Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got trojan horse Generic29.AJGE and apparently you guys can fix it


  • This topic is locked This topic is locked
18 replies to this topic

#1 WillyMill

WillyMill

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 29 April 2013 - 04:09 PM

Hey, so I got that trojan horse and AVG can't seem to remove it. Could someone help me out?

 

Thanks a lot!



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:20 AM

Posted 30 April 2013 - 10:24 AM

Hi WillyMill,

 

Welcome to the forum.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 



#3 WillyMill

WillyMill
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 30 April 2013 - 10:58 AM

I ended up downloading a bootable anti-virus and scanning before boot and it removed it.

 

From your own experience, do you think this got rid of everything or I may still have part or the code altered still stored somewhere waiting for an opportunity to attack my system or use it in a bot attack or something?

 

Thanks Just Curious.



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:20 AM

Posted 30 April 2013 - 11:16 AM

Unless I see the logs I requested I can't say something sensible. :)

#5 WillyMill

WillyMill
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 30 April 2013 - 01:40 PM

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-04-2013 01
Ran by Will (administrator) on 30-04-2013 14:30:55
Running from C:\Users\Will\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Zune\ZuneLauncher.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(Box, Inc.) C:\Program Files\Box Sync\BoxSyncHelper.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
() C:\Users\Will\Local Settings\Apps\F.lux\flux.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Pelmorex Media Inc.) C:\Users\Will\AppData\Local\The Weather Network\weathereye.exe
(Box, Inc.) C:\Program Files\Box Sync\BoxSync.exe
() C:\Program Files (x86)\AIO Remote Server 3.3.0\AioServer3.3.0.exe
(Dropbox, Inc.) C:\Users\Will\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\MulWilledia Card Reader(9106)\ShwiconXP9106.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(mIRC Co. Ltd.) C:\Program Files (x86)\mIRC\mirc.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
(Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.Helper.exe
(Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.AutoUpdate.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(GreenTree Applications SRL) C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe
(Farbar) C:\Users\Will\Desktop\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Zune Launcher] "C:\Program Files (x86)\Microsoft Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [fssui] "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun [892416 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [BoxSyncHelper] "C:\Program Files\Box Sync\BoxSyncHelper.exe" [393216 2013-02-21] (Box, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$a9f9078a08c74a496d9548af726f9ca9\n. ATTENTION! ====> ZeroAccess
HKCU\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" [289584 2012-12-30] (BitTorrent, Inc.)
HKCU\...\Run: [Google Update] "C:\Users\Will\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-12-30] (Google Inc.)
HKCU\...\Run: [F.lux] "C:\Users\Will\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-29] ()
HKCU\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19357112 2013-03-07] (Google)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKCU\...\Run: [WeatherEye] C:\Users\Will\AppData\Local\The Weather Network\WeatherEye.exe [310920 2012-08-30] (Pelmorex Media Inc.)
MountPoints2: {31ea4c5d-8f91-11e2-af2c-005056c00008} - K:\CMADownloader.exe
MountPoints2: {cac4f18b-7408-11e2-95eb-005056c00008} - N:\Setup.exe
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\MulWilledia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4394032 2013-03-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [RIM PeerManager] "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe" [4254720 2013-04-18] (Research In Motion Limited)
Startup: C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AioServer3.3.0.exe.lnk
ShortcutTarget: AioServer3.3.0.exe.lnk -> C:\Program Files (x86)\AIO Remote Server 3.3.0\AioServer3.3.0.exe ()
Startup: C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Will\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mIRC.lnk
ShortcutTarget: mIRC.lnk -> C:\Program Files (x86)\mIRC\mirc.exe (mIRC Co. Ltd.)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8777;https=127.0.0.1:8777;
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
PDF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
PDF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
PDF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{219DAB50-0E4E-4836-9D41-EBB781496EC8}: [NameServer]192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1mh8gykc.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Screen Capture Elite - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1mh8gykc.default\Extensions\screencaptureelite@plugin
FF Extension: WOT - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1mh8gykc.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: azhang - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1mh8gykc.default\Extensions\azhang@cloudacl.com.xpi
FF Extension: canitbecheaper - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1mh8gykc.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi
FF Extension: firefox - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1mh8gykc.default\Extensions\firefox@mega.co.nz.xpi
FF Extension: helper - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1mh8gykc.default\Extensions\helper@savefrom.net.xpi
FF Extension: jid1-xUfzOsOFlzSOXg - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1mh8gykc.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
FF Extension: mediahint - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1mh8gykc.default\Extensions\mediahint@jetpack.xpi
FF Extension: personas - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1mh8gykc.default\Extensions\personas@christopher.beard.xpi
FF Extension: SkipScreen - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1mh8gykc.default\Extensions\SkipScreen@SkipScreen.xpi
FF Extension: status4evar - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1mh8gykc.default\Extensions\status4evar@caligonstudios.com.xpi
FF Extension: tineye - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1mh8gykc.default\Extensions\tineye@ideeinc.com.xpi
FF Extension: uss-button - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1mh8gykc.default\Extensions\uss-button@uploadscreenshot.com.xpi
FF Extension: No Name - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1mh8gykc.default\Extensions\{2a43f346-13de-4aad-adeb-00b61e5bcde3}.xpi
FF Extension: No Name - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1mh8gykc.default\Extensions\{36b72fda-9a37-456c-8cc8-cddd4a3fe312}.xpi
FF Extension: No Name - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1mh8gykc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1mh8gykc.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: No Name - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1mh8gykc.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

