Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.0Access


  • This topic is locked This topic is locked
23 replies to this topic

#1 habs1998

habs1998

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:upstate ny
  • Local time:12:44 AM

Posted 23 May 2013 - 10:02 AM

(Windows 7, Internet Explorer 10)

My mother's computer kept locking up and the zoom level was either 99% or 149%, and when trying to change it back to normal settings it would go back to 99/149%. When it locks up a hand icon would come up to allow the screen to be moved up/down but that's it.

 

I used AVG Virus/Anti-root, Malwarebytes, Spybot, TDSSKiller, & SuperAntiSpyware and got this:

Files Detected: 1
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir (Rootkit.0Access) -> Quarantined and deleted successfully.

 

It ran fine for about a day, but now it's locked up again.  So I ran all the anti-ware stuff again in safe=mode & nothing came up. But it still is locking up.
 

 



BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:01:44 AM

Posted 25 May 2013 - 03:34 PM

HI habs1998,
 
:welcome: to Bleeping Computer.
My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.
Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code or quote boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

In the upper right hand corner of the topic you will see the Follow This Topic button. Click on this then choose Receive Notification Immediately and then click Follow This Topic and you will be sent an email once I have posted a response and make the cleaning process faster.
 

Note to others: The instructions here are intended for the person who began this topic.  If you need help, please create your own topic in the appropriate forum.

 

 

It appears Combofix has been run in the past.  Please post the latest Combofix log, it should be located at C:\Combofix.txt


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:01:44 AM

Posted 29 May 2013 - 04:31 PM

Hi habs1998,
 
It has been four days since my last post. Do you still need help?
 
If you do, please follow my previous instructions. :thumbup2:


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#4 habs1998

habs1998
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:upstate ny
  • Local time:12:44 AM

Posted 31 May 2013 - 02:15 AM

Yes. I'm sorry, I was away for a while.....what can I do, going forward?



#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:01:44 AM

Posted 31 May 2013 - 11:43 AM

It appears Combofix has been run in the past.  Please post the latest Combofix log, it should be located at C:\Combofix.txt


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 habs1998

habs1998
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:upstate ny
  • Local time:12:44 AM

Posted 02 June 2013 - 03:26 PM

ComboFix 12-03-28.01 - Jane 04/02/2012  14:07:23.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3836.3205 [GMT -4:00]
Running from: c:\users\Jane\Desktop\Spyware\Combo.exe
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Jane\Desktop\System Check.lnk
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\svchost.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-03-02 to 2012-04-02  )))))))))))))))))))))))))))))))
.
.
2012-03-26 17:56 . 2012-03-26 17:56 361472 ---ha-w- c:\programdata\wjuywwPXUIoj7h.exe
2012-03-26 16:28 . 2012-03-26 16:28 455680 ---ha-w- c:\programdata\KvAvALPQoU.exe
2012-03-26 16:24 . 2012-03-26 16:24 455680 ---ha-w- c:\programdata\NpPsmUnXNYwov.exe
2012-03-25 17:51 . 2012-03-25 19:11 -------- d--h--w- c:\users\Jane\AppData\Roaming\Gyeqhu
2012-03-25 17:51 . 2012-03-25 18:13 -------- d--h--w- c:\users\Jane\AppData\Roaming\Syem
2012-03-22 14:33 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-22 14:32 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-22 14:32 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-19 16:22 . 2012-03-19 16:22 -------- d--h--w- c:\windows\Sun
2012-03-19 14:24 . 2012-03-19 14:24 5120 ---ha-w- c:\programdata\Microsoft\Windows\DRM\CC.tmp
2012-03-19 14:24 . 2012-03-19 14:24 5120 ---ha-w- c:\programdata\Microsoft\Windows\DRM\CB.tmp
2012-03-13 22:57 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 22:57 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 22:57 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 22:57 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 22:57 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 22:57 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 22:57 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-15 00:18 . 2011-04-26 18:25 737072 ---ha-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-01-04 10:44 . 2012-02-16 18:53 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 18:53 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-13 17:00 1869152 ---ha-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2011-04-24 98488]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-13 982880]
"NpPsmUnXNYwov.exe"="c:\programdata\NpPsmUnXNYwov.exe" [2012-03-26 455680]
"KvAvALPQoU.exe"="c:\programdata\KvAvALPQoU.exe" [2012-03-26 455680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-11 163040]
"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-07-21 18240]
"STToasterLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe" [2010-08-11 120032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2011-04-24 02:17 147640 ---ha-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli FAPassSync
Security Packages REG_MULTI_SZ   kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DellOSDservice;DellOSDservice;c:\program files\Dell\OSD\DellOSDservice.exe [2010-07-06 7168]
R2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-04-24 2412728]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-13 918880]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-05-30 1025352]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 nuviocir;Nuvoton W836x7HG CIR Device Driver;c:\windows\system32\DRIVERS\nuviocir_win7_x64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79aa2def-2714-11e0-8969-842b2b8155b5}]
\shell\AutoRun\command - F:\StartClickFreeBackup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
2012-03-26 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 68.237.161.12 71.250.0.12 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-FAStartup - (no file)
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-236001926-1612772438-3418181138-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-236001926-1612772438-3418181138-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-04-02  14:25:37 - machine was rebooted
ComboFix-quarantined-files.txt  2012-04-02 18:25
.
Pre-Run: 421,903,417,344 bytes free
Post-Run: 423,320,764,416 bytes free
.
- - End Of File - - B64D87C05E1709845D94D1AD5EA7FEA1


