Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser not connecting to internet, computer connected, i have or had a trojan


  • This topic is locked This topic is locked
46 replies to this topic

#1 GreatStoneDragon

GreatStoneDragon

  • Members
  • 32 posts
  • OFFLINE
  •  

Posted 05 December 2013 - 03:17 AM

MOD EDIT - Referred from Networking. Initial topic - http://www.bleepingcomputer.com/forums/t/516429/browser-not-connecting-to-internet-computer-connect/

Hi,
I was using my desktop the otherday and I noticed so many ads all over the places, and random links on a lot of words that when accidentally clicked take me to random websites. So I assumed it was a virus and turned on my Microsoft security essentials. Sure enough it detected a Trojan, and I removed it. I go back online and the problem still persisted. So I downloaded malwarebytes and it did it's job removing some fifty threats. I read an article a few days earlier about a virus named Zeus, and that it does what was happening to my computer. I ran malwarebytes again and removed some more threats, and then tried installing Kaspersky antivirus and it said to remove Microsoft security essential and I did. Here starts my network problem. While doing all this stuff I restarted my computer several times and when i last opened it, it said it was connected to the internet but when I open the browser it gave an error on both chrome and explorer.... I tried a bunch of simple online solutions and nothing worked, forcing me to come to the experts.

I made the logs.
Here is the attach file:.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 3/23/2013 9:33:29 AM
System Uptime: 12/4/2013 10:42:07 PM (1 hours ago)
.
Motherboard: MSI | | Z77A-G41 (MS-7758)
Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz | SOCKET 0 | 2890/100mhz
.
==== Disk Partitions =========================
.
B: is FIXED (NTFS) - 466 GiB total, 434.734 GiB free.
C: is FIXED (NTFS) - 112 GiB total, 2.273 GiB free.
D: is CDROM (CDFS)
E: is CDROM (CDFS)
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_77581462&REV_04\3&11583659&0&A0
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_77581462&REV_04\3&11583659&0&A0
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.22 (x64 edition)
Adobe Creative Cloud
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS6
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.5
Arduino
Ask Toolbar
AutoCAD 2011 - English
AutoCAD 2011 Language Pack - English
Autodesk Material Library 2011
Autodesk Material Library 2011 Base Image library
Battlefield 3
Battlefield 4 Beta
Battlelog Web Plugins
CoffeeCup HTML Editor
Commandos 2: Men of Courage
Crysis®3
D-Link DWA-130 Wireless N USB Adapter
ESN Sonar
FARO LS 1.1.406.58
FileZilla Client 3.4.0
Freemake Video Converter version 4.0.0
GameStop App
GeForce Experience NvStream Client Components
GIMP 2.8.6
GlassFish Server Open Source Edition 3.1.2.2
Google Talk Plugin
Google Update Helper
Google Web Designer
Hawken
Java 7 Update 21 (64-bit)
Java 7 Update 45
Java Auto Updater
Java SE Development Kit 7 Update 21 (64-bit)
Java™ 6 Update 27
Java™ 6 Update 27 (64-bit)
Kaspersky Internet Security 2013
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Mouse and Keyboard Center
Microsoft Office 2003 Web Components
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2005 Tools for Applications - ENU
Microsoft Xbox 360 Accessories 1.2
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
MSI Afterburner 2.3.1
MSI Kombustor 2.5.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need for Speed Most Wanted
NetBeans IDE 7.3
NVIDIA 3D Vision Controller Driver 331.82
NVIDIA 3D Vision Driver 331.82
NVIDIA Control Panel 331.82
NVIDIA GeForce Experience 1.8
NVIDIA Graphics Driver 331.82
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 10.10.5
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 10.10.5
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.12
Origin
PDF Settings CS6
PunkBuster Services
Razer Synapse 2.0
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
ScorpionSaver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
SHIELD Streaming
SolidWorks 2012 x64 Edition SP0
SolidWorks eDrawings 2012 x64 Edition SP0
SolidWorks Explorer 2012 SP0 x64 Edition
Steam
TechPowerUp GPU-Z
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
VirtualCloneDrive
.
==== Event Viewer Messages From Past Week ========
.
12/4/2013 9:31:09 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================

And here is the Des text:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
Run by Abdullah Al-Shehabi at 23:53:45 on 2013-12-04
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8137.6387 [GMT -8:00]
.
AV: Kaspersky Internet Security *Enabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
C:\Program Files (x86)\D-Link\DWA-130 revE\wirelesscm.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
B:\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
B:\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
B:\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [Xpadder] "C:\Users\Abdullah Al-Shehabi\Downloads\Xpadder v5.7 (2010.11.17)\Xpadder.exe" /m
uRun: [AdobeBridge]
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~1.LNK - C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\D-Link\DWA-130 revE\wirelesscm.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
LSP: C:\Windows\System32\AdpeakProxy.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{7EED63A9-0610-4DE6-AFC4-0AC96B4D768D} : NameServer = 4.2.2.4,192.168.0.2
TCP: Interfaces\{7EED63A9-0610-4DE6-AFC4-0AC96B4D768D} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{7EED63A9-0610-4DE6-AFC4-0AC96B4D768D}\84453402F4E656 : NameServer = 192.168.0.1,192.168.0.2
TCP: Interfaces\{7EED63A9-0610-4DE6-AFC4-0AC96B4D768D}\84453402F4E656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F354227F-245C-4D46-B3C4-85C68AAC96DE} : DHCPNameServer = 10.0.0.1
SSODL: WebCheck -
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-SSODL: WebCheck -
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54104]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178008]
R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-10-14 166352]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 218880]
R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-4-21 101888]
R2 MBAMScheduler;MBAMScheduler;B:\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-2 418376]
R2 MBAMService;MBAMService;B:\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-2 701512]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-2 15128352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]
R2 WlanWpsSvc;WlanWpsSvc;C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe [2013-3-24 167936]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-18 46568]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-5-25 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-7-25 29016]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-2 25928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-2 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-3-22 676968]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\System32\drivers\RTL8192su.sys [2013-3-23 664576]
R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2013-5-16 126464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1370912]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;B:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-9-27 89160]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-4-27 1431888]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-3 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-25 1255736]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-12-05 05:16:35 64856 ----a-w- C:\Windows\System32\klfphc.dll
2013-12-05 05:16:27 -------- d-----w- C:\Windows\ELAMBKUP
2013-12-05 05:16:26 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2013-12-05 05:16:25 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-12-05 05:16:23 89432 ----a-w- C:\Windows\System32\drivers\klflt.sys
2013-12-03 05:55:40 -------- d-----w- C:\Users\Abdullah Al-Shehabi\AppData\Roaming\Malwarebytes
2013-12-03 05:55:37 -------- d-----w- C:\ProgramData\Malwarebytes
2013-12-03 05:55:36 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-03 05:17:43 -------- d-----w- C:\Users\Abdullah Al-Shehabi\AppData\Local\NVIDIA Corporation
2013-12-03 05:17:19 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-12-03 05:17:19 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-11-28 00:37:33 -------- d-----w- C:\Users\Abdullah Al-Shehabi\.android
2013-11-20 05:58:51 979744 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-11-20 05:58:51 1096480 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-11-18 06:03:42 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2013-11-18 06:03:40 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2013-11-18 01:19:17 439296 ----a-w- C:\Windows\System32\AdpeakProxy64.dll
2013-11-17 17:55:06 -------- d-----w- C:\Users\Abdullah Al-Shehabi\AppData\Roaming\CircuitWorks
2013-11-17 04:20:57 -------- d-----w- C:\Users\Abdullah Al-Shehabi\AppData\Local\TempSWBackupDirectory
2013-11-17 04:20:10 -------- d-----w- C:\Users\Abdullah Al-Shehabi\AppData\Local\SolidWorks
2013-11-17 04:11:53 -------- d-----w- C:\Users\Abdullah Al-Shehabi\AppData\Roaming\help_images_otherUI
2013-11-17 04:11:25 -------- d-----w- C:\Users\Abdullah Al-Shehabi\AppData\Roaming\DassaultSystemes
2013-11-17 04:11:25 -------- d-----w- C:\Users\Abdullah Al-Shehabi\AppData\Local\DassaultSystemes
2013-11-17 04:11:25 -------- d-----w- C:\ProgramData\DassaultSystemes
2013-11-17 04:06:47 -------- d-----w- C:\ProgramData\SolidWorks
2013-11-17 04:06:47 -------- d-----w- C:\Program Files\Common Files\SolidWorks Shared
2013-11-17 04:06:25 -------- d-----w- C:\Program Files\Microsoft Visual Studio 8
2013-11-17 04:06:17 -------- d-----w- C:\Users\Abdullah Al-Shehabi\AppData\Local\Microsoft Help
2013-11-17 04:06:03 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2013-11-17 04:05:54 -------- d-----w- C:\Users\Abdullah Al-Shehabi\AppData\Roaming\Google Talk
2013-11-17 04:05:20 -------- d-----w- C:\Program Files (x86)\Common Files\SolidWorks Shared
2013-11-17 04:05:19 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2013-11-17 04:03:46 -------- d-----w- C:\Program Files (x86)\Common Files\SolidWorks Installation Manager
2013-11-16 22:56:51 -------- d-----w- C:\Windows\SolidWorks
2013-11-16 22:56:50 -------- d-----w- C:\Users\Abdullah Al-Shehabi\AppData\Roaming\SolidWorks
2013-11-16 22:55:13 -------- d-----w- C:\temp
2013-11-16 22:55:07 -------- d-----w- C:\Program Files\Level Quality Watcher
2013-11-16 22:54:43 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2013-11-16 22:37:19 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2013-11-14 04:47:53 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-11-14 04:47:53 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-11-14 04:47:50 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-11-14 04:47:50 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-11-14 04:47:50 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-11-14 04:47:50 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-11-14 04:47:50 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-11-11 16:59:28 590112 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
==================== Find3M ====================
.
2013-11-20 23:37:28 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-11-20 23:37:28 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-11-20 23:37:18 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-11 15:02:02 6674208 ----a-w- C:\Windows\System32\nvcpl.dll
2013-11-11 15:02:02 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-11-11 15:01:59 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-11-11 15:01:59 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-11-11 15:01:59 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-11-11 15:01:58 3467927 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-10-30 17:02:58 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-10-09 00:39:03 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 00:39:03 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-09 00:38:56 17813896 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-10-08 14:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-09-30 00:16:11 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-27 08:57:55 1884448 ----a-w- C:\Windows\System32\nvdispco6433140.dll
2013-09-27 08:57:55 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433140.dll
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-18 05:22:42 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2013-09-18 05:22:42 196384 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2013-09-18 05:22:42 1510176 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
.
============= FINISH: 23:54:16.60 ===============