Chrome:
=======
CHR HomePage: hxxp://www.dell.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Extension: (Google Drive) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0
CHR Extension: (Google Search) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg\1.0.26_0
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.2.0.1_0
CHR Extension: (PlayBook App Manager) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbaalodpmjjhpobkgljnelbpblnikkp\1.9.3_0
CHR Extension: (Gmail) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-02-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [282624 2013-02-19] (AVG Technologies CZ, s.r.o.)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-02-06] (Research In Motion Limited)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2013-02-15] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2013-02-15] (BlueStack Systems, Inc.)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-08] (Nitro PDF Software)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [388096 2013-04-18] (Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1235456 2013-04-18] (Research In Motion Limited)
S3 WMZuneComm; C:\Program Files (x86)\Microsoft Zune\WMZuneComm.exe [306400 2011-08-05] (Microsoft Corporation)
S3 ZuneNetworkSvc; C:\Program Files (x86)\Microsoft Zune\ZuneNss.exe [8277728 2011-08-05] (Microsoft Corporation)
S3 ZuneWlanCfgSvc; C:\Program Files (x86)\Microsoft Zune\ZuneWlanCfgSvc.exe [467680 2011-08-05] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [111040 2007-12-19] (SlySoft, Inc.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-02-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [239416 2013-02-14] (AVG Technologies CZ, s.r.o.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2013-02-15] (BlueStack Systems)
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [14032 2007-02-15] (Elaborate Bytes AG)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2013-01-23] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R3 V0690Vid; C:\Windows\System32\DRIVERS\V0690Vid.sys [393760 2011-07-27] (Creative Technology Ltd.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 ALSysIO; \??\C:\Users\Will\AppData\Local\Temp\ALSysIO64.sys [x]
R1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-04-30 14:30 - 2013-04-30 14:30 - 01711910 ____A (Farbar) C:\Users\Will\Desktop\FRST64.exe
2013-04-29 21:41 - 2004-08-04 00:56 - 00033280 ____A (Microsoft Corporation) C:\rundll32.exe
2013-04-29 17:20 - 2013-04-30 13:39 - 00019344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-29 17:20 - 2013-04-30 13:39 - 00019344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-29 17:20 - 2013-04-29 17:20 - 00000552 ____A C:\Windows\System32\spsys.log
2013-04-29 17:01 - 2013-04-29 17:01 - 00000000 ____D C:\FRST
2013-04-29 16:39 - 2013-04-29 16:39 - 00000000 ____D C:\Users\Will\AppData\Roaming\Malwarebytes
2013-04-29 16:30 - 2013-04-29 16:30 - 00000000 ____D C:\Users\Will\AppData\Roaming\Replay Media Catcher 4
2013-04-28 23:30 - 2013-04-28 23:30 - 00000000 ____D C:\Users\Will\Documents\BLACKBERRY-D152
2013-04-26 13:38 - 2013-04-26 13:38 - 00002533 ____A C:\Users\Will\Desktop\Examen Final.txt
2013-04-24 17:59 - 2013-04-24 17:59 - 00001485 ____A C:\Users\Will\Desktop\More Love and Arabic.m3u
2013-04-24 17:58 - 2013-04-24 17:58 - 00000000 ____D C:\Users\Will\Documents\AnyDVDHD
2013-04-24 17:56 - 2013-04-24 17:59 - 00000048 ___SH C:\Windows\S182DC2D0.tmp
2013-04-24 17:55 - 2013-04-24 17:56 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-04-23 22:06 - 2013-04-23 23:25 - 00000000 ____D C:\Users\Will\AppData\Roaming\Notepad++
2013-04-23 22:06 - 2013-04-23 22:06 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-04-23 22:05 - 2013-04-23 22:05 - 05940700 ____A C:\Users\Will\Downloads\npp.6.3.2.Installer.exe
2013-04-22 23:59 - 2013-04-22 23:57 - 106010153 ____A C:\Users\Will\Desktop\Chabibe - Chromatic.mp4
2013-04-17 23:47 - 2013-04-17 23:47 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-04-17 23:47 - 2013-04-04 05:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-04-17 23:47 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-04-17 23:47 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-04-15 21:29 - 2013-04-15 21:29 - 00000000 ____D C:\Users\Will\Documents\BLACKBERRY-FF7F
2013-04-12 18:31 - 2013-04-12 18:31 - 13475464 ____A (Microsoft Corporation) C:\Users\Will\Downloads\mseinstall.exe
2013-04-12 10:47 - 2013-04-13 00:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-11 10:57 - 2012-12-10 15:48 - 00044544 ____A (Research in Motion Ltd) C:\Windows\System32\Drivers\RimSerial_AMD64.sys
2013-04-10 23:20 - 2013-04-10 23:22 - 00008315 ____A C:\Windows\IE10_main.log
2013-04-10 23:13 - 2013-04-10 23:13 - 00000000 ____D C:\Windows\pss
2013-04-10 22:49 - 2013-04-10 22:49 - 00002947 ____A C:\Windows\IE9_main.log
