Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection email keeps getting hijacked


  • This topic is locked This topic is locked
23 replies to this topic

#1 ffinnegan24

ffinnegan24

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 14 November 2013 - 10:26 PM

My hotmail account keeps getting hijacked despite changing the password several times.  I have cleaned my computer using Malwarebytes and found one possibly unwanted program (wajam.a) and removed it but the problem with hotmail persists.  Will you please analyse my attached logfiles for other problems.  

Thank you,

Tom

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.45.2
Run by Server at 20:05:36 on 2013-11-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4094.1705 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Server\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Users\Server\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Amine Dries\Horloger\Horloger.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Users\Server\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\prevhost.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
uRun: [Google Update] "C:\Users\Server\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [Clock Widget (HTC Home)] "C:\Program Files (x86)\HTC Home\Clock.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [GoogleChromeAutoLaunch_91658B6FF8D02E8DF32B436A15953AAA] "C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Horloger] C:\Program Files (x86)\Amine Dries\Horloger\Horloger.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
StartupFolder: C:\Users\Server\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Server\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Server\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\COLORV~1.LNK - C:\Program Files (x86)\ColorVision\Utility\ColorVisionStartup.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: LastPass - C:\Users\Server\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Server\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{02468524-893B-4342-A491-C6EFFBFE1A4F} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{02468524-893B-4342-A491-C6EFFBFE1A4F} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Device Center\ipoint.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\sv23mztk.tom\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Users\Server\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-13 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-13 204880]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-22 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-8-22 378944]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-3 238080]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-8-22 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-22 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-26 46808]
R2 DisplayFusionService;DisplayFusionService;C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [2013-2-12 1315728]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2013-8-30 558480]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-10-17 112080]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-12-24 245760]
S3 CH341SER_A64;CH341SER_A64;C:\Windows\System32\drivers\CH341S64.SYS [2011-11-4 58368]
S3 Spyder2;ColorVision Spyder2;C:\Windows\System32\drivers\Spyder2.sys [2007-2-13 15360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-8-23 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-22 1255736]
.
=============== Created Last 30 ================
.
2013-11-15 02:44:01 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4DD2A31D-2395-44E9-8161-F53C8F174A00}\offreg.dll
2013-11-15 02:40:22 388096 ----a-r- C:\Users\Server\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-11-15 02:40:22 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-11-14 02:21:27 -------- d-----w- C:\ProgramData\HitmanPro
2013-11-14 02:10:16 -------- d-----w- C:\Windows\ERUNT
2013-11-14 02:04:51 -------- d-----w- C:\AdwCleaner
2013-11-12 20:54:43 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-12 20:52:01 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4DD2A31D-2395-44E9-8161-F53C8F174A00}\mpengine.dll
2013-11-11 17:51:34 -------- d-----w- C:\Program Files\iPod
2013-11-11 17:51:33 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-11 17:51:33 -------- d-----w- C:\Program Files\iTunes
2013-11-11 17:51:33 -------- d-----w- C:\Program Files (x86)\iTunes
2013-11-07 00:29:57 -------- d-----w- C:\Users\Server\AppData\Roaming\Amine_Dries
2013-11-07 00:29:57 -------- d-----w- C:\Program Files (x86)\Amine Dries
2013-11-06 22:35:05 -------- d-----w- C:\Windows\Hewlett-Packard
2013-11-03 05:06:58 -------- d-----w- C:\Users\Server\AppData\Local\Help
2013-11-03 05:05:53 -------- d-----w- C:\Users\Server\AppData\Local\Downloaded Installations
2013-10-30 21:51:51 -------- d-----w- C:\Users\Server\AppData\Roaming\HpUpdate
2013-10-30 21:51:26 -------- d-----w- C:\Program Files (x86)\HP
2013-10-30 21:50:12 -------- d-----w- C:\Program Files\HP
2013-10-30 21:48:25 -------- d-----w- C:\Users\Server\AppData\Local\HP
2013-10-21 14:43:03 -------- d-----w- C:\ProgramData\Oracle
2013-10-21 14:42:55 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-21 14:36:53 -------- d-----w- C:\Users\Server\AppData\Local\Diagnostics
2013-10-19 23:21:46 -------- d-----w- C:\Program Files (x86)\Extract-XISO
.
==================== Find3M  ====================
.
2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-09 03:12:49 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 03:12:49 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-09-03 20:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-30 22:10:50 11152 ----a-w- C:\Windows\SysWow64\vpncategories.dll
2013-08-30 22:10:47 34192 ----a-w- C:\Windows\SysWow64\vpnevents.dll
2013-08-30 21:53:13 52080 ----a-w- C:\Windows\System32\drivers\vpnva64-6.sys
2013-08-30 21:51:25 112080 ----a-r- C:\Windows\System32\drivers\acsock64.sys
2013-08-30 07:48:10 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-08-30 07:48:10 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-08-30 07:48:10 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-08-30 07:48:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-08-30 07:48:09 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-08-30 07:47:40 41664 ----a-w- C:\Windows\avastSS.scr
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-01-02 20:55:47 14794312 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 20:05:53.97 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,631 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 PM

Posted 19 November 2013 - 10:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/514097 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 ffinnegan24

ffinnegan24
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 20 November 2013 - 01:33 AM

I do still have my install disks.

