WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Not able to Access sites anymore and will not load

2 posters

descriptionNot able to Access sites anymore and will not load EmptyNot able to Access sites anymore and will not load22nd April 2013, 3:12 pm

more_horiz
Having problems with regular sites that I can no longer access. Every time I put in pass word and user name it just keeps erasing the text and starting over. Also certain accounts will not load. Like facebook. Getting a yellow caution sign. When click on it it says "Big Pipe" is null or not an object. Have ran all kinds of scans and nothing comes up regarding viruses and such. Was told to download google chrome in order for certain things to work because my browser no longer supports certain programs. I did but didn't seem to help so took it off also. Thanks

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load22nd April 2013, 10:18 pm

more_horiz
Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*******************************************************
What is your default browser?

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

********************************************************
Not able to Access sites anymore and will not load Mbamicontw5 Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load23rd April 2013, 3:29 pm

more_horiz
Internet explorer 8
Sorry not able to to get log from adwcleaner. The first time ran my avg deleted it as a threat. Ran it again and the computer didn't restart properly and log didn't show up and not able to get it from c:\

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.23.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
LYNDA :: GENERAL1 [administrator]

4/23/2013 9:53:10 AM
mbam-log-2013-04-23 (09-53-10).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257189
Time elapsed: 1 hour(s), 17 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\All Users\Application Data\USTechSupport\Stub\279c82b77a94401f8e70192172d73c0a\FrameworkMSI.msi (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\fabf1e0.msi (Trojan.Agent.ED) -> Quarantined and deleted successfully.

(end)






Results of screen317's Security Check version 0.99.63
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java(TM) 6 Update 24
Java(TM) 7
Java version out of Date!
Adobe Flash Player 11.6.602.180
Adobe Reader 10.1.6 Adobe Reader out of Date!
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load23rd April 2013, 6:02 pm

more_horiz
You really should turn on your Windows Firewall.

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
***************************************************
Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

*****************************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
**************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:

Not able to Access sites anymore and will not load NSIS_disclaimer_ENG

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

Not able to Access sites anymore and will not load NSIS_extraction

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Not able to Access sites anymore and will not load RcAuto1

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Not able to Access sites anymore and will not load Whatnext

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load24th April 2013, 1:47 am

more_horiz
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Microsoft Windows XP x86
Ran by LYNDA on Tue 04/23/2013 at 20:39:14.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values
.
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL


~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D74B9A06-0A0B-4B21-93C8-51760C1BC71B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}


~~~ Files

Successfully deleted: [File] "C:\WINDOWS\couponprinter.ocx"


~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\LYNDA\Application Data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\LYNDA\Application Data\fixcleaner"
Successfully deleted: [Folder] "C:\Documents and Settings\LYNDA\Local Settings\Application Data\shopping sidekick plugin"



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/23/2013 at 20:42:52.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ComboFix 13-04-23.02 - LYNDA 04/23/2013 21:14:35.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.479 [GMT -7:00]
Running from: c:\documents and settings\LYNDA\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Outpost Firewall *Enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\Cache
c:\windows\system32\Cache\01fdeb06c6916001.fb
c:\windows\system32\Cache\209784db9d3e92d9.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\2e9494bef18c1546.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\4179493e364a4820.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\629a173f46078c61.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b4124a28bf4ae530.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\c86aaf61020398ae.fb
c:\windows\system32\Cache\ca04c5bf9cf41e41.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f308386bb2659098.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Cache\fdd4c88acd586878.fb
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\SETABB8.tmp
.

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load24th April 2013, 1:49 am

more_horiz
((((((((((((((((((((((((( Files Created from 2013-03-24 to 2013-04-24 )))))))))))))))))))))))))))))))
.
.
2013-04-24 03:39 . 2013-04-24 03:39 -------- d-----w- c:\windows\ERUNT
2013-04-24 03:39 . 2013-04-24 03:39 -------- d-----w- C:\JRT
2013-04-24 03:01 . 2013-04-24 03:01 -------- d-----w- c:\program files\Common Files\Java
2013-04-24 03:01 . 2013-04-24 03:01 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-24 03:01 . 2013-04-24 03:01 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-24 02:54 . 2013-04-24 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2013-04-19 03:43 . 2013-04-19 03:43 -------- d-----w- c:\documents and settings\LYNDA\Application Data\magicJackOutlookAddIn
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-24 03:01 . 2011-07-05 18:33 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-24 03:01 . 2010-11-18 03:21 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-17 00:06 . 2012-06-13 21:18 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-17 00:06 . 2011-05-18 16:04 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-04 21:50 . 2011-04-24 01:42 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-08 08:36 . 2010-11-18 01:31 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2008-04-14 00:54 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2010-11-18 01:31 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2010-11-18 01:31 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2010-11-18 01:31 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2010-11-18 01:31 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2010-11-18 01:31 385024 ----a-w- c:\windows\system32\html.iec
2013-03-01 17:32 . 2011-12-23 20:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-27 07:56 . 2010-11-18 02:41 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-27 06:40 . 2011-12-23 20:32 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-19 07:54 . 2012-09-04 17:18 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-14 10:52 . 2011-02-10 14:54 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-02-12 00:32 . 2010-11-18 01:31 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 11:37 . 2011-03-01 21:25 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-02-08 11:37 . 2012-09-21 11:46 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-02-08 11:37 . 2012-04-19 11:50 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-02-08 11:37 . 2011-01-07 13:41 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-02-08 11:37 . 2011-01-19 11:32 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-02-05 17:54 . 2013-02-05 17:54 0 ----a-w- c:\windows\system32\drivers\etqrjsby(2).sys
2013-01-31 06:18 . 2013-01-31 06:18 0 ----a-w- c:\windows\system32\drivers\mbamswissarmy(2).sys
2013-01-26 03:55 . 2010-11-18 01:31 552448 ----a-w- c:\windows\system32\oleaut32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-21 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\atapi.sys
.
[-] 2008-08-21 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\asyncmac.sys
[-] 2008-08-21 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-08-21 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2008-08-21 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys
[-] 2008-08-21 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2008-08-21 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-08-21 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys
[-] 2008-08-21 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2008-08-21 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys
[-] 2008-08-21 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-08-21 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2008-08-21 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntfs.sys
[-] 2008-08-21 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\I386\NTFS.SYS
[-] 2008-08-21 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-08-21 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2008-08-21 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys
[-] 2008-08-21 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2008-08-21 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\SoftwareDistribution\Download\4a0e4531b96faf560594eec84d879de6\sp3gdr\browser.dll
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll
[-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219\SP3QFE\browser.dll
[-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\SoftwareDistribution\Download\4a0e4531b96faf560594eec84d879de6\sp3qfe\browser.dll
[-] 2008-08-21 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2705219$\browser.dll