2013-04-10 22:23 - 2012-12-16 13:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-04-10 22:23 - 2012-12-16 10:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-04-10 22:23 - 2012-12-16 10:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-04-10 22:23 - 2012-12-16 10:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-04-10 22:23 - 2010-09-30 06:41 - 00100864 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-04-10 22:23 - 2010-09-30 02:47 - 00070656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-04-10 22:20 - 2013-03-02 02:04 - 01655656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-10 22:20 - 2013-03-02 01:56 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-10 22:20 - 2013-03-02 01:55 - 01492992 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-10 22:20 - 2013-03-02 01:55 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-10 22:20 - 2013-03-02 01:50 - 09059328 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-10 22:20 - 2013-03-02 01:50 - 00735232 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-10 22:20 - 2013-03-02 01:50 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-10 22:20 - 2013-03-02 01:49 - 12294656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-10 22:20 - 2013-03-02 01:49 - 02458112 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-10 22:20 - 2013-03-02 01:49 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-10 22:20 - 2013-03-02 01:49 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-10 22:20 - 2013-03-02 00:58 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-10 22:20 - 2013-03-02 00:58 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-10 22:20 - 2013-03-02 00:58 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-10 22:20 - 2013-03-02 00:54 - 06032384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-10 22:20 - 2013-03-02 00:54 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-10 22:20 - 2013-03-02 00:54 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-10 22:20 - 2013-03-02 00:53 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-10 22:20 - 2013-03-02 00:52 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-10 22:20 - 2013-03-02 00:52 - 02078208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-10 22:20 - 2013-03-02 00:52 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-10 22:20 - 2013-03-01 23:57 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-10 22:20 - 2013-03-01 23:22 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-10 22:20 - 2013-02-28 23:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-10 22:20 - 2013-02-15 02:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-10 22:20 - 2013-02-15 02:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-10 22:20 - 2013-02-15 02:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-10 22:20 - 2013-02-15 00:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-10 22:20 - 2013-02-15 00:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-10 22:20 - 2013-02-14 23:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-10 22:20 - 2013-02-12 00:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023x.sys
2013-04-10 22:20 - 2013-02-12 00:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb80236.sys
2013-04-10 22:20 - 2013-02-12 00:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-04-10 22:20 - 2012-03-01 02:46 - 00023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2013-04-10 22:20 - 2012-03-01 02:38 - 00220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-04-10 22:20 - 2012-03-01 02:33 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-04-10 22:20 - 2012-03-01 02:28 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2013-04-10 22:20 - 2012-03-01 01:37 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-04-10 22:20 - 2012-03-01 01:33 - 00159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-04-10 22:20 - 2012-03-01 01:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2013-04-10 22:19 - 2013-03-19 02:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-10 22:19 - 2013-03-19 01:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-10 22:19 - 2013-03-19 01:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-10 22:19 - 2013-03-19 01:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-10 22:19 - 2013-03-19 00:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-10 22:19 - 2013-03-18 23:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-05 00:57 - 2013-04-05 00:57 - 00000000 ____D C:\Users\Will\AppData\Roaming\Reallusion
2013-04-03 23:16 - 2013-04-03 23:16 - 00037016 ____A C:\Users\Will\Desktop\Christian!.m3u
2013-04-03 01:40 - 2013-04-24 11:10 - 00000000 ____D C:\Program Files (x86)\AIO Remote Server 3.3.0
2013-04-02 11:30 - 2012-09-12 15:20 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys
2013-03-31 22:59 - 2013-04-02 23:51 - 00001275 ____A C:\Users\Will\Desktop\PlayBook.lnk
2013-03-31 22:59 - 2013-03-31 22:59 - 00001275 ____A C:\Users\Will\Desktop\Z10.lnk