Edited by Blade, 05 December 2013 - 03:50 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 10 December 2013 - 03:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/516431 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 GreatStoneDragon

GreatStoneDragon
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  

Posted 10 December 2013 - 02:29 PM

Hi, 

I still need help to repair my computer. I haven't used it for a few days and when i turned it on today to get new logs the computer kept on restarting several times randomly. I had the computer start with repair and it did, and then i was able to retrieve the logs. However the computer shut down randomly again.....

 

I realized that i had the adware Scorpion Saver that has caused my problems. Probably from Cnet free software.....

 

I don't know what type of damaged happened to my computer from improperly trying to remove the viruses, but the computer is acting very weirdly. It's not connecting to the internet and now restarting and shutting down then restarting 10 minutes later....I'm not sure if this is supposed to be even possible.

 

I do have my original windows disk....

 

I attached the logs as pdf's

 

Attached File  Dds (2).pdf   156.59KB   2 downloads

 


Edited by GreatStoneDragon, 10 December 2013 - 02:42 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,175 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 11 December 2013 - 08:51 PM

Greetings GreatStoneDragon and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do these things for me. You will need to download the programs onto a USB device from a clean computer and transfer them to the desktop of your infected computer.

===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List devices >>(Problem only)<<
List Minidump Files

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • FSS log
  • Result log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 GreatStoneDragon

GreatStoneDragon
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  

Posted 13 December 2013 - 03:08 PM

Hello Oh My,

 

Sorry i took a while to reply. I am following your instructions right now. I had to use Rskill.exe because my computer would restart if i ran combofix alone....

 

I am now in safe mode and everything seems fine while running combofix, but it is at a blue window that says administrator on top and is blank, just blue.....it looks like the command prompt window

 

So i was wondering if that's fine, i saw videos on youtube of combofix running and it seems to have writing going on in the window. I am wondering what is happening. I will reply to the post once everything is complete.

 

 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,175 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 13 December 2013 - 03:33 PM

It can appear as if Combofix is frozen and sometimes it does. Give it a bit of time and if you see no progress force a reboot and let me know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 GreatStoneDragon

GreatStoneDragon
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  

Posted 13 December 2013 - 03:37 PM

How much time should i give it, an hour?



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,175 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 13 December 2013 - 04:01 PM

Go ahead and shut it down if there has been no movement. Try to run this instead, then the other steps I posted.

===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Vista/7/8 users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • When the Status box shows Scan Finished click Delete
  • Click Report
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 GreatStoneDragon

GreatStoneDragon
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  

Posted 13 December 2013 - 05:58 PM

Hi, 
 
Roguekiller worked, and here are my files....
 
Attached File  FSS.txt   4.8KB   1 downloads
 
Attached File  RKreport0_D_12132013_144849.txt   2.46KB   1 downloads
 
Attached File  Result.txt   13.28KB   1 downloads

RogueKiller V8.7.11 [Dec 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode
User : Abdullah Al-Shehabi [Admin rights]
Mode : Remove -- Date : 12/13/2013 14:48:49
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AZLX-00K4KA0 ATA Device +++++
--- User ---
[MBR] 62b1a0654aeddb6ce7071d13bafca9b6
[BSP] f6afabccca3d2b839e093042e15168b2 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) Samsung SSD 840 Series ATA Device +++++
--- User ---
[MBR] 418b71c2a841d91f696af0d9b0693dce
[BSP] 33db04f77c6e438a08306b6c2dc4fb2d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) SMI USB DISK USB Device +++++
--- User ---
[MBR] 60881d7dfca2b02fbdfc2a07c9895fe5
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 24 | Size: 7594 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_D_12132013_144849.txt >>
RKreport[0]_S_12132013_144651.txt





Farbar Service Scanner Version: 05-12-2013
Ran by Abdullah Al-Shehabi (administrator) on 13-12-2013 at 14:50:27
Running from "C:\Users\Abdullah Al-Shehabi\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:
The start type of Nsi service is OK.
The ImagePath of Nsi service is OK.
The ServiceDll of Nsi service is OK.

nsiproxy Service is not running. Checking service configuration:
The start type of nsiproxy service is OK.
The ImagePath of nsiproxy service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

MiniToolBox by Farbar Version: 13-07-2013
Ran by Abdullah Al-Shehabi (administrator) on 13-12-2013 at 14:51:32
Running from "C:\Users\Abdullah Al-Shehabi\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================



# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : DaCommander
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.
Unable to contact IP driver. General failure.
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\AdpeakProxy.dll [File not found] ()
Catalog9 02 C:\Windows\system32\AdpeakProxy.dll [File not found] ()
Catalog9 03 C:\Windows\system32\AdpeakProxy.dll [File not found] ()
Catalog9 04 C:\Windows\system32\AdpeakProxy.dll [File not found] ()
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\AdpeakProxy.dll [File not found] ()
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
x64-Catalog9 02 C:\Windows\System32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
x64-Catalog9 03 C:\Windows\System32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
x64-Catalog9 04 C:\Windows\System32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/13/2013 11:35:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/13/2013 11:22:35 AM) (Source: NVNetworkService) (User: )
Description: NVNetworkServiceTime out when waiting for RPC server started event.