Thanks

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.45.2
Run by Server at 23:29:23 on 2013-11-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4094.1104 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Server\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Users\Server\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Program Files (x86)\Amine Dries\Horloger\Horloger.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Users\Server\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\calc.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\31.0.1650.57\nacl64.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\31.0.1650.57\nacl64.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
uRun: [Google Update] "C:\Users\Server\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [Clock Widget (HTC Home)] "C:\Program Files (x86)\HTC Home\Clock.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [GoogleChromeAutoLaunch_91658B6FF8D02E8DF32B436A15953AAA] "C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Horloger] C:\Program Files (x86)\Amine Dries\Horloger\Horloger.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
StartupFolder: C:\Users\Server\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Server\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Server\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\COLORV~1.LNK - C:\Program Files (x86)\ColorVision\Utility\ColorVisionStartup.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: LastPass - C:\Users\Server\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Server\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{02468524-893B-4342-A491-C6EFFBFE1A4F} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{02468524-893B-4342-A491-C6EFFBFE1A4F} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Device Center\ipoint.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\sv23mztk.tom\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Users\Server\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-13 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-13 204880]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-22 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-8-22 378944]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-3 238080]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-8-22 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-22 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-26 46808]
R2 DisplayFusionService;DisplayFusionService;C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [2013-2-12 1315728]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2013-8-30 558480]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-10-17 112080]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-12-24 245760]
S3 CH341SER_A64;CH341SER_A64;C:\Windows\System32\drivers\CH341S64.SYS [2011-11-4 58368]
S3 Spyder2;ColorVision Spyder2;C:\Windows\System32\drivers\Spyder2.sys [2007-2-13 15360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-8-23 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-22 1255736]
.
=============== Created Last 30 ================
.
2013-11-19 20:29:09 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3188C490-1CC8-4213-864E-4F15087E1E7F}\mpengine.dll
2013-11-15 02:40:22 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-11-14 02:21:27 -------- d-----w- C:\ProgramData\HitmanPro
2013-11-14 02:10:16 -------- d-----w- C:\Windows\ERUNT
2013-11-14 02:04:51 -------- d-----w- C:\AdwCleaner
2013-11-12 20:54:43 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-11 17:51:34 -------- d-----w- C:\Program Files\iPod
2013-11-11 17:51:33 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-11 17:51:33 -------- d-----w- C:\Program Files\iTunes
2013-11-11 17:51:33 -------- d-----w- C:\Program Files (x86)\iTunes
2013-11-07 00:29:57 -------- d-----w- C:\Users\Server\AppData\Roaming\Amine_Dries
2013-11-07 00:29:57 -------- d-----w- C:\Program Files (x86)\Amine Dries
2013-11-06 22:35:05 -------- d-----w- C:\Windows\Hewlett-Packard
2013-11-03 05:06:58 -------- d-----w- C:\Users\Server\AppData\Local\Help
2013-11-03 05:05:53 -------- d-----w- C:\Users\Server\AppData\Local\Downloaded Installations
2013-10-30 21:51:51 -------- d-----w- C:\Users\Server\AppData\Roaming\HpUpdate
2013-10-30 21:51:26 -------- d-----w- C:\Program Files (x86)\HP
2013-10-30 21:50:12 -------- d-----w- C:\Program Files\HP
2013-10-30 21:48:25 -------- d-----w- C:\Users\Server\AppData\Local\HP
2013-10-21 14:43:03 -------- d-----w- C:\ProgramData\Oracle
2013-10-21 14:42:55 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-21 14:36:53 -------- d-----w- C:\Users\Server\AppData\Local\Diagnostics
.
==================== Find3M  ====================
.
2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-09 03:12:49 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 03:12:49 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-09-03 20:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-30 22:10:50 11152 ----a-w- C:\Windows\SysWow64\vpncategories.dll
2013-08-30 22:10:47 34192 ----a-w- C:\Windows\SysWow64\vpnevents.dll
2013-08-30 21:53:13 52080 ----a-w- C:\Windows\System32\drivers\vpnva64-6.sys
2013-08-30 21:51:25 112080 ----a-r- C:\Windows\System32\drivers\acsock64.sys
2013-08-30 07:48:10 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-08-30 07:48:10 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-08-30 07:48:10 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-08-30 07:48:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-08-30 07:48:09 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-08-30 07:47:40 41664 ----a-w- C:\Windows\avastSS.scr
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-01-02 20:55:47 14794312 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 23:29:39.94 ===============
 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:22 PM

Posted 22 November 2013 - 09:34 AM

Greetings Tom and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 ffinnegan24

ffinnegan24
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 22 November 2013 - 05:39 PM

Hi Gary,

Thanks for working with me on this problem.  Unfortunately, I will be away from my computer until November 26.  If you don't mind waiting, I will post the information you want as soon as I get back.

Thanks,

Tom



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:22 PM

Posted 22 November 2013 - 05:41 PM

Hi Tom,

No problem at all sir. See you when you return.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:22 PM

Posted 29 November 2013 - 11:45 AM

Greetings Tom,

Are you still with me?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 ffinnegan24

ffinnegan24
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 29 November 2013 - 01:51 PM

Hi Gary,  

Sorry for the delay.  Here are notepad documents you wanted.

Thanks,

Tom

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-11-2013
Ran by Server at 2013-11-29 11:48:11
Running from C:\Users\Server\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
µTorrent (x32 Version: 3.2.0)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 3.7.0.1860)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Photoshop CS6 (x32 Version: 13.0.0.0)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Adobe SVG Viewer 3.0 (x32 Version:  3.0)
Amazon MP3 Downloader 1.0.17 (x32 Version: 1.0.17)
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.877.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.70704.0230)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
avast! Free Antivirus (x32 Version: 8.0.1497.0)
Bonjour (Version: 3.0.0.10)
Canon Inkjet Printer Driver Add-On Module
Canon MP Navigator EX 2.0 (x32)
Canon Utilities Solution Menu (x32)
CanoScan LiDE 200 Scanner Driver
Carbonite (x32 Version: 5.5.0 build 3621  (Oct-10-2013))
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.0704.122.388)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0704.122.388)
Catalyst Control Center InstallProxy (x32 Version: 2012.0704.122.388)
Catalyst Control Center Localization All (x32 Version: 2012.0704.122.388)
CCC Help Chinese Standard (x32 Version: 2012.0704.0121.388)
CCC Help Chinese Traditional (x32 Version: 2012.0704.0121.388)
CCC Help Czech (x32 Version: 2012.0704.0121.388)
CCC Help Danish (x32 Version: 2012.0704.0121.388)
CCC Help Dutch (x32 Version: 2012.0704.0121.388)
CCC Help English (x32 Version: 2012.0704.0121.388)
CCC Help Finnish (x32 Version: 2012.0704.0121.388)
CCC Help French (x32 Version: 2012.0704.0121.388)
CCC Help German (x32 Version: 2012.0704.0121.388)
CCC Help Greek (x32 Version: 2012.0704.0121.388)
CCC Help Hungarian (x32 Version: 2012.0704.0121.388)
CCC Help Italian (x32 Version: 2012.0704.0121.388)
CCC Help Japanese (x32 Version: 2012.0704.0121.388)
CCC Help Korean (x32 Version: 2012.0704.0121.388)
CCC Help Norwegian (x32 Version: 2012.0704.0121.388)
CCC Help Polish (x32 Version: 2012.0704.0121.388)
CCC Help Portuguese (x32 Version: 2012.0704.0121.388)
CCC Help Russian (x32 Version: 2012.0704.0121.388)
CCC Help Spanish (x32 Version: 2012.0704.0121.388)
CCC Help Swedish (x32 Version: 2012.0704.0121.388)
CCC Help Thai (x32 Version: 2012.0704.0121.388)
CCC Help Turkish (x32 Version: 2012.0704.0121.388)
ccc-utility64 (Version: 2012.0704.122.388)
Cisco AnyConnect Secure Mobility Client  (x32 Version: 3.1.04066)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04066)
Comical 0.8 (x32)
Craxtion4 (x32 Version: 4.0.0)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
DisplayFusion 5.1.1 (x32 Version: 5.1.1.0)
Dropbox (HKCU Version: 2.0.22)
DVD Catalyst 4.2.1 (x32 Version: 4.2.1)
Estelar PDF Unlock Tool (x32 Version: 4.2)
eSupport UndeletePlus 3.0.4.918 (x32)
Extract-XISO -- GUI by Huge (x32)
FileZilla Client 3.7.3 (x32 Version: 3.7.3)
Google Chrome (HKCU Version: 31.0.1650.57)
Google Update Helper (x32 Version: 1.3.21.165)
HL-2270DW (x32 Version: 1.0.7.0)
Horloger 1.0 Final (x32)
HP Deskjet 1010 series Basic Device Software (Version: 30.0.1093.41190)
HP Deskjet 1010 series Help (x32 Version: 30.0.0)
HP Update (x32 Version: 5.005.000.002)
IBM SPSS Statistics 21 (x32 Version: 21.0.0.0)
ImgBurn (x32 Version: 2.5.7.0)
iTunes (Version: 11.1.3.8)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
LastPass(uninstall only) (x32)
Magic ISO Maker v5.5 (build 0281) (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Mouse and Keyboard Center (Version: 1.1.500.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
OpenDNS Updater 2.2.1 (x32 Version: 2.2.1)
Paint.NET v3.5.11 (Version: 3.61.0)
PandoraRecovery (Remove Only) (x32)
Picasa 3 (x32 Version: 3.9)
QuickTime (x32 Version: 7.74.80.86)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6602)
Shutterfly Express Uploader (x32 Version: 1.2.0)
Shutterfly Express Uploader (x32 Version: 1.2.0.0)
SketchUp Pro 8 (x32 Version: 3.0.16846)
Spyder2PRO (x32)
Stencyl (x32 Version: 1.1.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
VLC Media Player (x32 Version: 1.1.11)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
XBMC (HKCU)
 