==================== One Month Modified Files and Folders =======

2013-04-30 14:31 - 2012-12-30 13:27 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-30 14:30 - 2013-04-30 14:30 - 01711910 ____A (Farbar) C:\Users\Will\Desktop\FRST64.exe
2013-04-30 14:30 - 2012-12-30 14:05 - 00000000 ____D C:\Users\Will\AppData\Roaming\uTorrent
2013-04-30 14:27 - 2012-12-30 13:16 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-30 14:21 - 2012-12-31 02:11 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-455076798-2003615711-3225100669-1000UA.job
2013-04-30 14:14 - 2012-12-31 02:13 - 00000000 ____D C:\Users\Will\AppData\Roaming\Skype
2013-04-30 13:39 - 2013-04-29 17:20 - 00019344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-30 13:39 - 2013-04-29 17:20 - 00019344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-30 13:03 - 2012-12-30 14:00 - 00000000 ____D C:\Users\Will\AppData\Roaming\vlc
2013-04-30 11:56 - 2012-12-30 14:26 - 00000000 ____D C:\Users\Will\AppData\Roaming\mIRC
2013-04-30 11:54 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\NDF
2013-04-30 11:51 - 2012-12-30 12:41 - 01288559 ____A C:\Windows\WindowsUpdate.log
2013-04-30 11:49 - 2013-02-09 01:45 - 00000000 ____D C:\Users\Will\AppData\Local\Windows Live
2013-04-30 11:34 - 2013-02-21 01:58 - 00033125 ____A C:\Windows\setupact.log
2013-04-30 11:34 - 2013-02-18 17:42 - 00000000 ____D C:\Users\Will\AppData\Roaming\Box Sync
2013-04-30 11:34 - 2013-01-13 23:53 - 00000000 ___SD C:\Users\Will\Desktop\Google Drive
2013-04-30 11:34 - 2012-12-30 16:52 - 00000000 ___RD C:\Users\Will\Desktop\Dropbox
2013-04-30 11:34 - 2012-12-30 16:51 - 00000000 ____D C:\Users\Will\AppData\Roaming\Dropbox
2013-04-30 11:34 - 2012-12-30 14:26 - 00000000 ____D C:\Program Files (x86)\mIRC
2013-04-30 11:34 - 2012-12-30 13:16 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-30 11:34 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-30 00:21 - 2012-12-31 02:11 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-455076798-2003615711-3225100669-1000Core.job
2013-04-29 17:20 - 2013-04-29 17:20 - 00000552 ____A C:\Windows\System32\spsys.log
2013-04-29 17:01 - 2013-04-29 17:01 - 00000000 ____D C:\FRST
2013-04-29 16:57 - 2013-02-24 21:08 - 00003898 ____A C:\Windows\PFRO.log
2013-04-29 16:39 - 2013-04-29 16:39 - 00000000 ____D C:\Users\Will\AppData\Roaming\Malwarebytes
2013-04-29 16:30 - 2013-04-29 16:30 - 00000000 ____D C:\Users\Will\AppData\Roaming\Replay Media Catcher 4
2013-04-29 11:49 - 2013-02-11 01:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-04-28 23:32 - 2013-01-01 05:41 - 00000000 ____D C:\Users\Will\AppData\Local\Research In Motion
2013-04-28 23:30 - 2013-04-28 23:30 - 00000000 ____D C:\Users\Will\Documents\BLACKBERRY-D152
2013-04-27 07:48 - 2013-02-27 17:21 - 00007168 ____A C:\Users\Will\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-27 02:16 - 2013-02-11 01:04 - 00051355 ____A C:\Windows\SysWOW64\muzika.xm
2013-04-26 13:38 - 2013-04-26 13:38 - 00002533 ____A C:\Users\Will\Desktop\Examen Final.txt
2013-04-24 18:01 - 2013-03-05 09:24 - 00000024 ____A C:\Windows\SysWOW64\wan.pcap
2013-04-24 18:00 - 2012-12-30 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-24 17:59 - 2013-04-24 17:59 - 00001485 ____A C:\Users\Will\Desktop\More Love and Arabic.m3u
2013-04-24 17:59 - 2013-04-24 17:56 - 00000048 ___SH C:\Windows\S182DC2D0.tmp
2013-04-24 17:58 - 2013-04-24 17:58 - 00000000 ____D C:\Users\Will\Documents\AnyDVDHD
2013-04-24 17:56 - 2013-04-24 17:55 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-04-24 11:55 - 2013-03-06 12:53 - 00000000 ____A C:\Users\Will\Documents\RIMPTG