#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:01:44 AM

Posted 02 June 2013 - 07:51 PM

Please download a NEW version of Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:01:44 AM

Posted 06 June 2013 - 02:59 PM

habs1998,
 
It has been four days since my last post. Do you still need help?
 
If you do, please follow my previous instructions. :thumbup2:


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 habs1998

habs1998
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:upstate ny
  • Local time:12:44 AM

Posted 08 June 2013 - 07:29 PM

My apologies for taking so long....its my mothers computer and i'm not around very much to take care of it there...

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.06.08.06
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jane :: JANE-PC [administrator]
 
6/8/2013 6:44:17 PM
mbam-log-2013-06-08 (18-44-17).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 544231
Time elapsed: 1 hour(s), 35 minute(s), 4 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

 

Ran Chameleon as well and nothing came from that either.



#10 habs1998

habs1998
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:upstate ny
  • Local time:12:44 AM

Posted 08 June 2013 - 07:36 PM

Using Chameleon:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.06.08.06
 
Windows 7 Service Pack 1 x64 FAT
Internet Explorer 9.0.8112.16421
Jane :: JANE-PC [administrator]
 
6/8/2013 8:29:57 PM
mbam-log-2013-06-08 (20-29-57).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237950
Time elapsed: 4 minute(s), 43 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:01:44 AM

Posted 10 June 2013 - 12:49 PM

How is the computer running now?  Please be as descriptive as possible.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 habs1998

habs1998
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:upstate ny
  • Local time:12:44 AM

Posted 11 June 2013 - 02:55 AM

Still the same.  Nothng has changed. 

- Go onto IE and when you try to access a link it instantly locks up to where a hand icon would come up to allow the screen to be moved up/down the computer screen, but that's it.

 

- Also, when entering IE, the screen percentage is at 99%. when trying to go to 100%, it reverts to 99%. When trying to go to 150% it reverts to 149%. 



#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:01:44 AM

Posted 11 June 2013 - 12:20 PM

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:01:44 AM

Posted 14 June 2013 - 10:15 AM

habs1998,
 
It has been three days since my last post. Do you still need help?
 
If you do, please follow my previous instructions. :thumbup2:
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#15 habs1998

habs1998
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:upstate ny
  • Local time:12:44 AM

Posted 16 June 2013 - 09:16 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013 
Ran by Jane (administrator) on 16-06-2013 10:13:16
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
MountPoints2: {79aa2def-2714-11e0-8969-842b2b8155b5} - F:\StartClickFreeBackup.exe
HKLM-x32\...\Run: [FAStartup]  [x]
HKLM-x32\...\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [98488 2011-04-23] (Sensible Vision )
HKU\Administrator\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2013-04-30] (SUPERAntiSpyware.com)
Lsa: [Notification Packages] scecli FAPassSync
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
HKCU SearchScopes: DefaultScope {6F693B5F-8EB1-4B2F-B112-D4DC86F625F2} URL = 
SearchScopes: HKCU - {6F693B5F-8EB1-4B2F-B112-D4DC86F625F2} URL = 
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Face recognition web login for FastAccess - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Face recognition web login for FastAccess - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} http://zone.msn.com/bingame/rock/default/popcaploader1.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Jane\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files (x86)\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files (x86)\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files (x86)\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
 