Error: (12/13/2013 11:22:22 AM) (Source: Application Error) (User: )
Description: Faulting application name: NvBackend.exe, version: 10.10.5.1, time stamp: 0x5298c5b1
Faulting module name: NvBackend.exe, version: 10.10.5.1, time stamp: 0x5298c5b1
Exception code: 0xc0000005
Fault offset: 0x0005f8d2
Faulting process id: 0xb94
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3

Error: (12/13/2013 11:22:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/13/2013 11:22:05 AM) (Source: NVNetworkService) (User: )
Description: NVNetworkServiceThe requested service provider could not be loaded or initialized

Error: (12/13/2013 11:19:32 AM) (Source: NVNetworkService) (User: )
Description: NVNetworkServiceTime out when waiting for RPC server started event.

Error: (12/13/2013 11:19:19 AM) (Source: Application Error) (User: )
Description: Faulting application name: NvBackend.exe, version: 10.10.5.1, time stamp: 0x5298c5b1
Faulting module name: NvBackend.exe, version: 10.10.5.1, time stamp: 0x5298c5b1
Exception code: 0xc0000005
Fault offset: 0x0005f8d2
Faulting process id: 0xbd0
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3

Error: (12/13/2013 11:19:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/13/2013 11:19:02 AM) (Source: NVNetworkService) (User: )
Description: NVNetworkServiceThe requested service provider could not be loaded or initialized

Error: (12/13/2013 11:17:41 AM) (Source: NVNetworkService) (User: )
Description: NVNetworkServiceTime out when waiting for RPC server started event.


System errors:
=============
Error: (12/13/2013 02:50:06 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/13/2013 02:46:38 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/13/2013 02:46:38 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/13/2013 02:46:38 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/13/2013 02:45:21 PM) (Source: DCOM) (User: )
Description: 1084NVSvc{DCAB0989-1301-4319-BE5F-ADE89F88581C}

Error: (12/13/2013 02:42:07 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/13/2013 02:41:53 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/13/2013 11:33:21 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/13/2013 11:33:21 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/13/2013 11:33:21 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (12/13/2013 11:35:09 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/13/2013 11:22:35 AM) (Source: NVNetworkService)(User: )
Description: NVNetworkServiceTime out when waiting for RPC server started event.

Error: (12/13/2013 11:22:22 AM) (Source: Application Error)(User: )
Description: NvBackend.exe10.10.5.15298c5b1NvBackend.exe10.10.5.15298c5b1c00000050005f8d2b9401cef8389c6d49efC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exee3421c1c-642b-11e3-a6ad-d43d7e4f6737

Error: (12/13/2013 11:22:10 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/13/2013 11:22:05 AM) (Source: NVNetworkService)(User: )
Description: NVNetworkServiceThe requested service provider could not be loaded or initialized

Error: (12/13/2013 11:19:32 AM) (Source: NVNetworkService)(User: )
Description: NVNetworkServiceTime out when waiting for RPC server started event.

Error: (12/13/2013 11:19:19 AM) (Source: Application Error)(User: )
Description: NvBackend.exe10.10.5.15298c5b1NvBackend.exe10.10.5.15298c5b1c00000050005f8d2bd001cef8382f7b07b3C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe76377afa-642b-11e3-83c4-d43d7e4f6737

Error: (12/13/2013 11:19:07 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/13/2013 11:19:02 AM) (Source: NVNetworkService)(User: )
Description: NVNetworkServiceThe requested service provider could not be loaded or initialized

Error: (12/13/2013 11:17:41 AM) (Source: NVNetworkService)(User: )
Description: NVNetworkServiceTime out when waiting for RPC server started event.


========================= Devices: ================================

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: D-Link DWA-130 Wireless N USB Adapter
Description: D-Link DWA-130 Wireless N USB Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: D-Link Corporation
Service: RTL8192su
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

Edited by Oh My, 13 December 2013 - 08:32 PM.
Logs posted


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,175 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 13 December 2013 - 08:42 PM

Thanks for the information. Please run this program. If you could copy and paste the logs rather than attach them it will make reviewing them a lot simpler. Like the other programs you ran it will be necessary to download them on another computer.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Farbar logs (2)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 GreatStoneDragon

GreatStoneDragon
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  

Posted 13 December 2013 - 08:50 PM

Here are the two documents:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2013 01
Ran by Abdullah Al-Shehabi (administrator) on DACOMMANDER on 13-12-2013 17:46:31
Running from C:\Users\Abdullah Al-Shehabi\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
HKCU\...\Run: [Xpadder] - "C:\Users\Abdullah Al-Shehabi\Downloads\Xpadder v5.7 (2010.11.17)\Xpadder.exe" /m
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Google Update] - C:\Users\Abdullah Al-Shehabi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-06] (Google Inc.)
MountPoints2: E - E:\HTC_Sync_Manager_PC.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [606056 2013-07-23] (Razer Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-08-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680 2013-10-14] (APN)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-08-17] (Kaspersky Lab ZAO)
BootExecute: autocheck autochk * OODBS
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM-x32 - DefaultScope {ADB527D0-FC61-4F7C-9856-818B025E0F8C} URL = 
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Winsock: Catalog9 01 C:\Windows\system32\AdpeakProxy.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\AdpeakProxy.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\AdpeakProxy.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\AdpeakProxy.dll File Not found ()
Winsock: Catalog9 15 C:\Windows\system32\AdpeakProxy.dll File Not found ()
Winsock: Catalog9-x64 01 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{7EED63A9-0610-4DE6-AFC4-0AC96B4D768D}: [NameServer]4.2.2.4,192.168.0.2
 
Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [aaaajpkhjdkhhnkmgfjodbkfpbmibkkk] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Abdullah Al-Shehabi\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Abdullah Al-Shehabi\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-14] (APN LLC.)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-08-17] (Kaspersky Lab ZAO)
S3 CoordinatorServiceHost; B:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe [89160 2011-09-27] (Dassault Systèmes SolidWorks Corp.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-04-15] (Freemake)
S2 MBAMScheduler; B:\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; B:\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-09-29] ()
S2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe [167936 2008-06-26] ()
 