2013-04-24 11:10 - 2013-04-03 01:40 - 00000000 ____D C:\Program Files (x86)\AIO Remote Server 3.3.0
2013-04-23 23:25 - 2013-04-23 22:06 - 00000000 ____D C:\Users\Will\AppData\Roaming\Notepad++
2013-04-23 22:06 - 2013-04-23 22:06 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-04-23 22:05 - 2013-04-23 22:05 - 05940700 ____A C:\Users\Will\Downloads\npp.6.3.2.Installer.exe
2013-04-22 23:57 - 2013-04-22 23:59 - 106010153 ____A C:\Users\Will\Desktop\Chabibe - Chromatic.mp4
2013-04-20 14:21 - 2012-12-30 13:17 - 00000000 ____D C:\Users\Will\AppData\Roaming\Mozilla
2013-04-20 00:59 - 2013-02-18 17:42 - 00001523 ____A C:\Users\Will\Desktop\My Box Files.lnk
2013-04-20 00:59 - 2013-02-18 17:41 - 00000000 ____D C:\Program Files\Box Sync
2013-04-20 00:59 - 2013-02-18 17:40 - 00000000 ____D C:\Users\Will\AppData\Local\Box Sync
2013-04-19 01:10 - 2013-02-21 01:59 - 00007620 ____A C:\Users\Will\AppData\Local\Resmon.ResmonCfg
2013-04-17 23:47 - 2013-04-17 23:47 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-04-17 23:47 - 2013-03-06 00:14 - 00000000 ____D C:\Program Files (x86)\Java
2013-04-15 21:29 - 2013-04-15 21:29 - 00000000 ____D C:\Users\Will\Documents\BLACKBERRY-FF7F
2013-04-13 00:32 - 2013-04-12 10:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-12 18:40 - 2013-01-07 20:30 - 00000000 ____D C:\Users\Will\AppData\Roaming\Nitro PDF
2013-04-12 18:31 - 2013-04-12 18:31 - 13475464 ____A (Microsoft Corporation) C:\Users\Will\Downloads\mseinstall.exe
2013-04-11 02:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-04-10 23:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-04-10 23:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-04-10 23:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-04-10 23:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-04-10 23:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-04-10 23:22 - 2013-04-10 23:20 - 00008315 ____A C:\Windows\IE10_main.log
2013-04-10 23:13 - 2013-04-10 23:13 - 00000000 ____D C:\Windows\pss
2013-04-10 22:49 - 2013-04-10 22:49 - 00002947 ____A C:\Windows\IE9_main.log
2013-04-10 22:41 - 2013-02-13 11:38 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-10 22:41 - 2013-01-09 12:32 - 00769594 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-04-10 22:32 - 2012-12-30 13:27 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-04-10 22:32 - 2012-12-30 13:27 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-04-10 22:31 - 2013-01-05 18:05 - 00000000 ___RD C:\Users\Will\Podcasts
2013-04-10 22:30 - 2009-07-14 00:45 - 00293912 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-10 22:30 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-04-06 01:23 - 2013-02-18 17:42 - 00000000 ____D C:\Users\Will\Documents\My Box Files
2013-04-05 13:10 - 2013-01-09 21:36 - 00000000 ____D C:\Users\Will\AppData\Roaming\Audacity
2013-04-05 00:57 - 2013-04-05 00:57 - 00000000 ____D C:\Users\Will\AppData\Roaming\Reallusion
2013-04-04 05:35 - 2013-04-17 23:47 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-04-04 05:30 - 2013-04-17 23:47 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-04-04 05:29 - 2013-04-17 23:47 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-04-03 23:16 - 2013-04-03 23:16 - 00037016 ____A C:\Users\Will\Desktop\Christian!.m3u
2013-04-02 23:51 - 2013-03-31 22:59 - 00001275 ____A C:\Users\Will\Desktop\PlayBook.lnk
2013-04-02 11:30 - 2013-03-17 12:20 - 00000000 ____D C:\Program Files\Windows Live
2013-04-02 11:30 - 2013-02-09 01:45 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-03-31 22:59 - 2013-03-31 22:59 - 00001275 ____A C:\Users\Will\Desktop\Z10.lnk