[-] 2008-08-21 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll
.
[-] 2008-08-21 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe
[-] 2008-08-21 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-08-21 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe
.
[-] 2008-08-21 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll
[-] 2008-08-21 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-08-21 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll
.
[-] 2008-08-21 12:00 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ERDNT\cache\comres.dll
[-] 2008-08-21 12:00 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2008-08-21 12:00 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll
.
[-] 2008-08-21 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll
[-] 2008-08-21 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-08-21 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\ERDNT\cache\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
.
[-] 2008-08-21 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[-] 2008-08-21 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-08-21 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
.
[-] 2008-08-21 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-08-21 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-08-21 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[-] 2008-08-21 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2008-08-21 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[-] 2008-08-21 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll
[-] 2008-08-21 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-08-21 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
.
[-] 2008-08-21 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll
[-] 2008-08-21 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-08-21 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll
.
[-] 2012-10-03 . 6FE42512AB1B89F32A7407F261B1D2D0 . 990208 . . [5.1.2600.6293] . . c:\windows\system32\kernel32.dll
[-] 2012-10-03 . 6FE42512AB1B89F32A7407F261B1D2D0 . 990208 . . [5.1.2600.6293] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2012-10-03 . 6CBFEEB384F04681AF75F495AA48DD32 . 991744 . . [5.1.2600.6293] . . c:\windows\$hf_mig$\KB2758857\SP3QFE\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$NtUninstallKB2758857$\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\ERDNT\cache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
.
[-] 2008-08-21 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll
[-] 2008-08-21 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-08-21 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll
.
[-] 2008-08-21 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll
[-] 2008-08-21 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-08-21 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
.
[-] 2013-03-02 . 85FE43A44239E406D7BB9513569D4D00 . 6012416 . . [8.00.6001.19412] . . c:\windows\SoftwareDistribution\Download\5dd0b02c82ca92ea3c2da6ad75887354\SP3GDR\mshtml.dll
[-] 2013-03-02 . 85FE43A44239E406D7BB9513569D4D00 . 6012416 . . [8.00.6001.19412] . . c:\windows\system32\mshtml.dll
[-] 2013-03-02 . 85FE43A44239E406D7BB9513569D4D00 . 6012416 . . [8.00.6001.19412] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2013-03-02 . 990F4518E1607F445969C12F014E4E29 . 6013440 . . [8.00.6001.23480] . . c:\windows\$hf_mig$\KB2817183-IE8\SP3QFE\mshtml.dll
[-] 2013-03-02 . 990F4518E1607F445969C12F014E4E29 . 6013440 . . [8.00.6001.23480] . . c:\windows\SoftwareDistribution\Download\5dd0b02c82ca92ea3c2da6ad75887354\SP3QFE\mshtml.dll
[-] 2013-03-01 . 937091E40652C6B1B6C1A71EB90C08E1 . 6011392 . . [8.00.6001.19403] . . c:\windows\ie8updates\KB2817183-IE8\mshtml.dll
[-] 2013-03-01 . AE3A26C04C794E5451ADF6872F7D48F4 . 6012928 . . [8.00.6001.23471] . . c:\windows\$hf_mig$\KB2809289-IE8\SP3QFE\mshtml.dll
[-] 2013-01-09 . 99E9E2606FB13ADB711935FE8E8E29C1 . 6011904 . . [8.00.6001.23468] . . c:\windows\$hf_mig$\KB2792100-IE8\SP3QFE\mshtml.dll
[-] 2013-01-08 . 727C9E97CB26879C17A30484C2C76E98 . 6010368 . . [8.00.6001.19400] . . c:\windows\ie8updates\KB2809289-IE8\mshtml.dll
[-] 2013-01-06 . BDF6CC938C0644FE3643BC0D6A678E26 . 6009856 . . [8.00.6001.19394] . . c:\windows\ie8updates\KB2792100-IE8\mshtml.dll
[-] 2013-01-06 . 14FD1CAEFB6D2749019AC2F54859568C . 6011392 . . [8.00.6001.23462] . . c:\windows\$hf_mig$\KB2799329-IE8\SP3QFE\mshtml.dll
[-] 2012-11-13 . 02D8509E2362D777DEBFFC05C022CBF2 . 6010880 . . [8.00.6001.23461] . . c:\windows\$hf_mig$\KB2761465-IE8\SP3QFE\mshtml.dll
[-] 2012-11-12 . 9C46E5C82F94D9AEDD2CE798F0DF1158 . 6008832 . . [8.00.6001.19393] . . c:\windows\ie8updates\KB2799329-IE8\mshtml.dll
[-] 2012-08-28 . DF3C3CA94CBC9DE07AC3EB49440A8D45 . 6008832 . . [8.00.6001.19328] . . c:\windows\ie8updates\KB2761465-IE8\mshtml.dll
[-] 2012-08-28 . CF6B381C3518AB328382429CAE206D64 . 6010368 . . [8.00.6001.23415] . . c:\windows\$hf_mig$\KB2744842-IE8\SP3QFE\mshtml.dll
[-] 2012-07-02 . 13D2E016B784730A98F24D6E5BEED22F . 6008320 . . [8.00.6001.19298] . . c:\windows\ie8updates\KB2744842-IE8\mshtml.dll
[-] 2012-07-02 . 13D2E016B784730A98F24D6E5BEED22F . 6008320 . . [8.00.6001.19298] . . c:\windows\SoftwareDistribution\Download\06af2d630217aa32a4f6f6b9c5c1a3ba\SP3GDR\mshtml.dll
[-] 2012-07-02 . DF599AC52B62DE001E42D36F92B45E68 . 6010368 . . [8.00.6001.23385] . . c:\windows\$hf_mig$\KB2722913-IE8\SP3QFE\mshtml.dll
[-] 2012-07-02 . DF599AC52B62DE001E42D36F92B45E68 . 6010368 . . [8.00.6001.23385] . . c:\windows\SoftwareDistribution\Download\06af2d630217aa32a4f6f6b9c5c1a3ba\SP3QFE\mshtml.dll
[-] 2012-05-11 . 886B62A906B3967CBBF0FD2C833A30BF . 6007808 . . [8.00.6001.19258] . . c:\windows\ie8updates\KB2722913-IE8\mshtml.dll
[-] 2012-05-11 . 55F148B94246A77FB4AC33346671CAC8 . 6009344 . . [8.00.6001.23345] . . c:\windows\$hf_mig$\KB2699988-IE8\SP3QFE\mshtml.dll
[-] 2012-03-01 . DADE53318D8E5335EE2E1745F1C3FC4D . 5978624 . . [8.00.6001.19222] . . c:\windows\ie8updates\KB2699988-IE8\mshtml.dll
[-] 2012-03-01 . 5DBB0C997AD276BCE9D30CD609BDBF67 . 5980672 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\mshtml.dll
[-] 2011-12-17 . A9259CD226283CD4F798C00909754A94 . 5979136 . . [8.00.6001.19190] . . c:\windows\ie8updates\KB2675157-IE8\mshtml.dll
[-] 2011-12-17 . 49B88A833ECA99EFBFFC5AAE5CC998ED . 5980160 . . [8.00.6001.23286] . . c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\mshtml.dll