==================== Restore Points  =========================
 
29-11-2013 16:05:38 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 19:34 - 2013-08-06 16:14 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {16596689-ECAB-481A-AF13-C0D727D73D5B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1723685602-1744827042-1274715792-1000
Task: {348E5DC4-5561-4FC7-BE0C-5FA2BA775255} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {3C3B9094-19B4-43C2-9871-D9E612899679} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {40B18ACE-EEB9-4B23-9755-53F70AB6FFDC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-18] (Google Inc.)
Task: {4F67650B-19A2-472D-8632-DA12089398BA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1723685602-1744827042-1274715792-1000UA => C:\Users\Server\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22] (Google Inc.)
Task: {4FEAEA8E-F007-4692-9C6B-7CBE31BAFA4A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1723685602-1744827042-1274715792-1003Core => C:\Users\Jillana\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26] (Google Inc.)
Task: {5B19948D-4E6D-44DE-BF3C-61F3BB99BC0E} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\DeviceCenter.exe [2012-06-26] (Microsoft)
Task: {6C49F84C-E65D-41DF-9454-E9D13034F1A1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {87E63C78-3093-4B5B-A0F1-F1C0BB522C66} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {9E7BA8C5-8B41-4E37-9C4E-CC68C9022E72} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-18] (Google Inc.)
Task: {B7392ACD-3C81-48C2-B954-A1D6340346FE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1723685602-1744827042-1274715792-1000Core => C:\Users\Server\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22] (Google Inc.)
Task: {C388EC7C-D77F-4224-B6B9-D9ECEDCCC0C5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CB2382E8-42F3-4D37-8444-7A69B86304DC} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {E5452362-0BD3-4487-B528-970772CE4750} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {E9A19C1D-FB6D-4FCC-890D-02050502C0EA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1723685602-1744827042-1274715792-1003UA => C:\Users\Jillana\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723685602-1744827042-1274715792-1000Core.job => C:\Users\Server\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723685602-1744827042-1274715792-1000UA.job => C:\Users\Server\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723685602-1744827042-1274715792-1003Core.job => C:\Users\Jillana\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723685602-1744827042-1274715792-1003UA.job => C:\Users\Jillana\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-01-02 07:42 - 2010-01-02 07:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-07-04 00:16 - 2012-07-04 00:16 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-08-30 15:11 - 2013-08-30 15:11 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-11-28 15:56 - 2013-11-28 11:20 - 02241536 _____ () C:\Program Files\AVAST Software\Avast\defs\13112801\algo.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-07 12:25 - 2013-08-07 12:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-11-15 17:03 - 2013-11-14 04:28 - 00702416 _____ () C:\Users\Server\AppData\Local\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-15 17:03 - 2013-11-14 04:28 - 00099792 _____ () C:\Users\Server\AppData\Local\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-15 17:03 - 2013-11-14 04:29 - 04055504 _____ () C:\Users\Server\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-15 17:03 - 2013-11-14 04:29 - 00399312 _____ () C:\Users\Server\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-15 17:02 - 2013-11-14 04:28 - 01619408 _____ () C:\Users\Server\AppData\Local\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
2013-03-13 13:48 - 2013-03-13 13:48 - 24978944 _____ () C:\Users\Server\AppData\Roaming\Dropbox\bin\libcef.dll
2013-11-15 17:03 - 2013-11-14 04:29 - 13582800 _____ () C:\Users\Server\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:9E00596C
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/29/2013 09:01:53 AM) (Source: Application Error) (User: )
Description: Faulting application name: Clock.exe, version: 3.0.622.0, time stamp: 0x4ed3847e
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xe0434352
Fault offset: 0x000000000000940d
Faulting process id: 0xdf4
Faulting application start time: 0xClock.exe0
Faulting application path: Clock.exe1
Faulting module path: Clock.exe2
Report Id: Clock.exe3
 
Error: (11/29/2013 09:01:51 AM) (Source: .NET Runtime) (User: )
Description: Application: Clock.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentNullException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Threading.ExecutionContext.runTryCode(System.Object)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run()
   at Clock.App.Main()
 
Error: (11/22/2013 03:33:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: Clock.exe, version: 3.0.622.0, time stamp: 0x4ed3847e
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xe0434352
Fault offset: 0x000000000000940d
Faulting process id: 0xf54
Faulting application start time: 0xClock.exe0
Faulting application path: Clock.exe1
Faulting module path: Clock.exe2
Report Id: Clock.exe3
 
Error: (11/22/2013 03:33:12 PM) (Source: .NET Runtime) (User: )
Description: Application: Clock.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentNullException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Threading.ExecutionContext.runTryCode(System.Object)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run()
   at Clock.App.Main()
 
Error: (11/21/2013 07:46:23 AM) (Source: Application Error) (User: )
Description: Faulting application name: Clock.exe, version: 3.0.622.0, time stamp: 0x4ed3847e
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xe0434352
Fault offset: 0x000000000000940d
Faulting process id: 0xf0c
Faulting application start time: 0xClock.exe0
Faulting application path: Clock.exe1
Faulting module path: Clock.exe2
Report Id: Clock.exe3
 
Error: (11/21/2013 07:46:22 AM) (Source: .NET Runtime) (User: )
Description: Application: Clock.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentNullException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Threading.ExecutionContext.runTryCode(System.Object)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run()
   at Clock.App.Main()
 
Error: (11/20/2013 04:34:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: Clock.exe, version: 3.0.622.0, time stamp: 0x4ed3847e
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xe0434352
Fault offset: 0x000000000000940d
Faulting process id: 0xf88
Faulting application start time: 0xClock.exe0
Faulting application path: Clock.exe1
Faulting module path: Clock.exe2
Report Id: Clock.exe3
 
Error: (11/20/2013 04:34:27 PM) (Source: .NET Runtime) (User: )
Description: Application: Clock.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentNullException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Threading.ExecutionContext.runTryCode(System.Object)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run()
   at Clock.App.Main()
 
Error: (11/20/2013 00:59:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: Clock.exe, version: 3.0.622.0, time stamp: 0x4ed3847e
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xe0434352
Fault offset: 0x000000000000940d
Faulting process id: 0xd64
Faulting application start time: 0xClock.exe0
Faulting application path: Clock.exe1
Faulting module path: Clock.exe2
Report Id: Clock.exe3
 
Error: (11/20/2013 00:59:33 PM) (Source: .NET Runtime) (User: )
Description: Application: Clock.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentNullException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Threading.ExecutionContext.runTryCode(System.Object)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run()
   at Clock.App.Main()
 
 
System errors:
=============
Error: (11/29/2013 09:01:20 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
 
Error: (11/25/2013 03:44:39 AM) (Source: DCOM) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (11/22/2013 03:32:05 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
 
Error: (11/21/2013 07:45:52 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
 
Error: (11/20/2013 03:46:59 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:45:34 PM on ‎11/‎20/‎2013 was unexpected.
 