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-455076798-2003615711-3225100669-1000\$a9f9078a08c74a496d9548af726f9ca9

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$a9f9078a08c74a496d9548af726f9ca9

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-04-24 01:30

==================== End Of Log ============================
 

 

 

ADDITION.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-04-2013 01
Ran by Will at 2013-04-30 14:31:18 Run:
Running from C:\Users\Will\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

µTorrent (Version: 1.8.5)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.7.700.169)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Advanced Audio FX Engine (Version: 1.12.05)
AIO Remote Server 3.3.0
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
AnyDVD
Audacity 2.0.2 (Version: 2.0.2)
AVG 2013 (Version: 13.0.3162)
AVG 2013 (Version: 13.0.3272)
AVG 2013 (Version: 2013.0.3272)
BlackBerry 10 Dev Alpha Simulator (Version: 10.0.0.0)
BlackBerry 10 Native SDK 10.0.9 (Version: 10.0.9.0)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.37)
BlackBerry Device Manager 7.0 (Version: 7.0.0.40)
BlackBerry Link (Version: 1.1.0.33)
BlackBerry Native Plug-in for Microsoft Visual Studio (Version: 0.3.0008)
BlueJ (Version: 3.0.8)
BlueStacks App Player (Version: 0.7.9.860)
BlueStacks Notification Center (Version: 0.7.9.860)
Box Sync (64 bit) (Version: 3.4.20.0)
Broadcom NetXtreme-I Netlink Driver and Management Installer (Version: 14.2.4.1)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (Version: 2012.1219.1520.27485)
CCC Help Czech (Version: 2012.1219.1520.27485)
CCC Help Danish (Version: 2012.1219.1520.27485)
CCC Help Dutch (Version: 2012.1219.1520.27485)
CCC Help English (Version: 2012.1219.1520.27485)
CCC Help Finnish (Version: 2012.1219.1520.27485)
CCC Help French (Version: 2012.1219.1520.27485)
CCC Help German (Version: 2012.1219.1520.27485)
CCC Help Greek (Version: 2012.1219.1520.27485)
CCC Help Hungarian (Version: 2012.1219.1520.27485)
CCC Help Italian (Version: 2012.1219.1520.27485)
CCC Help Japanese (Version: 2012.1219.1520.27485)
CCC Help Korean (Version: 2012.1219.1520.27485)
CCC Help Norwegian (Version: 2012.1219.1520.27485)
CCC Help Polish (Version: 2012.1219.1520.27485)
CCC Help Portuguese (Version: 2012.1219.1520.27485)
CCC Help Russian (Version: 2012.1219.1520.27485)
CCC Help Spanish (Version: 2012.1219.1520.27485)
CCC Help Swedish (Version: 2012.1219.1520.27485)
CCC Help Thai (Version: 2012.1219.1520.27485)
CCC Help Turkish (Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
CCleaner (Version: 3.26)
CloneDVD2
Content Manager Assistant for PlayStation® (Version: 2.00.5976.25)
Creative Live! Cam Socialize HD AF / ZiiCam (VF0690) (1.01.01.00)
Creative Live! Central 3 (Version: 3.00.24)
Creative Software AutoUpdate (Version: 1.41)
Creative System Information (Version: 1.10)
D3DX10 (Version: 15.4.2368.0902)
Defraggler (Version: 2.13)
Dropbox (Version: 1.6.18)
Eraser 6.0.10.2620 (Version: 6.0.2620)
eReg (Version: 1.20.138.34)
erLT (Version: 1.20.0137)
F.lux
Google Chrome (Version: 26.0.1410.64)
Google Drive (Version: 1.8.4357.4863)
Google Talk (remove only)
Google Talk Plugin (Version: 3.18.1.12731)
Google Update Helper (Version: 1.3.21.135)
HL-2270DW (Version: 1.0.7.0)
Intel® Management Engine Components (Version: 7.0.0.1118)
Intel® Rapid Storage Technology (Version: 10.0.0.1046)
Java 7 Update 10 (64-bit) (Version: 7.0.100)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Java SE Development Kit 7 Update 10 (64-bit) (Version: 1.7.0.100)
Junk Mail filter update (Version: 16.4.3505.0912)
Logitech SetPoint 6.51 (Version: 6.51.8)
Magic ISO Maker v5.5 (build 0272)
Magic ISO Maker v5.5 (build 0281)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
mIRC (Version: 7.1)
Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
Multimedia Card Reader (Version: 1.7.915.93)
Nitro Pro 7 (Version: 7.5.0.15)
Notepad++ (Version: 6.3.2)
PowerISO
Realtek High Definition Audio Driver (Version: 6.0.1.6141)
Skype™ 6.3 (Version: 6.3.105)
Splashtop Software Updater (Version: 1.5.6.10)
Splashtop Streamer (Version: 2.2.5.1)
Steam (Version: 1.0.0.0)
The Weather Network (Version: 6.0.1.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.5 (Version: 2.0.5)
VMware Player (Version: 5.0.1)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Mail (Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Windows Live Writer (Version: 16.4.3505.0912)
Windows Live Writer Resources (Version: 16.4.3505.0912)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
YTD Video Downloader 4.0 (Version: 4.0)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

