
  • I recommend installing this small application for safe surfing: Javacools© SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
  • Download and install it.
  • Update it manually by clicking on Updates in the left pane and then Check for Updates.
  • Then enable all the protections by clicking on Protection Status on the left pane. Then click on Enable All Protection.
  • The free version doesn't have an automatic update. Update it once in two or three weeks and enable all protection again.
Happy Surfing Ernde38.:)

#11 Ernde38

Ernde38
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 22 December 2012 - 09:39 PM

In case FireFox gives you trouble at any stage you can back up the Bookmarks, uninstall it, remove folders then reinstall it and import the Bookmarks.

It looks good and you are good to go. :thumbup2:

  • Please delete FRST tool as we don't need it any more. Also go to C:\FRST and delete the entire FRST folder.
  • You may delete any tool or log we used from your computer.
  • Remove the old restore points and create a new restore point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Setting a new restore point AFTER cleaning your system will enable your computer to "roll-back" to a clean working state if needed. :
  • Go to Start => Right-click "Computer" and select "Properties".
  • In the left pane select "System Protection".
  • Press "Configure".
  • Select "Delete". Then press "Continue" close and "OK".
  • Select your drive (drive C) and press "Create".
    Fill in a name for the restore point and press "Create".
    After finished press "Close".
Recommendations:
  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.
  • I recommend installing this small application for safe surfing: Javacools© SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
  • Download and install it.
  • Update it manually by clicking on Updates in the left pane and then Check for Updates.
  • Then enable all the protections by clicking on Protection Status on the left pane. Then click on Enable All Protection.
  • The free version doesn't have an automatic update. Update it once in two or three weeks and enable all protection again.
Happy Surfing Ernde38.:)


Thanks for all of your help Farbar! Bleeping Computer is not a part of my bookmarks!

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:18 AM

Posted 23 December 2012 - 04:12 AM

You are most welcome. :)

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users