Error: (11/20/2013 03:46:54 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
 
Error: (11/20/2013 00:35:39 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
 
Error: (11/19/2013 01:24:28 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
 
Error: (11/18/2013 06:45:22 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
 
Error: (11/17/2013 02:20:28 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
 
 
Microsoft Office Sessions:
=========================
Error: (11/29/2013 09:01:53 AM) (Source: Application Error)(User: )
Description: Clock.exe3.0.622.04ed3847eKERNELBASE.dll6.1.7601.1822951fb1677e0434352000000000000940ddf401ceed1c4c6df3ffC:\Program Files (x86)\HTC Home\Clock.exeC:\Windows\system32\KERNELBASE.dll90323562-590f-11e3-b8a2-00241d21bcd3
 
Error: (11/29/2013 09:01:51 AM) (Source: .NET Runtime)(User: )
Description: Application: Clock.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentNullException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Threading.ExecutionContext.runTryCode(System.Object)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run()
   at Clock.App.Main()
 
Error: (11/22/2013 03:33:15 PM) (Source: Application Error)(User: )
Description: Clock.exe3.0.622.04ed3847eKERNELBASE.dll6.1.7601.1822951fb1677e0434352000000000000940df5401cee7d2d0e4b662C:\Program Files (x86)\HTC Home\Clock.exeC:\Windows\system32\KERNELBASE.dll1352d398-53c6-11e3-9d12-00241d21bcd3
 
Error: (11/22/2013 03:33:12 PM) (Source: .NET Runtime)(User: )
Description: Application: Clock.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentNullException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Threading.ExecutionContext.runTryCode(System.Object)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run()
   at Clock.App.Main()
 
Error: (11/21/2013 07:46:23 AM) (Source: Application Error)(User: )
Description: Clock.exe3.0.622.04ed3847eKERNELBASE.dll6.1.7601.1822951fb1677e0434352000000000000940df0c01cee6c86e1228a5C:\Program Files (x86)\HTC Home\Clock.exeC:\Windows\system32\KERNELBASE.dllb0ab73d3-52bb-11e3-81f0-00241d21bcd3
 
Error: (11/21/2013 07:46:22 AM) (Source: .NET Runtime)(User: )
Description: Application: Clock.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentNullException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Threading.ExecutionContext.runTryCode(System.Object)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run()
   at Clock.App.Main()
 
Error: (11/20/2013 04:34:30 PM) (Source: Application Error)(User: )
Description: Clock.exe3.0.622.04ed3847eKERNELBASE.dll6.1.7601.1822951fb1677e0434352000000000000940df8801cee649098754abC:\Program Files (x86)\HTC Home\Clock.exeC:\Windows\system32\KERNELBASE.dll4d072b16-523c-11e3-a9bd-00241d21bcd3
 
Error: (11/20/2013 04:34:27 PM) (Source: .NET Runtime)(User: )
Description: Application: Clock.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentNullException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Threading.ExecutionContext.runTryCode(System.Object)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run()
   at Clock.App.Main()
 
Error: (11/20/2013 00:59:34 PM) (Source: Application Error)(User: )
Description: Clock.exe3.0.622.04ed3847eKERNELBASE.dll6.1.7601.1822951fb1677e0434352000000000000940dd6401cee62b040d797eC:\Program Files (x86)\HTC Home\Clock.exeC:\Windows\system32\KERNELBASE.dll466841ef-521e-11e3-9ad5-00241d21bcd3
 
Error: (11/20/2013 00:59:33 PM) (Source: .NET Runtime)(User: )
Description: Application: Clock.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentNullException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Threading.ExecutionContext.runTryCode(System.Object)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run()
   at Clock.App.Main()
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 67%
Total physical RAM: 4094.49 MB
Available physical RAM: 1336.42 MB
Total Pagefile: 8187.16 MB
Available Pagefile: 4539.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.23 GB) (Free:51.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Tera1) (Fixed) (Total:931.51 GB) (Free:195.96 GB) NTFS
Drive x: (Thing 1) (Fixed) (Total:298.09 GB) (Free:295.62 GB) NTFS
Drive y: (Thing 2) (Fixed) (Total:298.09 GB) (Free:297.27 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 45FA45F9)
Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 8EDF7909)
Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 229BF803)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 8EDF790A)
Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-11-2013
Ran by Server (administrator) on SERVER-PC on 29-11-2013 11:44:21
Running from C:\Users\Server\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Users\Server\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Server\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Google Inc.) C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
(Dries Amine) C:\Program Files (x86)\Amine Dries\Horloger\Horloger.exe
(Google Inc.) C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Google Inc.) C:\Users\Server\AppData\Local\Google\Chrome\Application\31.0.1650.57\nacl64.exe
(Dropbox, Inc.) C:\Users\Server\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Google Inc.) C:\Users\Server\AppData\Local\Google\Chrome\Application\31.0.1650.57\nacl64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Google Inc.) C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [IntelliType Pro] - C:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-27] (Realtek Semiconductor)
HKCU\...\Run: [Google Update] - C:\Users\Server\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-22] (Google Inc.)
HKCU\...\Run: [DisplayFusion] - C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7952224 2013-11-27] (Binary Fortress Software)
HKCU\...\Run: [Clock Widget (HTC Home)] - C:\Program Files (x86)\HTC Home\Clock.exe [2036736 2011-11-28] ()
HKCU\...\Run: [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKCU\...\Run: [GoogleChromeAutoLaunch_91658B6FF8D02E8DF32B436A15953AAA] - C:\Users\Server\AppData\Local\Google\Chrome\Application\chrome.exe [863184 2013-11-14] (Google Inc.)
HKCU\...\Run: [Horloger] - C:\Program Files (x86)\Amine Dries\Horloger\Horloger.exe [574464 2010-05-28] (Dries Amine)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-08-30] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.)
HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\51f0faeb-1d0a-496b-b51b-10c14154d4f8.exe [180184 2013-11-23] (AVAST Software)
HKU\Jillana\...\Run: [Google Update] - C:\Users\Jillana\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-26] (Google Inc.)
HKU\Jillana\...\Run: [Clock Widget (HTC Home)] - C:\Program Files (x86)\HTC Home\Clock.exe [2036736 2011-11-28] ()
HKU\Jillana\...\Run: [AdobeBridge] - [x]
HKU\Jillana\...\Run: [OpenDNS Updater] - C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
HKU\Jillana\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
Startup: C:\Users\Jillana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Server\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Server\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{02468524-893B-4342-A491-C6EFFBFE1A4F}: [NameServer]208.67.222.222,208.67.220.220
 