==================== Restore Points  =========================

20-04-2013 04:59:16 Installed Box Sync (64 bit)
24-04-2013 21:55:19 Install CloneDVD2
24-04-2013 21:55:58 Install AnyDVD
26-04-2013 13:24:59 Installed BlackBerry Link.
29-04-2013 21:21:10 Windows Update
29-04-2013 22:00:26 Windows Anytime Upgrade
30-04-2013 05:00:33 Windows Update

==================== Faulty Device Manager Devices =============

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/30/2013 11:34:11 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/30/2013 11:34:08 AM) (Source: vmauthd) (User: )
Description: 2013-04-30T11:34:08.632-04:00| vthread-4| E105: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (04/30/2013 11:34:01 AM) (Source: vmauthd) (User: )
Description: 2013-04-30T11:34:01.877-04:00| vthread-4| E105: RegQueryValueEx returned 2, err = 2

Error: (04/30/2013 01:14:32 AM) (Source: vmauthd) (User: )
Description: 2013-04-30T01:14:32.840-04:00| vthread-4| E105: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (04/30/2013 01:14:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/30/2013 01:14:27 AM) (Source: vmauthd) (User: )
Description: 2013-04-30T01:14:27.536-04:00| vthread-4| E105: RegQueryValueEx returned 2, err = 2

Error: (04/30/2013 01:01:24 AM) (Source: MsiInstaller) (User: Will-PC)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {03329364-ED3E-3EF1-ACB0-C1E9F5282929}

Error: (04/29/2013 09:27:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2013 09:27:34 PM) (Source: vmauthd) (User: )
Description: 2013-04-29T21:27:34.507-04:00| vthread-4| E105: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (04/29/2013 09:27:27 PM) (Source: vmauthd) (User: )
Description: 2013-04-29T21:27:27.892-04:00| vthread-4| E105: RegQueryValueEx returned 2, err = 2


System errors:
=============
Error: (04/30/2013 01:55:53 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 1203.

Error: (04/30/2013 01:54:53 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 1203.

Error: (04/30/2013 11:55:57 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (04/30/2013 11:55:57 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (04/30/2013 11:54:33 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 1203.

Error: (04/30/2013 11:54:20 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (04/30/2013 11:54:20 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (04/30/2013 11:36:50 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80071a90: Update for Windows 7 for x64-based Systems (KB2799926).

Error: (04/30/2013 11:36:50 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80071a90: Update for Windows 7 for x64-based Systems (KB982018).

Error: (04/30/2013 11:36:50 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80071a90: Security Update for Windows 7 for x64-based Systems (KB2532531).