==================== Drivers (Whitelisted) ====================
 
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [611160 2012-08-13] (Kaspersky Lab)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-05-25] (Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29016 2012-07-25] (Kaspersky Lab)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2012-06-08] (Kaspersky Lab)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178008 2012-08-13] (Kaspersky Lab)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-08-13] (Kaspersky Lab)
S3 MSICDSetup; \??\D:\CDriver64.sys [x]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-13 17:46 - 2013-12-13 17:46 - 00010380 _____ C:\Users\Abdullah Al-Shehabi\Desktop\FRST.txt
2013-12-13 17:46 - 2013-12-13 17:46 - 00000000 ____D C:\FRST
2013-12-13 17:46 - 2013-12-13 17:40 - 01927462 _____ (Farbar) C:\Users\Abdullah Al-Shehabi\Desktop\FRST64.exe
2013-12-13 14:51 - 2013-12-13 14:51 - 00013603 _____ C:\Users\Abdullah Al-Shehabi\Desktop\Result.txt
2013-12-13 14:50 - 2013-12-13 14:50 - 00004913 _____ C:\Users\Abdullah Al-Shehabi\Desktop\FSS.txt
2013-12-13 14:48 - 2013-12-13 14:48 - 00002523 _____ C:\Users\Abdullah Al-Shehabi\Desktop\RKreport[0]_D_12132013_144849.txt
2013-12-13 14:46 - 2013-12-13 14:59 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\Desktop\RK_Quarantine
2013-12-13 14:46 - 2013-12-13 14:46 - 00002458 _____ C:\Users\Abdullah Al-Shehabi\Desktop\RKreport[0]_S_12132013_144651.txt
2013-12-13 14:45 - 2013-12-13 14:39 - 03580416 _____ C:\Users\Abdullah Al-Shehabi\Desktop\RogueKiller.exe
2013-12-13 11:34 - 2013-12-13 11:34 - 00000000 ___SD C:\freshcopy
2013-12-13 11:34 - 2013-12-13 11:34 - 00000000 ___SD C:\32788R22FWJFW
2013-12-13 11:34 - 2013-12-13 11:34 - 00000000 ____D C:\Windows\erdnt
2013-12-13 11:34 - 2013-12-13 11:34 - 00000000 ____D C:\Qoobox
2013-12-13 11:33 - 2013-12-13 11:33 - 00004954 _____ C:\Users\Abdullah Al-Shehabi\Desktop\Rkill.txt
2013-12-13 11:33 - 2013-12-13 11:33 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\Desktop\rkill
2013-12-13 11:32 - 2013-12-13 11:23 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Abdullah Al-Shehabi\Desktop\iExplore.exe
2013-12-13 11:22 - 2013-12-13 11:06 - 05154339 ____R (Swearware) C:\Users\Abdullah Al-Shehabi\Desktop\freshcopy.exe
2013-12-13 11:20 - 2013-12-13 11:20 - 00000000 ____D C:\Windows\pss
2013-12-13 11:06 - 2013-12-13 10:55 - 00760937 _____ (Farbar) C:\Users\Abdullah Al-Shehabi\Desktop\MiniToolBox.exe
2013-12-13 11:06 - 2013-12-13 10:54 - 00708597 _____ (Farbar) C:\Users\Abdullah Al-Shehabi\Desktop\FSS.exe
2013-12-10 10:48 - 2013-12-10 10:50 - 00012707 _____ C:\Users\Abdullah Al-Shehabi\Desktop\attach.txt
2013-12-10 10:48 - 2013-12-10 10:49 - 00021443 _____ C:\Users\Abdullah Al-Shehabi\Desktop\dds.txt
2013-12-10 10:32 - 2013-12-13 11:03 - 00003572 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0 Fallback-DaCommander-Abdullah Al-Shehabi
2013-12-04 23:55 - 2013-12-04 23:55 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\Desktop\Log Files
2013-12-04 23:52 - 2013-12-04 23:51 - 00688992 ____R (Swearware) C:\Users\Abdullah Al-Shehabi\Desktop\dds.com
2013-12-04 21:18 - 2013-12-04 21:18 - 00002340 _____ C:\Users\Abdullah Al-Shehabi\Desktop\Safe Money.lnk
2013-12-04 21:16 - 2013-12-13 11:22 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-04 21:16 - 2013-12-04 21:16 - 00001146 _____ C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2013-12-04 21:16 - 2013-12-04 21:16 - 00000000 ____D C:\Windows\ELAMBKUP
2013-12-04 21:16 - 2013-12-04 21:16 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-12-04 21:16 - 2012-08-13 18:24 - 00611160 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2013-12-04 21:16 - 2012-08-13 18:24 - 00089432 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2013-12-04 21:16 - 2012-07-11 17:09 - 00064856 _____ (Kaspersky Lab) C:\Windows\system32\klfphc.dll
2013-12-03 12:23 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-03 12:21 - 2013-12-03 12:23 - 00007785 _____ C:\Windows\IE11_main.log
2013-12-03 12:21 - 2013-12-03 12:21 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-03 12:21 - 2013-12-03 12:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-03 12:21 - 2013-12-03 12:21 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-03 12:21 - 2013-12-03 12:21 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-03 12:21 - 2013-12-03 12:21 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 12:21 - 2013-12-03 12:21 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 12:21 - 2013-12-03 12:21 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 12:21 - 2013-12-03 12:21 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 12:21 - 2013-12-03 12:21 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 12:21 - 2013-12-03 12:21 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 12:21 - 2013-12-03 12:21 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-02 21:55 - 2013-12-02 21:55 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\AppData\Roaming\Malwarebytes
2013-12-02 21:55 - 2013-12-02 21:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-02 21:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-02 21:17 - 2013-12-02 21:17 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\AppData\Local\NVIDIA Corporation
2013-12-02 21:17 - 2013-10-30 09:03 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-12-02 21:17 - 2013-10-30 09:02 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-01 22:21 - 2013-12-01 22:21 - 00000000 ____D C:\Users\CURRENT_USER\AppData\Roaming\SolidWorks
2013-11-27 16:37 - 2013-11-27 17:01 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\.android
2013-11-19 22:00 - 2013-11-14 03:55 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-11-19 22:00 - 2013-11-14 03:55 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 00357152 _____ C:\Windows\system32\NvIFROpenGL.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-11-19 22:00 - 2013-11-14 03:55 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-11-19 21:58 - 2013-11-29 08:56 - 01096480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-11-19 21:58 - 2013-11-29 08:56 - 00979744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-11-17 22:03 - 2013-11-17 22:03 - 00289598 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-11-17 22:03 - 2013-11-17 22:03 - 00284210 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-11-17 22:03 - 2013-11-17 22:03 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-11-17 22:03 - 2013-11-17 22:03 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2013-11-17 17:19 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll
2013-11-17 09:55 - 2013-11-17 09:55 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\AppData\Roaming\CircuitWorks
2013-11-16 20:20 - 2013-12-05 23:59 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\AppData\Local\TempSWBackupDirectory
2013-11-16 20:20 - 2013-11-16 20:20 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\AppData\Local\SolidWorks
2013-11-16 20:12 - 2013-11-16 20:12 - 00002963 _____ C:\Users\Public\Desktop\SolidWorks Explorer 2012.lnk
2013-11-16 20:12 - 2013-11-16 20:12 - 00001703 _____ C:\Users\Public\Desktop\SolidWorks eDrawings 2012.lnk
2013-11-16 20:11 - 2013-12-05 22:18 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\AppData\Roaming\DassaultSystemes
2013-11-16 20:11 - 2013-12-05 22:18 - 00000000 ____D C:\ProgramData\DassaultSystemes
2013-11-16 20:11 - 2013-11-16 20:11 - 00001703 _____ C:\Users\Public\Desktop\SolidWorks eDrawings 2012 x64 Edition.lnk
2013-11-16 20:11 - 2013-11-16 20:11 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\Documents\SolidWorks Visual Studio Tools for Applications
2013-11-16 20:11 - 2013-11-16 20:11 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\AppData\Roaming\help_images_otherUI
2013-11-16 20:11 - 2013-11-16 20:11 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\AppData\Local\DassaultSystemes
2013-11-16 20:11 - 2013-11-16 20:11 - 00000000 _____ C:\Windows\eDrawingOfficeAutomator.INI
2013-11-16 20:09 - 2013-11-16 20:09 - 00002695 _____ C:\Users\Public\Desktop\SolidWorks 2012 x64 Edition.lnk
2013-11-16 20:06 - 2013-11-16 20:12 - 00000000 ____D C:\Program Files\Common Files\SolidWorks Shared
2013-11-16 20:06 - 2013-11-16 20:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-16 20:06 - 2013-11-16 20:06 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\Documents\Visual Studio 2005
2013-11-16 20:06 - 2013-11-16 20:06 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\AppData\Local\Microsoft Help
2013-11-16 20:06 - 2013-11-16 20:06 - 00000000 ____D C:\ProgramData\SolidWorks
2013-11-16 20:06 - 2013-11-16 20:06 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2013-11-16 20:06 - 2013-11-16 20:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-11-16 20:05 - 2013-12-02 22:09 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\AppData\Roaming\Google Talk
2013-11-16 14:56 - 2013-12-07 22:22 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\AppData\Roaming\SolidWorks
2013-11-16 14:56 - 2013-11-16 20:05 - 00000000 ____D C:\Windows\SolidWorks
2013-11-16 14:55 - 2013-12-04 21:08 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-16 14:54 - 2013-11-16 18:23 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-16 14:39 - 2013-11-16 14:54 - 00001250 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2013-11-16 14:37 - 2013-11-16 14:37 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-11-16 13:07 - 2012-01-25 00:22 - 1774213120 _____ C:\Users\Abdullah Al-Shehabi\Desktop\SW2012_SP0.0_Win64_Full_Multilanguage_SSQ.iso
2013-11-13 20:48 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 20:48 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 20:48 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 20:48 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 20:48 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 20:48 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 20:48 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 20:48 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 20:48 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 20:48 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 20:48 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 20:48 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 20:48 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 20:48 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 20:48 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 20:48 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 20:48 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 20:48 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 20:48 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 20:48 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 20:48 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 20:48 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 20:48 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 20:47 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 20:47 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 20:47 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 20:47 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 20:47 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 20:47 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 20:47 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
 