[-] 2011-11-04 . DD8D655E1881B70A5259A23A6018A6C2 . 5978112 . . [8.00.6001.19170] . . c:\windows\ie8updates\KB2647516-IE8\mshtml.dll
[-] 2011-11-04 . 699421E2E1313C18671A703953CAE14B . 5978624 . . [8.00.6001.23266] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll
[-] 2011-10-03 . 4963CB503600FC3BCBDBFBA51FBA1FAC . 5971456 . . [8.00.6001.19154] . . c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
[-] 2011-10-03 . 1240A6B7B470BED0AA6C9FEC7AB0EA26 . 5972992 . . [8.00.6001.23250] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll
[-] 2011-07-25 . 23B3C8E9F3F280180573569253CE98AB . 5969920 . . [8.00.6001.19120] . . c:\windows\ie8updates\KB2586448-IE8\mshtml.dll
[-] 2011-07-25 . BCE7CCEBAD6C8955D2B4C3B246BD0E57 . 5971456 . . [8.00.6001.23216] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
[-] 2011-05-30 . 22BA5235EA846EDA87F68A1DCC2BFCF9 . 5964800 . . [8.00.6001.19088] . . c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
[-] 2011-05-30 . D0B1DB576941CB0B6669B8752FFAC79A . 5967360 . . [8.00.6001.23181] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mshtml.dll
[-] 2011-02-22 . 3422847AA07E37076A87D0B7D5044DC6 . 5964800 . . [8.00.6001.23141] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll
[-] 2011-02-22 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046] . . c:\windows\ERDNT\cache\mshtml.dll
[-] 2011-02-22 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046] . . c:\windows\ie8updates\KB2530548-IE8\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
[-] 2008-08-21 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ie8\mshtml.dll
.
[-] 2008-08-21 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll
[-] 2008-08-21 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[-] 2008-08-21 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-08-21 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2008-08-21 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2008-08-21 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
.
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
.
[-] 2008-08-21 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netlogon.dll
[-] 2008-08-21 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-08-21 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll
.
[-] 2008-08-21 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll
[-] 2008-08-21 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-08-21 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll
.
[-] 2008-08-21 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll
[-] 2008-08-21 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-08-21 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll
.
[-] 2008-08-21 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll
[-] 2008-08-21 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-08-21 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
.
[-] 2008-08-21 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe
[-] 2008-08-21 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-08-21 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe
.
[-] 2008-08-21 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tapisrv.dll
[-] 2008-08-21 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-08-21 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll
.
[-] 2008-08-21 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll
[-] 2008-08-21 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-08-21 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
.
[-] 2008-08-21 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe
[-] 2008-08-21 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-08-21 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe
.
[-] 2013-03-02 . DA5B96A293B006572209E5EAC9F3A045 . 916480 . . [8.00.6001.19412] . . c:\windows\SoftwareDistribution\Download\5dd0b02c82ca92ea3c2da6ad75887354\SP3GDR\wininet.dll
[-] 2013-03-02 . DA5B96A293B006572209E5EAC9F3A045 . 916480 . . [8.00.6001.19412] . . c:\windows\system32\wininet.dll
[-] 2013-03-02 . DA5B96A293B006572209E5EAC9F3A045 . 916480 . . [8.00.6001.19412] . . c:\windows\system32\dllcache\wininet.dll
[-] 2013-03-02 . 43EADBA9F3CD2A5F01B189BD95FCDE95 . 920064 . . [8.00.6001.23480] . . c:\windows\$hf_mig$\KB2817183-IE8\SP3QFE\wininet.dll
[-] 2013-03-02 . 43EADBA9F3CD2A5F01B189BD95FCDE95 . 920064 . . [8.00.6001.23480] . . c:\windows\SoftwareDistribution\Download\5dd0b02c82ca92ea3c2da6ad75887354\SP3QFE\wininet.dll
[-] 2013-02-05 . 5AACF4B4DEE1972B7952E8A747122232 . 916480 . . [8.00.6001.19401] . . c:\windows\ie8updates\KB2817183-IE8\wininet.dll
[-] 2013-02-05 . BE30BEF4C13065D09772F9895FCB9D22 . 920064 . . [8.00.6001.23469] . . c:\windows\$hf_mig$\KB2809289-IE8\SP3QFE\wininet.dll
[-] 2012-12-26 . D175F91A4C98B8848818C9B5089F88A2 . 916480 . . [8.00.6001.19394] . . c:\windows\ie8updates\KB2809289-IE8\wininet.dll
[-] 2012-12-26 . B8BEF9519A1B124DEAF94081F6C5A767 . 920064 . . [8.00.6001.23462] . . c:\windows\$hf_mig$\KB2792100-IE8\SP3QFE\wininet.dll
[-] 2012-11-01 . 9AD88EA663124336E88EB031F917CE20 . 916992 . . [8.00.6001.19389] . . c:\windows\ie8updates\KB2792100-IE8\wininet.dll
[-] 2012-11-01 . ACC92628CFFF9BB6F8886329888014A8 . 920064 . . [8.00.6001.23458] . . c:\windows\$hf_mig$\KB2761465-IE8\SP3QFE\wininet.dll
[-] 2012-08-28 . FF1C14BCA1A797CE45DD359FA2C9EDA8 . 916992 . . [8.00.6001.19328] . . c:\windows\ie8updates\KB2761465-IE8\wininet.dll
[-] 2012-08-28 . DCEA3B3193B7181CF818ECC4EAB30A66 . 920064 . . [8.00.6001.23415] . . c:\windows\$hf_mig$\KB2744842-IE8\SP3QFE\wininet.dll
[-] 2012-07-02 . C4300CB4D20B1159DC77E01E8A2525EC . 916992 . . [8.00.6001.19298] . . c:\windows\ie8updates\KB2744842-IE8\wininet.dll
[-] 2012-07-02 . C4300CB4D20B1159DC77E01E8A2525EC . 916992 . . [8.00.6001.19298] . . c:\windows\SoftwareDistribution\Download\06af2d630217aa32a4f6f6b9c5c1a3ba\SP3GDR\wininet.dll
[-] 2012-07-02 . EFB2241DE3AA6480521A16D0CB67B0EC . 920064 . . [8.00.6001.23385] . . c:\windows\$hf_mig$\KB2722913-IE8\SP3QFE\wininet.dll
[-] 2012-07-02 . EFB2241DE3AA6480521A16D0CB67B0EC . 920064 . . [8.00.6001.23385] . . c:\windows\SoftwareDistribution\Download\06af2d630217aa32a4f6f6b9c5c1a3ba\SP3QFE\wininet.dll
[-] 2012-05-16 . 6B1774334E2975AA60596E54F5EA1430 . 916992 . . [8.00.6001.19272] . . c:\windows\ie8updates\KB2722913-IE8\wininet.dll
[-] 2012-05-16 . 553AD35768CD27959391DD5AA82CEF6F . 920064 . . [8.00.6001.23359] . . c:\windows\$hf_mig$\KB2699988-IE8\SP3QFE\wininet.dll