==================== Services (Whitelisted) =================
 
R2 avgfws; C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2321560 2012-12-05] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
R2 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [10224 2009-06-23] (Sonic Solutions)
S3 hitmanpro35; C:\Windows\system32\drivers\hitmanpro36.sys [30496 2012-06-19] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 Cdr4_2K; No ImagePath
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-06-15 19:01 - 2013-06-15 19:01 - 00000000 ____D C:\FRST
2013-06-15 17:41 - 2013-06-15 17:41 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-15 17:39 - 2013-06-15 17:39 - 00003635 ____A C:\AdwCleaner[S1].txt
2013-06-15 17:38 - 2013-06-15 17:38 - 00003516 ____A C:\AdwCleaner[R1].txt
2013-06-13 10:32 - 2013-06-13 10:32 - 03186233 ____A C:\Users\Jane\Downloads\Outlook (7).zip
2013-06-12 19:39 - 2013-05-16 23:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 19:39 - 2013-05-16 23:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 19:39 - 2013-05-16 22:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-12 19:39 - 2013-05-16 22:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 19:39 - 2013-05-16 22:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 19:39 - 2013-05-16 22:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 19:39 - 2013-05-16 18:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 19:39 - 2013-05-16 18:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-12 19:39 - 2013-05-16 18:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-12 19:39 - 2013-05-16 18:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-12 19:39 - 2013-05-16 18:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-12 19:39 - 2013-05-16 18:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 19:39 - 2013-05-16 18:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 19:38 - 2013-05-17 00:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 19:38 - 2013-05-16 23:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 19:38 - 2013-05-16 23:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 19:38 - 2013-05-16 23:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 19:38 - 2013-05-16 23:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 19:38 - 2013-05-16 22:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 19:38 - 2013-05-16 22:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-12 19:38 - 2013-05-16 22:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 19:38 - 2013-05-16 22:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 19:38 - 2013-05-16 22:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 19:38 - 2013-05-16 19:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 19:38 - 2013-05-16 18:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 19:38 - 2013-05-16 18:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 19:38 - 2013-05-16 18:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 19:38 - 2013-05-16 18:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-12 19:38 - 2013-05-16 18:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 19:38 - 2013-05-16 18:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 19:38 - 2013-05-16 18:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 19:38 - 2013-05-16 18:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 17:42 - 2013-05-13 01:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 17:42 - 2013-05-13 01:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 17:42 - 2013-05-13 01:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 17:42 - 2013-05-13 01:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 17:42 - 2013-05-13 00:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 17:42 - 2013-05-13 00:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 17:42 - 2013-05-13 00:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 17:42 - 2013-05-12 23:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 17:42 - 2013-05-12 23:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 17:42 - 2013-05-12 23:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 17:42 - 2013-05-10 01:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 17:42 - 2013-05-09 23:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 17:42 - 2013-05-08 02:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 17:42 - 2013-04-26 01:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 17:42 - 2013-04-26 00:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 17:42 - 2013-04-25 19:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 17:42 - 2013-04-17 03:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 17:42 - 2013-04-17 02:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 17:42 - 2013-03-31 18:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-10 13:35 - 2013-06-15 17:30 - 00000000 ____D C:\JRT
2013-06-10 13:35 - 2013-06-10 13:35 - 00000000 ____D C:\Windows\ERUNT
2013-06-08 18:40 - 2013-06-08 18:40 - 00000000 ____D C:\Program Files (x86)\M-A-M
2013-06-08 10:55 - 2013-06-08 10:55 - 00276197 ____A C:\Users\Jane\Downloads\Outlook (6).zip
2013-06-08 10:55 - 2013-06-08 10:55 - 00276197 ____A C:\Users\Jane\Downloads\Outlook (5).zip
2013-06-08 10:55 - 2013-06-08 10:55 - 00276197 ____A C:\Users\Jane\Downloads\Outlook (4).zip
2013-06-08 10:55 - 2013-06-08 10:55 - 00276197 ____A C:\Users\Jane\Downloads\Outlook (3).zip
2013-06-08 10:54 - 2013-06-08 10:54 - 00270970 ____A C:\Users\Jane\Downloads\Outlook (2).zip
2013-06-08 10:53 - 2013-06-08 10:53 - 00249327 ____A C:\Users\Jane\Downloads\Outlook.zip
2013-06-08 10:53 - 2013-06-08 10:53 - 00249327 ____A C:\Users\Jane\Downloads\Outlook (1).zip
2013-06-08 10:49 - 2013-06-08 10:49 - 03186111 ____A C:\Users\Jane\Downloads\IMG_0129.MOV
2013-05-29 19:54 - 2013-05-29 19:54 - 00000122 ____A C:\Users\Jane\Desktop\Home - NewsChannel 9 WSYR.url
2013-05-17 17:28 - 2013-05-17 17:28 - 00000000 ____D C:\Users\Jane\AppData\Local\Dell Edoc Viewer
 