==================== One Month Modified Files and Folders =======
 
2013-12-13 17:46 - 2013-12-13 17:46 - 00010380 _____ C:\Users\Abdullah Al-Shehabi\Desktop\FRST.txt
2013-12-13 17:46 - 2013-12-13 17:46 - 00000000 ____D C:\FRST
2013-12-13 17:40 - 2013-12-13 17:46 - 01927462 _____ (Farbar) C:\Users\Abdullah Al-Shehabi\Desktop\FRST64.exe
2013-12-13 14:59 - 2013-12-13 14:46 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\Desktop\RK_Quarantine
2013-12-13 14:51 - 2013-12-13 14:51 - 00013603 _____ C:\Users\Abdullah Al-Shehabi\Desktop\Result.txt
2013-12-13 14:50 - 2013-12-13 14:50 - 00004913 _____ C:\Users\Abdullah Al-Shehabi\Desktop\FSS.txt
2013-12-13 14:48 - 2013-12-13 14:48 - 00002523 _____ C:\Users\Abdullah Al-Shehabi\Desktop\RKreport[0]_D_12132013_144849.txt
2013-12-13 14:46 - 2013-12-13 14:46 - 00002458 _____ C:\Users\Abdullah Al-Shehabi\Desktop\RKreport[0]_S_12132013_144651.txt
2013-12-13 14:39 - 2013-12-13 14:45 - 03580416 _____ C:\Users\Abdullah Al-Shehabi\Desktop\RogueKiller.exe
2013-12-13 11:34 - 2013-12-13 11:34 - 00000000 ___SD C:\freshcopy
2013-12-13 11:34 - 2013-12-13 11:34 - 00000000 ___SD C:\32788R22FWJFW
2013-12-13 11:34 - 2013-12-13 11:34 - 00000000 ____D C:\Windows\erdnt
2013-12-13 11:34 - 2013-12-13 11:34 - 00000000 ____D C:\Qoobox
2013-12-13 11:33 - 2013-12-13 11:33 - 00004954 _____ C:\Users\Abdullah Al-Shehabi\Desktop\Rkill.txt
2013-12-13 11:33 - 2013-12-13 11:33 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\Desktop\rkill
2013-12-13 11:32 - 2013-03-24 18:54 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\AppData\Local\Adobe
2013-12-13 11:32 - 2013-03-22 18:51 - 01331091 _____ C:\Windows\WindowsUpdate.log
2013-12-13 11:32 - 2009-07-13 21:13 - 00779178 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-13 11:29 - 2009-07-13 20:45 - 00024096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-13 11:29 - 2009-07-13 20:45 - 00024096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-13 11:23 - 2013-12-13 11:32 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Abdullah Al-Shehabi\Desktop\iExplore.exe
2013-12-13 11:22 - 2013-12-04 21:16 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-13 11:22 - 2013-10-02 15:15 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-13 11:22 - 2013-03-23 08:25 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-13 11:22 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-13 11:22 - 2009-07-13 20:51 - 00051103 _____ C:\Windows\setupact.log
2013-12-13 11:20 - 2013-12-13 11:20 - 00000000 ____D C:\Windows\pss
2013-12-13 11:06 - 2013-12-13 11:22 - 05154339 ____R (Swearware) C:\Users\Abdullah Al-Shehabi\Desktop\freshcopy.exe
2013-12-13 11:03 - 2013-12-10 10:32 - 00003572 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0 Fallback-DaCommander-Abdullah Al-Shehabi
2013-12-13 10:55 - 2013-12-13 11:06 - 00760937 _____ (Farbar) C:\Users\Abdullah Al-Shehabi\Desktop\MiniToolBox.exe
2013-12-13 10:54 - 2013-12-13 11:06 - 00708597 _____ (Farbar) C:\Users\Abdullah Al-Shehabi\Desktop\FSS.exe
2013-12-10 10:52 - 2013-03-23 08:25 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-10 10:50 - 2013-12-10 10:48 - 00012707 _____ C:\Users\Abdullah Al-Shehabi\Desktop\attach.txt
2013-12-10 10:49 - 2013-12-10 10:48 - 00021443 _____ C:\Users\Abdullah Al-Shehabi\Desktop\dds.txt
2013-12-10 10:37 - 2013-04-01 09:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-07 23:15 - 2013-09-06 13:59 - 00000964 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-673676977-1602946733-2205158230-1000UA.job
2013-12-07 23:15 - 2013-09-06 13:59 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-673676977-1602946733-2205158230-1000Core.job
2013-12-07 22:22 - 2013-11-16 14:56 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\AppData\Roaming\SolidWorks
2013-12-05 23:59 - 2013-11-16 20:20 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\AppData\Local\TempSWBackupDirectory
2013-12-05 22:18 - 2013-11-16 20:11 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\AppData\Roaming\DassaultSystemes
2013-12-05 22:18 - 2013-11-16 20:11 - 00000000 ____D C:\ProgramData\DassaultSystemes
2013-12-04 23:55 - 2013-12-04 23:55 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\Desktop\Log Files
2013-12-04 23:51 - 2013-12-04 23:52 - 00688992 ____R (Swearware) C:\Users\Abdullah Al-Shehabi\Desktop\dds.com
2013-12-04 23:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-04 22:41 - 2013-03-23 08:25 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-04 21:18 - 2013-12-04 21:18 - 00002340 _____ C:\Users\Abdullah Al-Shehabi\Desktop\Safe Money.lnk
2013-12-04 21:16 - 2013-12-04 21:16 - 00001146 _____ C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2013-12-04 21:16 - 2013-12-04 21:16 - 00000000 ____D C:\Windows\ELAMBKUP
2013-12-04 21:16 - 2013-12-04 21:16 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-12-04 21:14 - 2013-03-22 19:28 - 00001945 _____ C:\Windows\epplauncher.mif
2013-12-04 21:14 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-12-04 21:08 - 2013-11-16 14:55 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-12-04 21:08 - 2010-11-20 19:47 - 00081618 _____ C:\Windows\PFRO.log
2013-12-04 20:16 - 2013-03-23 08:48 - 00000000 ____D C:\Windows\system32\appmgmt
2013-12-04 16:22 - 2013-03-23 09:08 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-03 23:10 - 2013-09-06 13:59 - 00003966 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-673676977-1602946733-2205158230-1000UA
2013-12-03 23:10 - 2013-09-06 13:59 - 00003570 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-673676977-1602946733-2205158230-1000Core
2013-12-03 22:43 - 2013-03-22 19:05 - 00001413 _____ C:\Users\Abdullah Al-Shehabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-03 22:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-03 12:23 - 2013-12-03 12:21 - 00007785 _____ C:\Windows\IE11_main.log
2013-12-03 12:21 - 2013-12-03 12:21 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-03 12:21 - 2013-12-03 12:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-03 12:21 - 2013-12-03 12:21 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-03 12:21 - 2013-12-03 12:21 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-03 12:21 - 2013-12-03 12:21 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 12:21 - 2013-12-03 12:21 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 12:21 - 2013-12-03 12:21 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 12:21 - 2013-12-03 12:21 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 12:21 - 2013-12-03 12:21 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 12:21 - 2013-12-03 12:21 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 12:21 - 2013-12-03 12:21 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 12:21 - 2013-12-03 12:21 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 12:21 - 2013-12-03 12:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-02 22:09 - 2013-11-16 20:05 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\AppData\Roaming\Google Talk