FireFox:
========
FF ProfilePath: C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\9tv8rqps.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Server\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Server\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
FF Extension: LastPass - C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\9tv8rqps.default\Extensions\support@lastpass.com
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome: 
=======
CHR HomePage: hxxp://fondalashay.com/blog/the-eb1-residence
CHR RestoreOnStartup: "https://www.google.com/calendar/render", "https://mail.google.com/mail/u/0/?tab=cm#inbox", "https://bay175.mail.live.com/default.aspx?id=64855&rru=inbox", "hxxp://www.feedly.com/home#latest", "https://news.google.com/nwshp?hl=en&tab=wn", "https://www.facebook.com/home.php?ref=home", "https://orgsync.com/41403/groups", "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Users\Server\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Server\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Server\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (YouTube) - C:\Users\Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Ad-blocker for Gmail\u2122) - C:\Users\Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\coibnogmjcpbccgjofoiklnfpbbjbapo\2.8_0
CHR Extension: (Google Search) - C:\Users\Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (avast! Online Security) - C:\Users\Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (LastPass) - C:\Users\Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.16_0
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.1_0
CHR Extension: (StumbleUpon) - C:\Users\Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\5.9.19.1_0
CHR Extension: (Google Wallet) - C:\Users\Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Google Reader) - C:\Users\Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0
CHR Extension: (Gmail) - C:\Users\Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1375600 2013-11-27] (Binary Fortress Software)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2012-08-22] (www.winchiphead.com)
S3 Spyder2; C:\Windows\System32\DRIVERS\Spyder2.sys [15360 2007-01-17] ()
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-08-30] (Cisco Systems, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-29 11:44 - 2013-11-29 11:44 - 00019341 _____ C:\Users\Server\Desktop\FRST.txt
2013-11-29 11:44 - 2013-11-29 11:44 - 00000000 ____D C:\FRST
2013-11-29 11:43 - 2013-11-29 11:43 - 01959024 _____ (Farbar) C:\Users\Server\Desktop\FRST64.exe
2013-11-28 17:43 - 2013-11-28 17:43 - 10343200 _____ (Binary Fortress Software                                    ) C:\Users\Server\Downloads\DisplayFusionSetup-5.1.1.exe
2013-11-24 13:47 - 2013-11-24 13:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-19 23:29 - 2013-11-19 23:29 - 00022229 _____ C:\Users\Server\Desktop\dds.txt
2013-11-19 23:29 - 2013-11-19 23:29 - 00014123 _____ C:\Users\Server\Desktop\attach.txt
2013-11-16 08:59 - 2013-11-16 08:59 - 02750736 _____ C:\Users\Server\Desktop\finnegan78.wav
2013-11-16 08:57 - 2013-11-16 08:57 - 00119720 _____ C:\Users\Server\Desktop\Sculpture.m4a
2013-11-14 20:05 - 2013-11-14 20:05 - 00688992 ____R (Swearware) C:\Users\Server\Downloads\dds.com
2013-11-14 19:46 - 2013-11-14 19:55 - 00013250 _____ C:\Users\Server\Desktop\hijackthis.log
2013-11-14 19:40 - 2013-11-14 19:40 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-11-14 19:39 - 2013-11-14 19:39 - 01402880 _____ C:\Users\Server\Downloads\HijackThis_v2.0.5-Beta.msi
2013-11-13 19:21 - 2013-11-13 19:23 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-13 19:19 - 2013-11-13 19:19 - 00002263 _____ C:\Users\Server\Desktop\JRT.txt
2013-11-13 19:10 - 2013-11-13 19:10 - 00000000 ____D C:\Windows\ERUNT
2013-11-13 19:04 - 2013-11-13 19:08 - 00000000 ____D C:\AdwCleaner
2013-11-13 19:01 - 2013-11-13 19:02 - 10264904 _____ (SurfRight B.V.) C:\Users\Server\Desktop\HitmanPro_x64.exe
2013-11-13 19:00 - 2013-11-13 19:00 - 01034531 _____ (Thisisu) C:\Users\Server\Desktop\JRT.exe
2013-11-13 18:59 - 2013-11-13 18:59 - 01085542 _____ C:\Users\Server\Desktop\adwcleaner.exe
2013-11-13 17:51 - 2013-11-13 17:51 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-13 13:15 - 2013-10-12 01:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 13:15 - 2013-10-12 01:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 13:15 - 2013-10-12 01:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 13:15 - 2013-10-12 01:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 13:15 - 2013-10-12 01:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 13:15 - 2013-10-12 01:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 13:15 - 2013-10-12 01:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 13:15 - 2013-10-12 01:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 13:15 - 2013-10-12 01:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 13:15 - 2013-10-12 01:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 13:15 - 2013-10-12 01:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 13:15 - 2013-10-12 01:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 13:15 - 2013-10-12 01:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 13:15 - 2013-10-12 01:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 13:15 - 2013-10-12 00:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 13:15 - 2013-10-12 00:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 13:15 - 2013-10-12 00:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 13:15 - 2013-10-12 00:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 13:15 - 2013-10-12 00:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 13:15 - 2013-10-12 00:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 13:15 - 2013-10-12 00:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 13:15 - 2013-10-12 00:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 13:15 - 2013-10-12 00:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 13:15 - 2013-10-12 00:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 13:15 - 2013-10-12 00:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 13:15 - 2013-10-12 00:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 13:15 - 2013-10-12 00:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 13:15 - 2013-10-11 23:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 13:15 - 2013-10-11 23:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 13:15 - 2013-10-11 22:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 13:15 - 2013-10-11 22:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 22:24 - 2013-11-12 22:24 - 00002136 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2013-11-12 13:54 - 2013-10-11 19:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-12 13:54 - 2013-10-11 19:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-12 13:54 - 2013-10-11 19:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-12 13:54 - 2013-10-11 19:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-12 13:54 - 2013-10-11 19:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-12 13:54 - 2013-10-05 13:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-12 13:54 - 2013-10-05 12:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-12 13:54 - 2013-10-03 19:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-12 13:54 - 2013-10-03 19:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-12 13:54 - 2013-10-03 19:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-12 13:54 - 2013-10-03 18:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-12 13:54 - 2013-10-03 18:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-12 13:54 - 2013-10-03 18:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-12 13:54 - 2013-10-02 19:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-12 13:54 - 2013-10-02 19:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-12 13:54 - 2013-09-27 18:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-12 13:54 - 2013-09-24 19:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-12 13:54 - 2013-09-24 19:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-12 13:54 - 2013-09-24 19:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-12 13:54 - 2013-09-24 19:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-12 13:54 - 2013-09-24 19:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-12 13:54 - 2013-09-24 19:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-12 13:54 - 2013-09-24 19:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-12 13:54 - 2013-09-24 19:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-12 13:54 - 2013-09-24 18:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-12 13:54 - 2013-09-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-12 13:54 - 2013-09-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-12 13:54 - 2013-09-24 18:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-12 13:54 - 2013-09-24 18:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-12 13:54 - 2013-07-04 05:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-11 10:51 - 2013-11-11 10:51 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-11 10:51 - 2013-11-11 10:51 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-11 10:51 - 2013-11-11 10:51 - 00000000 ____D C:\Program Files\iTunes
2013-11-11 10:51 - 2013-11-11 10:51 - 00000000 ____D C:\Program Files\iPod
2013-11-11 10:51 - 2013-11-11 10:51 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-07 08:08 - 2013-11-07 08:08 - 00076767 _____ C:\Users\Jillana\Downloads\ChicoTHMParticipantsFall2006.xlsx
2013-11-06 17:29 - 2013-11-06 17:29 - 02173332 _____ C:\Users\Server\Desktop\horloger_v1_0_final_by_amine5a5-d3eopn7.rar
2013-11-06 17:29 - 2013-11-06 17:29 - 00000000 ____D C:\Users\Server\AppData\Roaming\Amine_Dries
2013-11-06 17:29 - 2013-11-06 17:29 - 00000000 ____D C:\Program Files (x86)\Amine Dries
2013-11-06 17:24 - 2013-11-06 17:24 - 00058478 _____ C:\Users\Server\Downloads\2.0
2013-11-06 15:35 - 2013-11-06 15:35 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-11-03 21:58 - 2013-11-03 21:58 - 00053125 _____ C:\Users\Jillana\Documents\cost per course FA12 thru FA13final.xlsx
2013-11-03 20:06 - 2013-11-03 20:06 - 00019694 _____ C:\Users\Jillana\Downloads\LATutor SP14 Projections.xlsx
2013-11-03 18:07 - 2013-11-03 18:07 - 00091136 _____ C:\Users\Jillana\Downloads\Final SACM Backbill.xls
2013-11-03 17:47 - 2013-11-03 17:47 - 00052996 _____ C:\Users\Jillana\Downloads\cost per course FA12 thru FA13a.xlsx
2013-11-03 00:04 - 2013-11-05 02:14 - 00000000 ____D C:\Users\Server\Desktop\Circuit design
2013-11-02 22:06 - 2013-11-02 22:06 - 00000000 ____D C:\Users\Server\Documents\ExpressPCB
2013-11-02 22:06 - 2013-11-02 22:06 - 00000000 ____D C:\Users\Server\AppData\Roaming\Help
2013-11-02 22:06 - 2013-11-02 22:06 - 00000000 ____D C:\Users\Server\AppData\Local\Help
2013-11-02 22:05 - 2013-11-02 22:05 - 10199905 _____ (ExpressPCB             ) C:\Users\Server\Downloads\ExpressPCBSetup.exe
2013-11-02 22:05 - 2013-11-02 22:05 - 00000000 ____D C:\Users\Server\AppData\Local\Downloaded Installations
2013-11-01 16:05 - 2013-11-01 16:05 - 00000701 _____ C:\Users\Server\Desktop\minecraft_server.1.7.2 - Shortcut.lnk
2013-11-01 13:59 - 2013-11-01 13:59 - 00013383 _____ C:\Users\Jillana\Downloads\Potential Courses for SP14.xlsx
2013-10-30 14:52 - 2013-10-30 14:52 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-10-30 14:51 - 2013-11-13 15:25 - 00000000 ____D C:\Users\Server\AppData\Roaming\HpUpdate
2013-10-30 14:51 - 2013-11-06 15:35 - 00000000 ____D C:\Program Files (x86)\HP
2013-10-30 14:51 - 2013-10-30 14:51 - 00002212 _____ C:\Users\Public\Desktop\HP Deskjet 1010 series.lnk
2013-10-30 14:51 - 2013-10-30 14:51 - 00000000 ____D C:\ProgramData\HP
2013-10-30 14:50 - 2013-10-30 14:50 - 00000057 _____ C:\ProgramData\Ament.ini
2013-10-30 14:50 - 2013-10-30 14:50 - 00000000 ____D C:\Program Files\HP
2013-10-30 14:48 - 2013-10-30 14:54 - 00000000 ____D C:\Users\Server\AppData\Local\HP
 