[-] 2012-03-01 . 009E7B4C284F080608D7286484015EE5 . 916992 . . [8.00.6001.19222] . . c:\windows\ie8updates\KB2699988-IE8\wininet.dll
[-] 2012-03-01 . 4EC67FAB39F37626AD6D9895FC094ABF . 919552 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\wininet.dll
[-] 2011-12-17 . F362D50FBDC6E34918DF41BDE1770E5C . 916992 . . [8.00.6001.19190] . . c:\windows\ie8updates\KB2675157-IE8\wininet.dll
[-] 2011-12-17 . 84A48E9818E8440DDBFD8EEC37C8A937 . 919552 . . [8.00.6001.23286] . . c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\wininet.dll
[-] 2011-11-04 . 552263502EA8C24D301A0C43FF90B3ED . 916992 . . [8.00.6001.19165] . . c:\windows\ie8updates\KB2647516-IE8\wininet.dll
[-] 2011-11-04 . 4E4716CAF514717814D07113AD0425B6 . 919552 . . [8.00.6001.23261] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll
[-] 2011-08-22 . 1A377838B4B468E37C3EEB5BAA24F925 . 916480 . . [8.00.6001.19131] . . c:\windows\ie8updates\KB2618444-IE8\wininet.dll
[-] 2011-08-22 . 19630AEBBFAEB06984CAB91848270AAF . 919552 . . [8.00.6001.23227] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
[-] 2011-06-23 . AF4EDDC6C0446FCE5681B5DED52B8F0E . 916480 . . [8.00.6001.19098] . . c:\windows\ie8updates\KB2586448-IE8\wininet.dll
[-] 2011-06-23 . 509CF67AE762A38E23A5455A0053853C . 919552 . . [8.00.6001.23192] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
[-] 2011-04-25 . CC951C2212A200475A587A440E0AA804 . 916480 . . [8.00.6001.19072] . . c:\windows\ie8updates\KB2559049-IE8\wininet.dll
[-] 2011-04-25 . 7F4F1697001B9E9A7924D219DC215903 . 919552 . . [8.00.6001.23165] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . A9FA95F0D7F511959AC721E4843E5967 . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . c:\windows\ERDNT\cache\wininet.dll
[-] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . c:\windows\ie8updates\KB2530548-IE8\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB2497640-IE8\wininet.dll
[-] 2008-08-21 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ie8\wininet.dll
.
[-] 2008-08-21 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll
[-] 2008-08-21 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-08-21 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll
.
[-] 2008-08-21 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2help.dll
[-] 2008-08-21 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2008-08-21 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll
.
[-] 2008-08-21 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-08-21 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
[-] 2008-08-21 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2008-08-21 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-08-21 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\I386\REGEDIT.EXE
[-] 2008-08-21 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll
[-] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\ERDNT\cache\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\ERDNT\cache\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll
.
[-] 2008-08-21 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[-] 2008-08-21 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-08-21 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\ERDNT\cache\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
.
[-] 2008-08-21 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
[-] 2008-08-21 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msimg32.dll
.
[-] 2008-08-21 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll
[-] 2008-08-21 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-08-21 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-08-21 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe
[-] 2008-08-21 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-08-21 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
.
[-] 2008-08-21 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\xmlprov.dll
[-] 2008-08-21 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-08-21 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll
.
[-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll
[-] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[-] 2008-08-21 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\I386\NTDLL.DLL
[-] 2008-08-21 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\I386\SYSTEM32\NTDLL.DLL
.
[-] 2009-02-27 . 3F790874A85819E94574F3E7AF9C5806 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\msctfime.ime
[-] 2009-02-27 . 3F790874A85819E94574F3E7AF9C5806 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\dllcache\msctfime.ime
[-] 2009-02-27 . 30B7D847BA9075AA8E1122FB6AF3D1B5 . 177152 . . [5.1.2600.5768] . . c:\windows\$hf_mig$\KB961503\SP3QFE\msctfime.ime
.
[-] 2008-08-21 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\eventlog.dll
[-] 2008-08-21 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-08-21 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2008-08-21 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
[-] 2008-08-21 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-08-21 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
.
[-] 2008-08-21 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-08-21 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2008-08-21 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regsvc.dll
[-] 2008-08-21 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-08-21 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll
.
[-] 2008-08-21 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\schedsvc.dll
[-] 2008-08-21 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-08-21 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll
.
[-] 2008-08-21 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ssdpsrv.dll
[-] 2008-08-21 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-08-21 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[-] 2008-08-21 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\termsrv.dll
[-] 2008-08-21 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-08-21 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll
.
[-] 2008-08-21 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\hnetcfg.dll
[-] 2008-08-21 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2008-08-21 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[-] 2008-08-21 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\appmgmts.dll