2013-12-02 21:55 - 2013-12-02 21:55 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\AppData\Roaming\Malwarebytes
2013-12-02 21:55 - 2013-12-02 21:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-02 21:18 - 2013-03-30 12:49 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\AppData\Local\NVIDIA
2013-12-02 21:17 - 2013-12-02 21:17 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\AppData\Local\NVIDIA Corporation
2013-12-02 21:17 - 2013-10-02 15:14 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-02 21:17 - 2013-03-22 19:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-02 21:17 - 2013-03-22 19:07 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-01 22:21 - 2013-12-01 22:21 - 00000000 ____D C:\Users\CURRENT_USER\AppData\Roaming\SolidWorks
2013-11-29 08:56 - 2013-11-19 21:58 - 01096480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-11-29 08:56 - 2013-11-19 21:58 - 00979744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-11-27 17:01 - 2013-11-27 16:37 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\.android
2013-11-27 16:37 - 2013-03-22 19:05 - 00000000 ____D C:\Users\Abdullah Al-Shehabi
2013-11-27 15:29 - 2013-04-16 19:35 - 00000000 ____D C:\Program Files\NetBeans 7.3
2013-11-20 15:37 - 2013-03-23 09:59 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-11-20 15:37 - 2013-03-23 08:44 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-11-20 15:37 - 2013-03-23 08:44 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-11-20 15:32 - 2013-03-23 08:30 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-19 22:02 - 2013-07-05 23:14 - 00002258 _____ C:\Users\Abdullah Al-Shehabi\Desktop\Xpadder.ini
2013-11-19 03:33 - 2010-11-20 19:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-17 22:03 - 2013-11-17 22:03 - 00289598 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-11-17 22:03 - 2013-11-17 22:03 - 00284210 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-11-17 22:03 - 2013-11-17 22:03 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-11-17 22:03 - 2013-11-17 22:03 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2013-11-17 09:55 - 2013-11-17 09:55 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\AppData\Roaming\CircuitWorks
2013-11-17 09:26 - 2013-03-22 19:28 - 00103744 _____ C:\Users\Abdullah Al-Shehabi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-17 09:26 - 2009-07-13 20:45 - 05006096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-16 20:20 - 2013-11-16 20:20 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\AppData\Local\SolidWorks
2013-11-16 20:12 - 2013-11-16 20:12 - 00002963 _____ C:\Users\Public\Desktop\SolidWorks Explorer 2012.lnk
2013-11-16 20:12 - 2013-11-16 20:12 - 00001703 _____ C:\Users\Public\Desktop\SolidWorks eDrawings 2012.lnk
2013-11-16 20:12 - 2013-11-16 20:06 - 00000000 ____D C:\Program Files\Common Files\SolidWorks Shared
2013-11-16 20:11 - 2013-11-16 20:11 - 00001703 _____ C:\Users\Public\Desktop\SolidWorks eDrawings 2012 x64 Edition.lnk
2013-11-16 20:11 - 2013-11-16 20:11 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\Documents\SolidWorks Visual Studio Tools for Applications
2013-11-16 20:11 - 2013-11-16 20:11 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\AppData\Roaming\help_images_otherUI
2013-11-16 20:11 - 2013-11-16 20:11 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\AppData\Local\DassaultSystemes
2013-11-16 20:11 - 2013-11-16 20:11 - 00000000 _____ C:\Windows\eDrawingOfficeAutomator.INI
2013-11-16 20:11 - 2013-11-16 20:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-16 20:09 - 2013-11-16 20:09 - 00002695 _____ C:\Users\Public\Desktop\SolidWorks 2012 x64 Edition.lnk
2013-11-16 20:06 - 2013-11-16 20:06 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\Documents\Visual Studio 2005
2013-11-16 20:06 - 2013-11-16 20:06 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\AppData\Local\Microsoft Help
2013-11-16 20:06 - 2013-11-16 20:06 - 00000000 ____D C:\ProgramData\SolidWorks
2013-11-16 20:06 - 2013-11-16 20:06 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2013-11-16 20:06 - 2013-11-16 20:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-11-16 20:06 - 2013-04-23 21:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-11-16 20:06 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-16 20:05 - 2013-11-16 14:56 - 00000000 ____D C:\Windows\SolidWorks
2013-11-16 20:05 - 2013-04-27 13:52 - 00000000 ____D C:\ProgramData\FLEXnet
2013-11-16 20:05 - 2013-04-23 21:42 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-11-16 18:23 - 2013-11-16 14:54 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-16 18:23 - 2013-03-22 19:05 - 00000000 ___RD C:\Users\Abdullah Al-Shehabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-16 14:54 - 2013-11-16 14:39 - 00001250 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2013-11-16 14:40 - 2013-03-23 09:58 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-11-16 14:37 - 2013-11-16 14:37 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-11-14 03:55 - 2013-11-19 22:00 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-11-14 03:55 - 2013-11-19 22:00 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 00357152 _____ C:\Windows\system32\NvIFROpenGL.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-11-14 03:55 - 2013-11-19 22:00 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-11-14 03:55 - 2013-10-02 15:14 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-11-14 03:55 - 2013-10-02 15:14 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-11-14 03:55 - 2013-10-02 15:13 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-11-14 03:55 - 2013-10-02 15:13 - 18293608 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-11-14 03:55 - 2013-10-02 15:13 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-11-14 03:55 - 2013-10-02 15:13 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-11-14 03:55 - 2013-10-02 15:13 - 03069608 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-11-14 03:55 - 2013-10-02 15:13 - 02697248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-11-14 03:55 - 2013-10-02 15:13 - 01436528 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-11-14 03:55 - 2013-06-02 17:39 - 00023754 _____ C:\Windows\system32\nvinfo.pb
2013-11-13 22:32 - 2013-08-13 23:15 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 22:32 - 2013-03-22 18:51 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 20:38 - 2013-05-12 21:17 - 00000000 ____D C:\Users\Abdullah Al-Shehabi\Documents\Abdurrahman
2013-11-13 20:37 - 2009-07-13 21:08 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
 