==================== One Month Modified Files and Folders =======
 
2013-11-29 11:44 - 2013-11-29 11:44 - 00019341 _____ C:\Users\Server\Desktop\FRST.txt
2013-11-29 11:44 - 2013-11-29 11:44 - 00000000 ____D C:\FRST
2013-11-29 11:44 - 2012-08-26 09:07 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723685602-1744827042-1274715792-1003UA.job
2013-11-29 11:43 - 2013-11-29 11:43 - 01959024 _____ (Farbar) C:\Users\Server\Desktop\FRST64.exe
2013-11-29 11:41 - 2012-08-22 00:07 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723685602-1744827042-1274715792-1000UA.job
2013-11-29 11:41 - 2012-08-22 00:07 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723685602-1744827042-1274715792-1000Core.job
2013-11-29 11:24 - 2012-09-18 14:52 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-29 11:12 - 2012-12-04 21:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-29 10:57 - 2012-08-21 23:05 - 01298835 _____ C:\Windows\WindowsUpdate.log
2013-11-29 10:10 - 2013-07-21 16:44 - 00000000 ____D C:\Users\Server\AppData\Roaming\.minecraft
2013-11-29 09:08 - 2009-07-13 21:45 - 00013776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-29 09:08 - 2009-07-13 21:45 - 00013776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-29 09:07 - 2009-07-13 22:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-29 09:02 - 2012-08-27 19:06 - 00000000 ____D C:\Users\Server\AppData\Roaming\Dropbox
2013-11-29 09:01 - 2012-10-02 13:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-29 09:01 - 2012-09-18 14:52 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-29 09:01 - 2012-09-12 13:08 - 00000000 ____D C:\Program Files (x86)\HTC Home
2013-11-29 09:01 - 2012-08-27 19:07 - 00000000 ___RD C:\Users\Server\Dropbox
2013-11-29 09:01 - 2012-08-24 02:50 - 00052104 _____ C:\Windows\PFRO.log
2013-11-29 09:01 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-29 09:01 - 2009-07-13 21:51 - 00068318 _____ C:\Windows\setupact.log
2013-11-28 17:44 - 2012-08-24 12:08 - 00000000 ____D C:\Program Files (x86)\DisplayFusion
2013-11-28 17:43 - 2013-11-28 17:43 - 10343200 _____ (Binary Fortress Software                                    ) C:\Users\Server\Downloads\DisplayFusionSetup-5.1.1.exe
2013-11-28 17:43 - 2012-08-24 12:07 - 00000000 ____D C:\Users\Server\Documents\DisplayFusion Backups
2013-11-28 12:44 - 2012-08-26 09:07 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723685602-1744827042-1274715792-1003Core.job
2013-11-28 11:36 - 2012-08-22 00:07 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1723685602-1744827042-1274715792-1000UA
2013-11-28 11:36 - 2012-08-22 00:07 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1723685602-1744827042-1274715792-1000Core
2013-11-24 13:47 - 2013-11-24 13:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-23 21:59 - 2013-04-05 16:36 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-11-22 15:33 - 2012-08-22 00:21 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-19 23:29 - 2013-11-19 23:29 - 00022229 _____ C:\Users\Server\Desktop\dds.txt
2013-11-19 23:29 - 2013-11-19 23:29 - 00014123 _____ C:\Users\Server\Desktop\attach.txt
2013-11-16 08:59 - 2013-11-16 08:59 - 02750736 _____ C:\Users\Server\Desktop\finnegan78.wav
2013-11-16 08:57 - 2013-11-16 08:57 - 00119720 _____ C:\Users\Server\Desktop\Sculpture.m4a
2013-11-14 20:05 - 2013-11-14 20:05 - 00688992 ____R (Swearware) C:\Users\Server\Downloads\dds.com
2013-11-14 19:55 - 2013-11-14 19:46 - 00013250 _____ C:\Users\Server\Desktop\hijackthis.log
2013-11-14 19:40 - 2013-11-14 19:40 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-11-14 19:39 - 2013-11-14 19:39 - 01402880 _____ C:\Users\Server\Downloads\HijackThis_v2.0.5-Beta.msi
2013-11-13 19:41 - 2012-08-24 09:16 - 00000000 ____D C:\Users\Server\AppData\Local\Adobe
2013-11-13 19:23 - 2013-11-13 19:21 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-13 19:19 - 2013-11-13 19:19 - 00002263 _____ C:\Users\Server\Desktop\JRT.txt
2013-11-13 19:10 - 2013-11-13 19:10 - 00000000 ____D C:\Windows\ERUNT
2013-11-13 19:08 - 2013-11-13 19:04 - 00000000 ____D C:\AdwCleaner
2013-11-13 19:02 - 2013-11-13 19:01 - 10264904 _____ (SurfRight B.V.) C:\Users\Server\Desktop\HitmanPro_x64.exe
2013-11-13 19:00 - 2013-11-13 19:00 - 01034531 _____ (Thisisu) C:\Users\Server\Desktop\JRT.exe
2013-11-13 18:59 - 2013-11-13 18:59 - 01085542 _____ C:\Users\Server\Desktop\adwcleaner.exe
2013-11-13 17:51 - 2013-11-13 17:51 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-13 17:51 - 2013-01-06 15:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-13 15:25 - 2013-10-30 14:51 - 00000000 ____D C:\Users\Server\AppData\Roaming\HpUpdate
2013-11-13 14:35 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 13:16 - 2012-08-22 11:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 13:14 - 2013-08-15 09:56 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 13:12 - 2012-08-28 11:13 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-12 22:24 - 2013-11-12 22:24 - 00002136 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2013-11-12 22:24 - 2012-08-22 00:24 - 00004148 _____ C:\Windows\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
2013-11-11 10:51 - 2013-11-11 10:51 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-11 10:51 - 2013-11-11 10:51 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-11 10:51 - 2013-11-11 10:51 - 00000000 ____D C:\Program Files\iTunes