[-] 2008-08-21 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-08-21 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll
.
[-] 2008-08-21 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys
[-] 2008-08-21 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-14 06:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys
[-] 2008-04-14 06:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-14 06:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[-] 2008-08-21 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys
[-] 2008-08-21 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-08-21 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\ERDNT\cache\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
.
[-] 2008-08-21 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\msgsvc.dll
[-] 2008-08-21 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-08-21 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll
.
[-] 2008-08-21 12:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2008-08-21 12:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\ERDNT\cache\mspmsnsv.dll
[-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
[-] 2013-03-07 . 9EBEDA306E5EABDABCFF8B695FCD4CD6 . 2070016 . . [5.1.2600.6368] . . c:\windows\$hf_mig$\KB2813170\SP3QFE\ntkrnlpa.exe
[-] 2013-03-07 . 9EBEDA306E5EABDABCFF8B695FCD4CD6 . 2070016 . . [5.1.2600.6368] . . c:\windows\SoftwareDistribution\Download\16b4ee69c6084653d25b414351574d95\sp3qfe\ntkrnlpa.exe
[-] 2013-03-07 . 9ED39805DF38061BB031D0F2B20DFB77 . 2028544 . . [5.1.2600.6368] . . c:\windows\system32\ntkrnlpa.exe
[-] 2013-03-07 . 9C8E896FCF103F943EB3F405A974447D . 2070016 . . [5.1.2600.6368] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2013-03-07 . 9C8E896FCF103F943EB3F405A974447D . 2070016 . . [5.1.2600.6368] . . c:\windows\SoftwareDistribution\Download\16b4ee69c6084653d25b414351574d95\sp3gdr\ntkrnlpa.exe
[-] 2013-03-07 . 9C8E896FCF103F943EB3F405A974447D . 2070016 . . [5.1.2600.6368] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2013-01-07 . 1251D608DFCE4B6801AD27A59B74985C . 2069760 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntkrnlpa.exe
[-] 2013-01-07 . 2C9091C3350E369BBB2464AABE2FD7CA . 2027520 . . [5.1.2600.6335] . . c:\windows\$NtUninstallKB2813170$\ntkrnlpa.exe
[-] 2012-08-21 . B326D5E256D2F32B23E64F49DEBCE31B . 2069632 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntkrnlpa.exe
[-] 2012-08-21 . 61027EE2D9859A2B41D588D92F256CFB . 2027520 . . [5.1.2600.6284] . . c:\windows\$NtUninstallKB2799494$\ntkrnlpa.exe
[-] 2012-05-04 . 8E99A0CE02C1BEDA6C0935A4DDE9CEAA . 2069120 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntkrnlpa.exe
[-] 2012-05-04 . 87763BB6C95901818050E52C378C9E15 . 2026496 . . [5.1.2600.6223] . . c:\windows\$NtUninstallKB2724197$\ntkrnlpa.exe
[-] 2012-04-11 . 063A0F8A90D8E2B802E5243FE9AABCF3 . 2069120 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe
[-] 2012-04-11 . 61CCE48F7BD00E0E4D5CDE206F2DDC1B . 2026496 . . [5.1.2600.6206] . . c:\windows\$NtUninstallKB2707511$\ntkrnlpa.exe
[-] 2011-10-25 . DB19FFF0C805664CB95062C027B11FE9 . 2069376 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
[-] 2011-10-25 . 36CAC3C8C4C10F4E21BFEABBFE7ACFFC . 2027008 . . [5.1.2600.6165] . . c:\windows\$NtUninstallKB2676562$\ntkrnlpa.exe
[-] 2010-12-10 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . 9ED77E2307F6EC6F174C063C15AA3B8C . 2027008 . . [5.1.2600.6055] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
.
[-] 2008-08-21 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ERDNT\cache\ntmssvc.dll
[-] 2008-08-21 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-08-21 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[-] 2008-08-21 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\upnphost.dll
[-] 2008-08-21 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-08-21 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll
.
[-] 2008-08-21 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ERDNT\cache\dsound.dll
[-] 2008-08-21 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-08-21 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2008-08-21 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ERDNT\cache\d3d9.dll
[-] 2008-08-21 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2008-08-21 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll
.
[-] 2008-08-21 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ERDNT\cache\ddraw.dll
[-] 2008-08-21 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2008-08-21 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2008-08-21 12:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\olepro32.dll
[-] 2008-08-21 12:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-08-21 12:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll
.
[-] 2008-08-21 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\perfctrs.dll
[-] 2008-08-21 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-08-21 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll
.
[-] 2008-08-21 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\version.dll
[-] 2008-08-21 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2008-08-21 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll
.
[-] 2013-03-07 . 8C39722F8C291F1BBCCE80EE23065897 . 2149888 . . [5.1.2600.6368] . . c:\windows\system32\ntoskrnl.exe
[-] 2013-03-07 . 9FC16E5EBFE88F3C844FFE2E6CB7F1E8 . 2193536 . . [5.1.2600.6368] . . c:\windows\$hf_mig$\KB2813170\SP3QFE\ntoskrnl.exe
[-] 2013-03-07 . 9FC16E5EBFE88F3C844FFE2E6CB7F1E8 . 2193536 . . [5.1.2600.6368] . . c:\windows\SoftwareDistribution\Download\16b4ee69c6084653d25b414351574d95\sp3qfe\ntoskrnl.exe
[-] 2013-03-07 . 3FD65320312C8411B72E33DA8661D36A . 2193408 . . [5.1.2600.6368] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2013-03-07 . 3FD65320312C8411B72E33DA8661D36A . 2193408 . . [5.1.2600.6368] . . c:\windows\SoftwareDistribution\Download\16b4ee69c6084653d25b414351574d95\sp3gdr\ntoskrnl.exe
[-] 2013-03-07 . 3FD65320312C8411B72E33DA8661D36A . 2193408 . . [5.1.2600.6368] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2013-01-07 . AE2FEE63789F5DF6B19DD9A39E26D03E . 2193152 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntoskrnl.exe
[-] 2013-01-07 . DD5A89274B47499CCFF7ADCA3A3C560E . 2148864 . . [5.1.2600.6335] . . c:\windows\$NtUninstallKB2813170$\ntoskrnl.exe