==================== One Month Modified Files and Folders =======
 
2013-06-16 10:11 - 2009-07-14 00:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-16 10:11 - 2009-07-14 00:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-16 10:09 - 2009-07-14 01:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-16 10:08 - 2010-12-30 14:26 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2013-06-16 10:05 - 2010-12-25 12:32 - 00000000 ____D C:\Users\Jane\AppData\Local\SoftThinks
2013-06-16 10:04 - 2013-05-11 12:46 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-16 10:04 - 2013-05-11 12:25 - 00007000 ____A C:\Windows\setupact.log
2013-06-16 10:04 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-15 22:09 - 2009-07-14 01:10 - 02079560 ____A C:\Windows\WindowsUpdate.log
2013-06-15 21:17 - 2012-04-04 12:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-15 20:51 - 2013-05-11 12:46 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-15 20:36 - 2010-11-02 12:49 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-06-15 19:01 - 2013-06-15 19:01 - 00000000 ____D C:\FRST
2013-06-15 18:25 - 2010-12-25 12:32 - 00000000 ____D C:\users\Jane
2013-06-15 17:41 - 2013-06-15 17:41 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-15 17:39 - 2013-06-15 17:39 - 00003635 ____A C:\AdwCleaner[S1].txt
2013-06-15 17:38 - 2013-06-15 17:38 - 00003516 ____A C:\AdwCleaner[R1].txt
2013-06-15 17:30 - 2013-06-10 13:35 - 00000000 ____D C:\JRT
2013-06-13 10:32 - 2013-06-13 10:32 - 03186233 ____A C:\Users\Jane\Downloads\Outlook (7).zip
2013-06-12 19:37 - 2010-12-28 09:50 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 11:17 - 2012-04-04 12:52 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 11:17 - 2011-11-09 17:09 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-10 13:35 - 2013-06-10 13:35 - 00000000 ____D C:\Windows\ERUNT
2013-06-08 18:40 - 2013-06-08 18:40 - 00000000 ____D C:\Program Files (x86)\M-A-M
2013-06-08 12:58 - 2011-05-09 11:33 - 00000022 ____A C:\Users\Jane\Downloads\baseball schedule.zip
2013-06-08 10:55 - 2013-06-08 10:55 - 00276197 ____A C:\Users\Jane\Downloads\Outlook (6).zip
2013-06-08 10:55 - 2013-06-08 10:55 - 00276197 ____A C:\Users\Jane\Downloads\Outlook (5).zip
2013-06-08 10:55 - 2013-06-08 10:55 - 00276197 ____A C:\Users\Jane\Downloads\Outlook (4).zip
2013-06-08 10:55 - 2013-06-08 10:55 - 00276197 ____A C:\Users\Jane\Downloads\Outlook (3).zip
2013-06-08 10:54 - 2013-06-08 10:54 - 00270970 ____A C:\Users\Jane\Downloads\Outlook (2).zip
2013-06-08 10:53 - 2013-06-08 10:53 - 00249327 ____A C:\Users\Jane\Downloads\Outlook.zip
2013-06-08 10:53 - 2013-06-08 10:53 - 00249327 ____A C:\Users\Jane\Downloads\Outlook (1).zip
2013-06-08 10:49 - 2013-06-08 10:49 - 03186111 ____A C:\Users\Jane\Downloads\IMG_0129.MOV
2013-06-07 14:55 - 2013-05-11 12:47 - 00002145 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-05 15:42 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-06-02 16:20 - 2009-07-14 01:08 - 00032528 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-29 19:54 - 2013-05-29 19:54 - 00000122 ____A C:\Users\Jane\Desktop\Home - NewsChannel 9 WSYR.url
2013-05-17 17:28 - 2013-05-17 17:28 - 00000000 ____D C:\Users\Jane\AppData\Local\Dell Edoc Viewer
2013-05-17 00:05 - 2013-06-12 19:38 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-06-12 18:02
 