2013-11-11 10:51 - 2013-11-11 10:51 - 00000000 ____D C:\Program Files\iPod
2013-11-11 10:51 - 2013-11-11 10:51 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-11 05:50 - 2012-08-21 23:42 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-07 08:08 - 2013-11-07 08:08 - 00076767 _____ C:\Users\Jillana\Downloads\ChicoTHMParticipantsFall2006.xlsx
2013-11-07 08:06 - 2012-10-23 20:46 - 00000000 ___RD C:\Users\Jillana\Dropbox
2013-11-07 08:06 - 2012-10-23 20:45 - 00000000 ____D C:\Users\Jillana\AppData\Roaming\Dropbox
2013-11-06 17:29 - 2013-11-06 17:29 - 02173332 _____ C:\Users\Server\Desktop\horloger_v1_0_final_by_amine5a5-d3eopn7.rar
2013-11-06 17:29 - 2013-11-06 17:29 - 00000000 ____D C:\Users\Server\AppData\Roaming\Amine_Dries
2013-11-06 17:29 - 2013-11-06 17:29 - 00000000 ____D C:\Program Files (x86)\Amine Dries
2013-11-06 17:24 - 2013-11-06 17:24 - 00058478 _____ C:\Users\Server\Downloads\2.0
2013-11-06 15:35 - 2013-11-06 15:35 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-11-06 15:35 - 2013-10-30 14:51 - 00000000 ____D C:\Program Files (x86)\HP
2013-11-05 23:07 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-05 02:14 - 2013-11-03 00:04 - 00000000 ____D C:\Users\Server\Desktop\Circuit design
2013-11-03 21:58 - 2013-11-03 21:58 - 00053125 _____ C:\Users\Jillana\Documents\cost per course FA12 thru FA13final.xlsx
2013-11-03 20:06 - 2013-11-03 20:06 - 00019694 _____ C:\Users\Jillana\Downloads\LATutor SP14 Projections.xlsx
2013-11-03 18:07 - 2013-11-03 18:07 - 00091136 _____ C:\Users\Jillana\Downloads\Final SACM Backbill.xls
2013-11-03 17:47 - 2013-11-03 17:47 - 00052996 _____ C:\Users\Jillana\Downloads\cost per course FA12 thru FA13a.xlsx
2013-11-02 22:06 - 2013-11-02 22:06 - 00000000 ____D C:\Users\Server\Documents\ExpressPCB
2013-11-02 22:06 - 2013-11-02 22:06 - 00000000 ____D C:\Users\Server\AppData\Roaming\Help
2013-11-02 22:06 - 2013-11-02 22:06 - 00000000 ____D C:\Users\Server\AppData\Local\Help
2013-11-02 22:05 - 2013-11-02 22:05 - 10199905 _____ (ExpressPCB             ) C:\Users\Server\Downloads\ExpressPCBSetup.exe
2013-11-02 22:05 - 2013-11-02 22:05 - 00000000 ____D C:\Users\Server\AppData\Local\Downloaded Installations
2013-11-01 16:05 - 2013-11-01 16:05 - 00000701 _____ C:\Users\Server\Desktop\minecraft_server.1.7.2 - Shortcut.lnk
2013-11-01 16:05 - 2013-10-10 15:07 - 00000000 ____D C:\Users\Server\Desktop\Minecraft Server
2013-11-01 13:59 - 2013-11-01 13:59 - 00013383 _____ C:\Users\Jillana\Downloads\Potential Courses for SP14.xlsx
2013-10-31 12:31 - 2013-10-29 21:52 - 00000000 ____D C:\Users\Server\Desktop\Minecraft Jack
2013-10-31 12:30 - 2013-10-29 21:46 - 00000000 ____D C:\Users\Server\Desktop\Minecraft oliver
2013-10-30 14:55 - 2012-08-21 23:05 - 00000000 ____D C:\Users\Server\AppData\Local\VirtualStore
2013-10-30 14:54 - 2013-10-30 14:48 - 00000000 ____D C:\Users\Server\AppData\Local\HP
2013-10-30 14:52 - 2013-10-30 14:52 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-10-30 14:51 - 2013-10-30 14:51 - 00002212 _____ C:\Users\Public\Desktop\HP Deskjet 1010 series.lnk
2013-10-30 14:51 - 2013-10-30 14:51 - 00000000 ____D C:\ProgramData\HP
2013-10-30 14:50 - 2013-10-30 14:50 - 00000057 _____ C:\ProgramData\Ament.ini
2013-10-30 14:50 - 2013-10-30 14:50 - 00000000 ____D C:\Program Files\HP
 
Files to move or delete:
====================
C:\Users\Server\~uTorrentPartFile_8E69E0DC.dat
 
 
Some content of TEMP:
====================
C:\Users\Jillana\AppData\Local\Temp\20130803102051234jniverify.dll
C:\Users\Jillana\AppData\Local\Temp\20130803102717556jniverify.dll
C:\Users\Jillana\AppData\Local\Temp\20130925085915898jniverify.dll
C:\Users\Jillana\AppData\Local\Temp\install_reader11_en_mssa_aaa_aih.exe
C:\Users\Jillana\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Jillana\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Server\AppData\Local\Temp\AskSLib.dll
C:\Users\Server\AppData\Local\Temp\DSETUP.dll
C:\Users\Server\AppData\Local\Temp\dsetup32.dll
C:\Users\Server\AppData\Local\Temp\DXSETUP.exe
C:\Users\Server\AppData\Local\Temp\InstallMonetizer.exe
C:\Users\Server\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Server\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Server\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Server\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Server\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Server\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Server\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Server\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Server\AppData\Local\Temp\ose00000.exe
C:\Users\Server\AppData\Local\Temp\Quarantine.exe
C:\Users\Server\AppData\Local\Temp\_is356A.exe
C:\Users\Server\AppData\Local\Temp\_is485E.exe
C:\Users\Server\AppData\Local\Temp\_is871.exe
C:\Users\Server\AppData\Local\Temp\_isB71E.exe
C:\Users\Server\AppData\Local\Temp\_isC421.exe
C:\Users\Server\AppData\Local\Temp\_isE4AC.exe
C:\Users\Server\AppData\Local\Temp\_isFA6D.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-20 12:53
 
==================== End Of Log ============================

 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:22 PM

Posted 29 November 2013 - 02:23 PM

Hi Tom,

Thanks for the information.