[-] 2012-08-21 . ECA5980E1A78DBF9CB7F49F76791C0D1 . 2193024 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntoskrnl.exe
[-] 2012-08-21 . B9A14D5875CE262774388BD43BA56FF3 . 2148864 . . [5.1.2600.6284] . . c:\windows\$NtUninstallKB2799494$\ntoskrnl.exe
[-] 2012-05-04 . 099A0F80A563EBE935F4A9750F96C219 . 2192640 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe
[-] 2012-05-04 . AC4B3C4A6DC31867034C66663B9B8A38 . 2148352 . . [5.1.2600.6223] . . c:\windows\$NtUninstallKB2724197$\ntoskrnl.exe
[-] 2012-04-11 . 8D061BB825BC606C2B1C6F7452D1BAAA . 2192640 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[-] 2012-04-11 . A144D60B35E6DD14CCB9649B5E0D1092 . 2148352 . . [5.1.2600.6206] . . c:\windows\$NtUninstallKB2707511$\ntoskrnl.exe
[-] 2011-10-25 . 3B663B9B193D7E1DE39A466020F1FD91 . 2148864 . . [5.1.2600.6165] . . c:\windows\$NtUninstallKB2676562$\ntoskrnl.exe
[-] 2011-10-25 . F512C662874D7545E5BD8005E6800A44 . 2192768 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . 60E16152D847D7A7B7D3DA4C4B8E2120 . 2148864 . . [5.1.2600.6055] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
.
[-] 2008-08-21 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll
[-] 2008-08-21 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-08-21 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-08-21 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\w32time.dll
[-] 2008-08-21 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2008-08-21 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\w32time.dll
.
[-] 2008-08-21 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wiaservc.dll
[-] 2008-08-21 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2008-08-21 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll
.
[-] 2008-08-21 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\midimap.dll
[-] 2008-08-21 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2008-08-21 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll
.
[-] 2008-08-21 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\rasadhlp.dll
[-] 2008-08-21 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2008-08-21 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll
.
[-] 2008-08-21 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[-] 2008-08-21 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wshtcpip.dll
.

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load24th April 2013, 1:53 am

more_horiz
Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\LYNDA\Application Data\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-25 490880]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~2\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-14 4394032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\documents and settings\LYNDA\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-18 19:08 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2012-02-01 17:36 50592 ----a-w- c:\documents and settings\LYNDA\Application Data\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-08-21 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-03-24 03:13 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-24 03:17 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-24 03:17 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 05:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 21:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 14:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
"c:\\Documents and Settings\\LYNDA\\Application Data\\mjusbsp\\magicJack.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 4:46 AM 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/19/2011 4:32 AM 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/10/2011 7:54 AM 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/4/2012 10:18 AM 33112]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [12/15/2012 11:01 PM 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 11:54 AM 116608]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~2\acs.exe [12/15/2012 11:34 PM 1195008]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [11/18/2012 9:57 AM 464256]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2/19/2013 4:02 AM 282624]
R2 USTSScheduler;US Tech Support Scheduling Service;c:\program files\USTechSupport\SchedulerService\SchedulerService.exe [1/17/2013 10:48 AM 737600]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [12/15/2012 10:58 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [12/15/2012 11:01 PM 257432]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2/27/2013 11:42 PM 4937264]
S2 msav;Moon Secure Antivirus Core; [x]
S2 Secunia Update Agent;Secunia Update Agent; [x]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [4/30/2011 1:32 AM 167264]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 00:06]
.
2013-04-24 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2012-11-18 04:33]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-26 23:12]
.
.
------- Supplementary Scan -------
.
Trusted Zone: walmartone.com\www
TCP: DhcpNameServer = 192.168.1.1 74.40.74.40
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
MSConfigStartUp-OutpostMonitor - c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe
HKLM_ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-23 21:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1060)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-04-23 21:27:07
ComboFix-quarantined-files.txt 2013-04-24 04:27
.
Pre-Run: 23,549,149,184 bytes free
Post-Run: 23,544,684,544 bytes free
.
- - End Of File - - C23D90B2E89381EAD8DFB3D3E292ABDB

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load24th April 2013, 1:55 am

more_horiz
also turned on windows firewall. It is always on. it somehow got turned off also have outpost Thanks

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load24th April 2013, 6:21 pm

more_horiz
It is always on. it somehow got turned off also have outpost

If you mean "Outpost Firewall" you should only run one Firewall on your computer due to conflicting issues.
Are you still being blocked on some sites?

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load24th April 2013, 10:34 pm

more_horiz
Well I am now able to most like facebook but the site I use for work still everytime I try to log in it it won't . maybe it's just that site . I can log on on another computer but not this one when I used to be able to.