==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-06-2013 
Ran by Jane at 2013-06-16 10:14:08 Run:
Running from G:\
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
Accidental Damage Services Agreement (Version: 2.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.7) (Version: 10.1.7)
ATI Catalyst Control Center (Version: 2.010.0619.2308)
ATI Catalyst Install Manager (Version: 3.0.812.0)
AVG 2012 (Version: 12.0.3199)
AVG 2012 (Version: 12.1.2242)
AVG 2012 (Version: 2012.1.2242)
AVG PC Tuneup (Version: 10.0.0.27)
Bing Maps 3D (Version: 4.0.903.16005)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.0619.2309.39726)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0619.2309.39726)
Catalyst Control Center InstallProxy (Version: 2010.0619.2309.39726)
Catalyst Control Center Localization All (Version: 2010.0619.2309.39726)
CCC Help Chinese Standard (Version: 2010.0619.2308.39726)
CCC Help Chinese Traditional (Version: 2010.0619.2308.39726)
CCC Help Czech (Version: 2010.0619.2308.39726)
CCC Help Danish (Version: 2010.0619.2308.39726)
CCC Help Dutch (Version: 2010.0619.2308.39726)
CCC Help English (Version: 2010.0619.2308.39726)
CCC Help Finnish (Version: 2010.0619.2308.39726)
CCC Help French (Version: 2010.0619.2308.39726)
CCC Help German (Version: 2010.0619.2308.39726)
CCC Help Greek (Version: 2010.0619.2308.39726)
CCC Help Hungarian (Version: 2010.0619.2308.39726)
CCC Help Italian (Version: 2010.0619.2308.39726)
CCC Help Japanese (Version: 2010.0619.2308.39726)
CCC Help Korean (Version: 2010.0619.2308.39726)
CCC Help Norwegian (Version: 2010.0619.2308.39726)
CCC Help Polish (Version: 2010.0619.2308.39726)
CCC Help Portuguese (Version: 2010.0619.2308.39726)
CCC Help Russian (Version: 2010.0619.2308.39726)
CCC Help Spanish (Version: 2010.0619.2308.39726)
CCC Help Swedish (Version: 2010.0619.2308.39726)
CCC Help Thai (Version: 2010.0619.2308.39726)
CCC Help Turkish (Version: 2010.0619.2308.39726)
ccc-core-static (Version: 2010.0619.2309.39726)
ccc-utility64 (Version: 2010.0619.2309.39726)
CCleaner (Version: 3.17)
CIR Tool Kit (Version: 2.2.2010.714)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Coupon Printer for Windows (Version: 5.0.0.3)
CyberLink YouPaint (Version: 1.2.1721)
D3DX10 (Version: 15.4.2368.0902)
Dell DataSafe Local Backup - Support Software
Dell DataSafe Local Backup (Version: 9.4.47)
Dell DataSafe Online (Version: 1.2.0011)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell MusicStage (Version: 1.5.402.0)
Dell PhotoStage (Version: 1.5.0.130)
Dell PhotoStage (Version: 1.5.0.19)
Dell Stage (Version: 1.4.173.0)
Dell Support Center (Version: 3.1.5907.12)
Dell Touch Software Suite Games (Version: 1.2.6.0)
Dell TouchCam (Version: 1.1.1615)
Dell VideoStage (Version: 1.0.0.0630)
DellOSD (Version: 1.1.2)
DirectX 9 Runtime (Version: 1.00.0000)
DW WLAN Card Utility (Version: 5.60.48.35)
ESET Online Scanner v3
FastAccess (Version: 2.4.97.1)
Google Chrome (Version: 27.0.1453.110)
Google Update Helper (Version: 1.3.21.145)
GoToAssist 8.0.0.514
HP Update (Version: 5.003.001.001)
Internet TV for Windows Media Center (Version: 4.2.2.0)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel Viewer (Version: 12.0.6612.1000)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Touch Pack for Windows 7 (Version: 1.0.40517.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft XNA Framework Redistributable 3.0 (Version: 3.0.11010.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Multimedia Card Reader (Version: 1.1.1817.91)
PandoraRecovery (Remove Only)
QualxServ Service Agreement (Version: 2.0.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6141)
Roxio Burn (Version: 1.01)
Roxio Easy VHS to DVD (Version: 2.0)
Skins (Version: 2010.0619.2309.39726)
Skype™ 5.10 (Version: 5.10.116)
Spybot - Search & Destroy (Version: 1.6.2)
StickyNotes (Version: 1.0.5.0)
SUPERAntiSpyware (Version: 5.6.1012)
THX TruStudio PC (Version: 1.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WordPerfect Office 11 (Version: 11.0)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
# Start of entries inserted by Spybot - Search & Destroy
# This list is Copyright 2000-2008 Safer Networking Limited
# End of entries inserted by Spybot - Search & Destroy
 