There are a number of files that need to be deleted. Please consider and complete the below.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.



===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
AlternateDataStreams: C:\ProgramData\TEMP:9E00596C
HKU\Jillana\...\Run: [AdobeBridge] - [x]
C:\Users\Server\~uTorrentPartFile_8E69E0DC.dat
C:\Users\Jillana\AppData\Local\Temp\20130803102051234jniverify.dll
C:\Users\Jillana\AppData\Local\Temp\20130803102717556jniverify.dll
C:\Users\Jillana\AppData\Local\Temp\20130925085915898jniverify.dll
C:\Users\Jillana\AppData\Local\Temp\install_reader11_en_mssa_aaa_aih.exe
C:\Users\Jillana\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Jillana\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Server\AppData\Local\Temp\AskSLib.dll
C:\Users\Server\AppData\Local\Temp\DSETUP.dll
C:\Users\Server\AppData\Local\Temp\dsetup32.dll
C:\Users\Server\AppData\Local\Temp\DXSETUP.exe
C:\Users\Server\AppData\Local\Temp\InstallMonetizer.exe
C:\Users\Server\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Server\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Server\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Server\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Server\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Server\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Server\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Server\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Server\AppData\Local\Temp\ose00000.exe
C:\Users\Server\AppData\Local\Temp\Quarantine.exe
C:\Users\Server\AppData\Local\Temp\_is356A.exe
C:\Users\Server\AppData\Local\Temp\_is485E.exe
C:\Users\Server\AppData\Local\Temp\_is871.exe
C:\Users\Server\AppData\Local\Temp\_isB71E.exe
C:\Users\Server\AppData\Local\Temp\_isC421.exe
C:\Users\Server\AppData\Local\Temp\_isE4AC.exe
C:\Users\Server\AppData\Local\Temp\_isFA6D.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • How is your computer running.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 ffinnegan24

ffinnegan24
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 29 November 2013 - 02:51 PM

Here you go Gary,

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-11-2013
Ran by Server at 2013-11-29 12:49:40 Run:1
Running from C:\Users\Server\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
AlternateDataStreams: C:\ProgramData\TEMP:9E00596C
HKU\Jillana\...\Run: [AdobeBridge] -
[x]
C:\Users\Server\~uTorrentPartFile_8E69E0DC.dat
C:\Users\Jillana\AppData\Local\Temp\20130803102051234jniverify.dll
C:\Users\Jillana\AppData\Local\Temp\20130803102717556jniverify.dll
C:\Users\Jillana\AppData\Local\Temp\20130925085915898jniverify.dll
C:\Users\Jillana\AppData\Local\Temp\install_reader11_en_mssa_aaa_aih.exe
C:\Users\Jillana\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Jillana\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Server\AppData\Local\Temp\AskSLib.dll
C:\Users\Server\AppData\Local\Temp\DSETUP.dll
C:\Users\Server\AppData\Local\Temp\dsetup32.dll
C:\Users\Server\AppData\Local\Temp\DXSETUP.exe
C:\Users\Server\AppData\Local\Temp\InstallMonetizer.exe
C:\Users\Server\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Server\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Server\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Server\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Server\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Server\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Server\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Server\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Server\AppData\Local\Temp\ose00000.exe
C:\Users\Server\AppData\Local\Temp\Quarantine.exe
C:\Users\Server\AppData\Local\Temp\_is356A.exe
C:\Users\Server\AppData\Local\Temp\_is485E.exe
C:\Users\Server\AppData\Local\Temp\_is871.exe
C:\Users\Server\AppData\Local\Temp\_isB71E.exe
C:\Users\Server\AppData\Local\Temp\_isC421.exe
C:\Users\Server\AppData\Local\Temp\_isE4AC.exe
C:\Users\Server\AppData\Local\Temp\_isFA6D.exe
*****************
 
C:\ProgramData\TEMP => ":9E00596C" ADS removed successfully.
HKU\Jillana\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\Jillana\...\Run: [AdobeBridge] - => Value not found.
C:\Users\Server\~uTorrentPartFile_8E69E0DC.dat => Moved successfully.
C:\Users\Jillana\AppData\Local\Temp\20130803102051234jniverify.dll => Moved successfully.
C:\Users\Jillana\AppData\Local\Temp\20130803102717556jniverify.dll => Moved successfully.
C:\Users\Jillana\AppData\Local\Temp\20130925085915898jniverify.dll => Moved successfully.
C:\Users\Jillana\AppData\Local\Temp\install_reader11_en_mssa_aaa_aih.exe => Moved successfully.
C:\Users\Jillana\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Users\Jillana\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe => Moved successfully.
C:\Users\Server\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\Server\AppData\Local\Temp\DSETUP.dll => Moved successfully.
C:\Users\Server\AppData\Local\Temp\dsetup32.dll => Moved successfully.
C:\Users\Server\AppData\Local\Temp\DXSETUP.exe => Moved successfully.
C:\Users\Server\AppData\Local\Temp\InstallMonetizer.exe => Moved successfully.
C:\Users\Server\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe => Moved successfully.
C:\Users\Server\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Users\Server\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\Server\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Server\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Server\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Server\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe => Moved successfully.
C:\Users\Server\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe => Moved successfully.
C:\Users\Server\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Server\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Server\AppData\Local\Temp\_is356A.exe => Moved successfully.
C:\Users\Server\AppData\Local\Temp\_is485E.exe => Moved successfully.
C:\Users\Server\AppData\Local\Temp\_is871.exe => Moved successfully.
C:\Users\Server\AppData\Local\Temp\_isB71E.exe => Moved successfully.
C:\Users\Server\AppData\Local\Temp\_isC421.exe => Moved successfully.
C:\Users\Server\AppData\Local\Temp\_isE4AC.exe => Moved successfully.
C:\Users\Server\AppData\Local\Temp\_isFA6D.exe => Moved successfully.
 
==== End of Fixlog ====


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:22 PM

Posted 29 November 2013 - 02:54 PM

Are you having any issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 ffinnegan24

ffinnegan24
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 29 November 2013 - 03:04 PM

I can't say that I am.  The only issue I was having was a hotmail account that was getting hacked.  We added two step authentication and that seemed to take care of the hacking problem.  I am just not sure how it happened in the first place and want to rule out this computer.  What did that fix log take care of.  Was there anything malicious or were they just loose ends?

Thanks,

Tom



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:22 PM

Posted 29 November 2013 - 03:11 PM

There were some suspicious files but I am not able to identify exactly what they were intended to do (Trojan/Virus, etc.?)  Some of them were .exe files which launch things on your computer.  They may very well be legitimate files associated with the installation of a program but I can't really say.  It is possible your computer was infected but there is nothing in your log that provides conclusive evidence of that.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 ffinnegan24

ffinnegan24
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 29 November 2013 - 03:53 PM

Thank you for helping, Gary.  

If you have anything else for me to do let me know.  Otherwise, I'll assume we are done.

Thanks,

Tom



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:22 PM

Posted 29 November 2013 - 04:04 PM

Hi Tom,

I typically like to finish up with a couple of scans to look for any leftover entries. Please do this.

===================================================

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware Free and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download. You can also right click on the link and select Save Link As
  • Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
      For instructions with screenshots, please refer to this Guide.
    • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version .
    • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
    • Click on the Scan button.
    • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
  • Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not be presented with a log.
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • MBAM results
  • ESET results
  • How is your computer running now? Any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users