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 8174.45 MB
Available physical RAM: 3722.46 MB
Total Pagefile: 12268.63 MB
Available Pagefile: 6862.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:68.85 GB) NTFS (Disk=0 Partition=2)
Drive d: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.64 GB) NTFS (Disk=1 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:919.22 GB) (Free:498.77 GB) NTFS (Disk=1 Partition=3)

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          111 GB      0 B         
  Disk 1    Online          931 GB      0 B         
  Disk 2    No Media           0 B      0 B         
  Disk 3    No Media           0 B      0 B         
  Disk 4    No Media           0 B      0 B         
  Disk 5    No Media           0 B      0 B         

Partitions of Disk 0:
===============

Disk ID: 203D854D

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            100 MB  1024 KB
  Partition 2    Primary            111 GB   101 MB

==================================================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1         System Rese  NTFS   Partition    100 MB  Healthy    System (partition with boot components)  

=========================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C                NTFS   Partition    111 GB  Healthy    Boot    

=========================================================

Partitions of Disk 1:
===============

Disk ID: 77E3ED41

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    OEM                 39 MB    31 KB
  Partition 2    Primary             12 GB    40 MB
  Partition 3    Primary            919 GB    12 GB

==================================================================================

Disk: 1
Partition 1
Type  : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 1
Partition 2
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     D   RECOVERY     NTFS   Partition     12 GB  Healthy            

=========================================================

Disk: 1
Partition 3
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     E                NTFS   Partition    919 GB  Healthy    Pagefile

=========================================================
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 203D854D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

====================================================================
Disk: 1 (Size: 932 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919 GB) - (Type=07 NTFS)
 



#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:20 AM

Posted 30 April 2013 - 02:03 PM

Duplicate post.


Edited by Farbar, 30 April 2013 - 02:04 PM.


#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:20 AM

Posted 30 April 2013 - 02:03 PM

The system is not clean yet and we need to disinfect it properly.

 

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Attached Files


Edited by Farbar, 30 April 2013 - 02:05 PM.


#8 WillyMill

WillyMill
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 30 April 2013 - 02:10 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-04-2013 01
Ran by Will at 2013-04-30 15:09:02 Run:2
Running from C:\Users\Will\Desktop
Boot Mode: Normal
==============================================

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => Value deleted successfully.
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => Not found.
C:\rundll32.exe => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-455076798-2003615711-3225100669-1000\$a9f9078a08c74a496d9548af726f9ca9 => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$a9f9078a08c74a496d9548af726f9ca9 => Moved successfully.

==== End of Fixlog ====

 

 

 

It says moved, but where did it move both files?



#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:20 AM

Posted 30 April 2013 - 02:48 PM

It says moved, but where did it move both files?

They are move to quatantine folder of FRST, we will remove them at the end.

 

Open your Malwarebytes' Anti-Malware.

  • First update it, to do that under the Update tab press "Check for Updates".
  • Under Scanner tab select "Perform Quick Scan", then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

 



#10 WillyMill

WillyMill
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 30 April 2013 - 02:50 PM

I'll be back later. Got uni classes (programming).

 

Thanks for your help until now!


Edited by WillyMill, 30 April 2013 - 02:50 PM.


#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:20 AM

Posted 30 April 2013 - 02:58 PM

Thanks for letting me know. Please take your time and post the log when ready.



#12 WillyMill

WillyMill
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 30 April 2013 - 09:13 PM

Here is the log of Malwarebytes.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.30.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Will :: WILL-PC [administrator]

30/04/2013 10:11:16 PM
mbam-log-2013-04-30 (22-11-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214136
Time elapsed: 1 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:20 AM

Posted 01 May 2013 - 05:16 AM

  • You have the latest version of Java (Java 7 Update 21) and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
    Please uninstall the following:

    Java 7 Update 10 (64-bit)   

  • Run CCleaner (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked except for saved passwords. Under System check Empty Recycle Bin and Temporary Files.
    Under Application tab all the boxes should be checked except any option to remove saved passwords. 

  • I see internet explorer is set to use a proxy:
     

    ProxyServer: http=127.0.0.1:8777;https=127.0.0.1:8777;

    Please tell me if this is something you have deliberately set yourself.



#14 WillyMill

WillyMill
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 03 May 2013 - 01:25 PM

Sorry for the late reply.

 

I cleaned it but I did not set the proxy. I don't use Internet Explorer anyways and when I look in my internet explorer settings, nothing is set, so I don't know how it was set...



#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:20 AM

Posted 03 May 2013 - 03:01 PM

So e\we remove the proxy settings on Internet Explorer and remove those file that we moved to quarantine.

 

Please download Attached File  fixlist.txt   232bytes   10 downloads
Save it to the same directory where FRST is located.

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users