Some content of TEMP:
====================
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\6111.exe
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\AAMHelper.exe
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\AcDeltree.exe
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\APNSetup.exe
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\APNStub.exe
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\autorun.dll
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\BackupSetup.exe
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\devcon64.exe
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\i4jdel0.exe
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\installerdll1931011.dll
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\installerdll481294.dll
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\mssinstaller.exe
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\nvStInst.exe
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\sonarinst.exe
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\SpOrder.dll
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\tbMixi.dll
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\tbWhit.dll
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\uninst1.exe
C:\Users\Abdullah Al-Shehabi\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!
 
 
LastRegBack: 2013-11-30 16:48
 
==================== End Of Log ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2013 01
Ran by Abdullah Al-Shehabi at 2013-12-13 17:47:51
Running from C:\Users\Abdullah Al-Shehabi\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Kaspersky Internet Security (Disabled - Out of date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
 
==================== Installed Programs ======================
 
7-Zip 9.22 (x64 edition) (Version: 9.22.00.0)
Adobe Creative Cloud (x32 Version: 2.1.0.213)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Photoshop CS6 (x32 Version: 13.0)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.10.620)
Arduino (x32 Version: 1.0.5)
Ask Toolbar (x32 Version: 12.6.0.11)
AutoCAD 2011 - English (Version: 18.1.49.0)
AutoCAD 2011 Language Pack - English (Version: 18.1.49.0)
Autodesk Material Library 2011 (x32 Version: 2.0.0.49)
Autodesk Material Library 2011 Base Image library (x32 Version: 2.0.0.49)
Battlefield 3™ (x32 Version: 1.6.0.0)
Battlefield 4™ Beta (x32 Version: 1.0.0.0)
Battlelog Web Plugins (x32 Version: 2.3.1)
CoffeeCup HTML Editor (HKCU)
Commandos 2: Men of Courage (x32)
Crysis®3 (x32 Version: 1.0.0.0)
D-Link DWA-130 Wireless N USB Adapter (x32 Version: )
ESN Sonar (x32 Version: 0.70.4)
FARO LS 1.1.406.58 (x32 Version: 4.6.58.2)
FileZilla Client 3.4.0 (x32 Version: 3.4.0)
Freemake Video Converter version 4.0.0 (x32 Version: 4.0.0)
GameStop App (x32 Version: 4.00)
GeForce Experience NvStream Client Components (Version: 1.6.28)
GIMP 2.8.6 (Version: 2.8.6)
GlassFish Server Open Source Edition 3.1.2.2
Google Talk Plugin (x32 Version: 4.9.1.16010)
Google Update Helper (x32 Version: 1.3.21.165)
Google Web Designer (x32 Version: 0.9.14.0)
Hawken (HKCU)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java SE Development Kit 7 Update 21 (64-bit) (Version: 1.7.0.210)
Java™ 6 Update 27 (64-bit) (Version: 6.0.270)
Java™ 6 Update 27 (x32 Version: 6.0.270)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)
Microsoft Office 2003 Web Components (x32 Version: 12.0.6213.1000)
Microsoft PowerPoint Viewer (x32 Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
MSI Afterburner 2.3.1 (x32 Version: 2.3.1)
MSI Kombustor 2.5.0 (x32)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Need for Speed™ Most Wanted (x32 Version: 1.5.0.0)
Need for Speed™ Most Wanted (x32)
NetBeans IDE 7.3 (Version: 7.3)
NVIDIA 3D Vision Controller Driver 331.82 (Version: 331.82)
NVIDIA 3D Vision Driver 331.82 (Version: 331.82)
NVIDIA Control Panel 331.82 (Version: 331.82)
NVIDIA GeForce Experience 1.8 (Version: 1.8)
NVIDIA Graphics Driver 331.82 (Version: 331.82)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.142.992)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA Network Service (Version: 1.0)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)
NVIDIA ShadowPlay 10.10.5 (Version: 10.10.5)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3182)
NVIDIA Update 10.10.5 (Version: 10.10.5)
NVIDIA Update Core (Version: 10.10.5)
NVIDIA Virtual Audio 1.2.12 (Version: 1.2.12)
Origin (x32 Version: 9.1.13.85)
PDF Settings CS6 (x32 Version: 11.0)
PunkBuster Services (x32 Version: 0.993)
Razer Synapse 2.0 (x32 Version: 1.12.8)
Realtek Ethernet Controller Driver (x32 Version: 7.53.216.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6873)
ScorpionSaver (x32 Version: 1.0.0.0) <==== ATTENTION
SHIELD Streaming (Version: 1.6.75)
SolidWorks 2012 x64 Edition SP0 (Version: 20.100.5022)
SolidWorks 2012 x64 Edition SP0 (x32 Version: 20.0.0.5022)
SolidWorks eDrawings 2012 x64 Edition SP0 (Version: 12.0.5015)
SolidWorks Explorer 2012 SP0 x64 Edition (Version: 20.00.5022)
Steam (x32 Version: 1.0.0.0)
TechPowerUp GPU-Z (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
VirtualCloneDrive (x32 Version: 5.4.7.0)
 
==================== Restore Points  =========================
 
Could not list Restore Points. Check WMI.
 
 
==================== Hosts content: ==========================
 
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {025B33EC-E1B4-46FD-B292-1A0EC7105CFE} - System32\Tasks\AdobeAAMUpdater-1.0-DaCommander-Abdullah Al-Shehabi => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {0D993ACF-CFDE-4FA8-8515-9E23B52CD0EB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-673676977-1602946733-2205158230-1000Core => C:\Users\Abdullah Al-Shehabi\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-06] (Google Inc.)
Task: {1E7084AF-001D-4538-8538-D57568662E9B} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {2F54B3CD-1D77-4F87-9705-35A66CF01CF5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-673676977-1602946733-2205158230-1000UA => C:\Users\Abdullah Al-Shehabi\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-06] (Google Inc.)
Task: {3D02CCEC-D2F7-4302-A90D-B09AC82EE5AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-23] (Google Inc.)
Task: {48F87E72-E224-4BDA-943E-58C2B325E23B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {689DFA4B-EFE1-4F36-AFD5-CF546D226714} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {82C707D9-9094-40A1-984C-1A3F4D36FE29} - System32\Tasks\AdobeAAMUpdater-1.0 Fallback-DaCommander-Abdullah Al-Shehabi => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {993357FE-A825-40D8-A0D7-C421E97F415F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-23] (Google Inc.)
Task: {9D20276B-0FBB-4D6B-ABA4-92790F80EDA4} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe [2013-05-13] (Microsoft)
Task: {C5410D29-D567-4199-A763-5CFCF73FB85B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {DB82F765-D190-4C8D-B62F-2CD0D43FF286} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-673676977-1602946733-2205158230-1000Core.job => C:\Users\Abdullah Al-Shehabi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-673676977-1602946733-2205158230-1000UA.job => C:\Users\Abdullah Al-Shehabi\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-07-31 21:36 - 2013-07-31 21:36 - 03359088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2010-01-02 06:42 - 2010-01-02 06:42 - 00098304 _____ () B:\FileZilla FTP Client\fzshellext_64.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== Faulty Device Manager Devices =============
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: D-Link DWA-130 Wireless N USB Adapter
Description: D-Link DWA-130 Wireless N USB Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: D-Link Corporation
Service: RTL8192su
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/13/2013 05:47:51 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.
 
 
Operation:
   Instantiating VSS server
 
Error: (12/13/2013 05:47:51 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]
 
 
Operation:
   Instantiating VSS server
 
Error: (12/13/2013 11:35:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/13/2013 11:22:35 AM) (Source: NVNetworkService) (User: )
Description: NVNetworkServiceTime out when waiting for RPC server started event.
 
Error: (12/13/2013 11:22:22 AM) (Source: Application Error) (User: )
Description: Faulting application name: NvBackend.exe, version: 10.10.5.1, time stamp: 0x5298c5b1
Faulting module name: NvBackend.exe, version: 10.10.5.1, time stamp: 0x5298c5b1
Exception code: 0xc0000005
Fault offset: 0x0005f8d2
Faulting process id: 0xb94
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3
 
Error: (12/13/2013 11:22:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/13/2013 11:22:05 AM) (Source: NVNetworkService) (User: )
Description: NVNetworkServiceThe requested service provider could not be loaded or initialized
 
Error: (12/13/2013 11:19:32 AM) (Source: NVNetworkService) (User: )
Description: NVNetworkServiceTime out when waiting for RPC server started event.
 
Error: (12/13/2013 11:19:19 AM) (Source: Application Error) (User: )
Description: Faulting application name: NvBackend.exe, version: 10.10.5.1, time stamp: 0x5298c5b1
Faulting module name: NvBackend.exe, version: 10.10.5.1, time stamp: 0x5298c5b1
Exception code: 0xc0000005
Fault offset: 0x0005f8d2
Faulting process id: 0xbd0
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3
 
Error: (12/13/2013 11:19:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (12/13/2013 05:47:51 PM) (Source: DCOM) (User: )
Description: 1084VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (12/13/2013 05:46:14 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (12/13/2013 05:45:43 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (12/13/2013 02:56:33 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (12/13/2013 02:50:06 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (12/13/2013 02:46:38 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (12/13/2013 02:46:38 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (12/13/2013 02:46:38 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (12/13/2013 02:45:21 PM) (Source: DCOM) (User: )
Description: 1084NVSvc{DCAB0989-1301-4319-BE5F-ADE89F88581C}
 
Error: (12/13/2013 02:42:07 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (12/13/2013 05:47:51 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode
 
 
Operation:
   Instantiating VSS server
 
Error: (12/13/2013 05:47:51 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode
 
 
Operation:
   Instantiating VSS server
 
Error: (12/13/2013 11:35:09 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/13/2013 11:22:35 AM) (Source: NVNetworkService)(User: )
Description: NVNetworkServiceTime out when waiting for RPC server started event.
 