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
 
There are more than 1000 lines starting with "127.0.0.1"
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/16/2013 10:13:01 AM) (Source: Application Hang) (User: )
Description: The program FRST64.exe version 3.3.8.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 11a0
 
Start Time: 01ce6a9b07981fd9
 
Termination Time: 11
 
Application Path: G:\FRST64.exe
 
Report Id: d1d65e33-d68e-11e2-9241-842b2b8155b5
 
Error: (06/15/2013 07:01:41 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (06/15/2013 07:01:36 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (06/15/2013 05:41:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (06/15/2013 05:41:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (06/15/2013 05:38:22 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (06/16/2013 10:04:47 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Cdr4_2K
 
Error: (06/16/2013 10:04:20 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\Cdr4_2K.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/16/2013 10:04:16 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\Cdr4_2K.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/15/2013 10:01:35 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Cdr4_2K
 
Error: (06/15/2013 10:01:01 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\Cdr4_2K.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/15/2013 10:00:57 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\Cdr4_2K.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/15/2013 08:42:59 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Cdr4_2K
 
Error: (06/15/2013 08:42:34 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\Cdr4_2K.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/15/2013 08:42:29 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\Cdr4_2K.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/15/2013 07:00:32 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004
 
 
Microsoft Office Sessions:
=========================
Error: (06/16/2013 10:13:01 AM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.8.111a001ce6a9b07981fd911G:\FRST64.exed1d65e33-d68e-11e2-9241-842b2b8155b5
 
Error: (06/15/2013 07:01:41 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestG:\esetsmartinstaller_enu.exe
 
Error: (06/15/2013 07:01:36 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestG:\esetsmartinstaller_enu.exe
 
Error: (06/15/2013 05:41:56 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestG:\esetsmartinstaller_enu.exe
 
Error: (06/15/2013 05:41:48 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestG:\esetsmartinstaller_enu.exe
 
Error: (06/15/2013 05:38:22 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestG:\esetsmartinstaller_enu.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-04-03 10:26:54.058
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Combo\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-03 10:26:53.949
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Combo\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-03 10:26:53.855
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Combo\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-03 10:26:53.746
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Combo\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-02 16:48:52.230
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Combo\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-02 16:48:52.121
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Combo\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-02 16:48:52.012
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Combo\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-02 16:48:51.903
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Combo\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-02 14:09:00.651
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Combo\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-02 14:09:00.542
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Combo\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 33%
Total physical RAM: 3835.95 MB
Available physical RAM: 2558.71 MB
Total Pagefile: 7670.08 MB
Available Pagefile: 5957.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:399.15 GB) NTFS (Disk=0 Partition=3)
Drive g: (KINGSTON) (Removable) (Total:1.87 GB) (Free:1.46 GB) FAT (Disk=1 Partition=1)
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 46C06820)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)
 
==================== End Of Log ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users