Error: (12/13/2013 11:22:22 AM) (Source: Application Error)(User: )
Description: NvBackend.exe10.10.5.15298c5b1NvBackend.exe10.10.5.15298c5b1c00000050005f8d2b9401cef8389c6d49efC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exee3421c1c-642b-11e3-a6ad-d43d7e4f6737
 
Error: (12/13/2013 11:22:10 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/13/2013 11:22:05 AM) (Source: NVNetworkService)(User: )
Description: NVNetworkServiceThe requested service provider could not be loaded or initialized
 
Error: (12/13/2013 11:19:32 AM) (Source: NVNetworkService)(User: )
Description: NVNetworkServiceTime out when waiting for RPC server started event.
 
Error: (12/13/2013 11:19:19 AM) (Source: Application Error)(User: )
Description: NvBackend.exe10.10.5.15298c5b1NvBackend.exe10.10.5.15298c5b1c00000050005f8d2bd001cef8382f7b07b3C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe76377afa-642b-11e3-83c4-d43d7e4f6737
 
Error: (12/13/2013 11:19:07 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 11%
Total physical RAM: 8136.56 MB
Available physical RAM: 7201.87 MB
Total Pagefile: 16271.3 MB
Available Pagefile: 15439.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
 
==================== Drives ================================
 
Drive b: (HDD 500GB) (Fixed) (Total:465.76 GB) (Free:434.73 GB) NTFS
Drive c: () (Fixed) (Total:111.69 GB) (Free:1.68 GB) NTFS
Drive e: (MINI) (Removable) (Total:7.4 GB) (Free:5.3 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5A0B4B9B)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: BB23DA1C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0C)
 
==================== End Of Log ============================


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,175 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 13 December 2013 - 11:03 PM

Please run these.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKCU\...\Run: [AdobeBridge] - [x]
SearchScopes: HKLM-x32 - DefaultScope {ADB527D0-FC61-4F7C-9856-818B025E0F8C} URL = 
Winsock: Catalog9 01 C:\Windows\system32\AdpeakProxy.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\AdpeakProxy.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\AdpeakProxy.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\AdpeakProxy.dll File Not found ()
Winsock: Catalog9 15 C:\Windows\system32\AdpeakProxy.dll File Not found ()
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Running Getservices by Grinler

--------------------
  • Please download Getservices and save it in the C:\ directory
  • Unzip the folder to the C:\ directory
  • Double click the getservices folder
  • Double click the getservice MS-DOS Batch File
  • Select Run
  • A notepad document will open
  • Copy and paste the information in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • GetServices log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 GreatStoneDragon

GreatStoneDragon
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  

Posted 14 December 2013 - 12:40 AM

Hi, here they are.

 

 
SERVICE_NAME: CryptSvc
DISPLAY_NAME: Cryptographic Services
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 900
        FLAGS              : 
        DESCRIPTION        : Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k NetworkService
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Cryptographic Services
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : NT Authority\NetworkService
 
SERVICE_NAME: DcomLaunch
DISPLAY_NAME: DCOM Server Process Launcher
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 596
        FLAGS              : 
        DESCRIPTION        : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k DcomLaunch
        LOAD_ORDER_GROUP   : COM Infrastructure
        TAG                : 0
        DISPLAY_NAME       : DCOM Server Process Launcher
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: eventlog
DISPLAY_NAME: Windows Event Log
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 784
        FLAGS              : 
        DESCRIPTION        : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
        LOAD_ORDER_GROUP   : Event Log
        TAG                : 0
        DISPLAY_NAME       : Windows Event Log
        SERVICE_START_NAME : NT AUTHORITY\LocalService
 
SERVICE_NAME: KeyIso
DISPLAY_NAME: CNG Key Isolation
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 452
        FLAGS              : SERVICE_RUNS_IN_SYSTEM_PROCESS
        DESCRIPTION        : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\lsass.exe
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : CNG Key Isolation
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: PlugPlay
DISPLAY_NAME: Plug and Play
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 596
        FLAGS              : 
        DESCRIPTION        : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k DcomLaunch
        LOAD_ORDER_GROUP   : PlugPlay
        TAG                : 0
        DISPLAY_NAME       : Plug and Play
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: Power
DISPLAY_NAME: Power
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 596
        FLAGS              : 
        DESCRIPTION        : Manages power policy and power policy notification delivery.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k DcomLaunch
        LOAD_ORDER_GROUP   : Plugplay
        TAG                : 0
        DISPLAY_NAME       : Power
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: ProfSvc
DISPLAY_NAME: User Profile Service
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 832
        FLAGS              : 
        DESCRIPTION        : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully logon or logoff, applications may have problems getting to users' data, and components registered to receive profile event notifications will not receive them.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : profsvc_group
        TAG                : 0
        DISPLAY_NAME       : User Profile Service
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: RpcEptMapper
DISPLAY_NAME: RPC Endpoint Mapper
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 672
        FLAGS              : 
        DESCRIPTION        : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k RPCSS
        LOAD_ORDER_GROUP   : COM Infrastructure
        TAG                : 0
        DISPLAY_NAME       : RPC Endpoint Mapper
        SERVICE_START_NAME : NT AUTHORITY\NetworkService
 
SERVICE_NAME: RpcSs
DISPLAY_NAME: Remote Procedure Call (RPC)
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 672
        FLAGS              : 
        DESCRIPTION        : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k rpcss
        LOAD_ORDER_GROUP   : COM Infrastructure
        TAG                : 0
        DISPLAY_NAME       : Remote Procedure Call (RPC)
        DEPENDENCIES       : RpcEptMapper
                           : DcomLaunch
        SERVICE_START_NAME : NT AUTHORITY\NetworkService
 
SERVICE_NAME: WinDefend
DISPLAY_NAME: Windows Defender
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 2000
        FLAGS              : 
        DESCRIPTION        : Protection against spyware and potentially unwanted software
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k secsvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Windows Defender
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: Winmgmt
DISPLAY_NAME: Windows Management Instrumentation
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 832
        FLAGS              : 
        DESCRIPTION        : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 0   IGNORE
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Windows Management Instrumentation
        DEPENDENCIES       : RPCSS
        SERVICE_START_NAME : localSystem
 
 
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-12-2013 01
Ran by Abdullah Al-Shehabi at 2013-12-13 21:35:12 Run:1
Running from C:\Users\Abdullah Al-Shehabi\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKCU\...\Run: [AdobeBridge] - [x]
SearchScopes: HKLM-x32 - DefaultScope {ADB527D0-FC61-4F7C-9856-818B025E0F8C} URL = 
Winsock: Catalog9 01 C:\Windows\system32\AdpeakProxy.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\AdpeakProxy.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\AdpeakProxy.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\AdpeakProxy.dll File Not found ()
Winsock: Catalog9 15 C:\Windows\system32\AdpeakProxy.dll File Not found ()
*****************
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000015 => Deleted successfully.
 
==== End of Fixlog ====


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,175 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 14 December 2013 - 10:30 AM

Hi Abdullah,

Here is our next step.

===================================================

Modifying Service StartState

-------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type cmd and press Enter
  • Type sc config Bits start= delayed-auto and press Enter
  • You should receive confirmation the command was successful
  • Reboot your computer, rerun Farbar Service Scanner and post the results
  • Check your Internet connection
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FSS.txt
  • Internet?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 GreatStoneDragon

GreatStoneDragon
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  

Posted 14 December 2013 - 01:26 PM

Wow, internet is up and computer is acting normal again, you guys are amazing.....

How do you guys go through the logs and how did you get all this experience?

 

 

 

 

Farbar Service Scanner Version: 05-12-2013
Ran by Abdullah Al-Shehabi (administrator) on 14-12-2013 at 10:22:05
Running from "C:\Users\Abdullah Al-Shehabi\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users