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************


******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: AA374000
Module End: AA38C000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7BAE000
Module End: F7BB0000
Hidden: Yes

Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: F7C3A000
Module End: F7C3C000
Hidden: Yes

Module Name: \??\C:\DOCUME~1\LYNDA\LOCALS~1\Temp\catchme.sys
Service Name: catchme
Module Base: F79A6000
Module End: F79AE000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAssignProcessToJobObject
Address: AA4F8A60
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwClose
Address: AA4DDBF0
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwConnectPort
Address: AA4FA920
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwCreateFile
Address: AA4D9F60
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwCreateKey
Address: AA4E5090
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwCreateProcess
Address: AA4F12B0
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwCreateProcessEx
Address: AA4F1BB0
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwCreateSection
Address: AA4D8D10
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwCreateSymbolicLinkObject
Address: AA4E4E40
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwCreateThread
Address: AA4EFD70
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwDebugActiveProcess
Address: AA4FDF30
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwDeleteFile
Address: AA4E3B20
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwDeleteKey
Address: AA4E6900
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwDeleteValueKey
Address: AA4ED3A0
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwLoadDriver
Address: AA4EEBB0
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwMakeTemporaryObject
Address: AA4E46B0
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwNotifyChangeKey
Address: F79575D0
Driver Base: F7956000
Driver End: F795E000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwNotifyChangeMultipleKeys
Address: F7957700
Driver Base: F7956000
Driver End: F795E000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwOpenFile
Address: AA4DCC10
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwOpenKey
Address: AA4E5FC0
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwOpenProcess
Address: F7957010
Driver Base: F7956000
Driver End: F795E000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwOpenSection
Address: AA4D9580
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwOpenThread
Address: AA4F3060
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwProtectVirtualMemory
Address: AA4F9DA0
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwQueryDirectoryFile
Address: AA4DE8A0
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwQueryKey
Address: AA4E8750
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwQueryValueKey
Address: AA4E8FA0
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwQueueApcThread
Address: AA4F7ED0
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwRenameKey
Address: AA4EC590
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwReplaceKey
Address: AA4EA500
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwRequestPort
Address: AA4FCA50
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwRequestWaitReplyPort
Address: AA4FCD70
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwRestoreKey
Address: AA4EBD20
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwSaveKey
Address: AA4EAC80
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwSaveKeyEx
Address: AA4EB4D0
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwSecureConnectPort
Address: AA4FB480
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwSetContextThread
Address: AA4F7440
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwSetInformationDebugObject
Address: AA4FE520
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwSetInformationFile
Address: AA4DFBF0
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwSetSystemInformation
Address: AA4EE1C0
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwSetValueKey
Address: AA4E9820
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwSuspendProcess
Address: F7957300
Driver Base: F7956000
Driver End: F795E000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwSuspendThread
Address: F79573E0
Driver Base: F7956000
Driver End: F795E000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwSystemDebugControl
Address: AA4FD770
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwTerminateProcess
Address: AA58D640
Driver Base: AA583000
Driver End: AA5A5000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

Function Name: ZwTerminateThread
Address: F7957210
Driver Base: F7956000
Driver End: F795E000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwUnloadDriver
Address: AA4EF530
Driver Base: AA4D8000
Driver End: AA583000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwWriteVirtualMemory
Address: F79574D0
Driver Base: F7956000
Driver End: F795E000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found


Yes Outpost firewall which do you suggest I use?

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load24th April 2013, 11:24 pm

more_horiz
Well I am now able to most like facebook but the site I use for work still everytime I try to log in it it won't . maybe it's just that site

Are you sure that your Firewall is not blocking it? Can you send me that link in a pm. I'll have a look at it.
Yes Outpost firewall which do you suggest I use?

If you paid for it you may as well use it.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the Not able to Access sites anymore and will not load EsetOnline button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on Not able to Access sites anymore and will not load EsetSmartInstall to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Not able to Access sites anymore and will not load EsetSmartInstallDesktopIcon-1 icon on your desktop.

•Check Not able to Access sites anymore and will not load EsetAcceptTerms
•Click the Not able to Access sites anymore and will not load EsetStart button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check Not able to Access sites anymore and will not load EsetScanArchives
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push Not able to Access sites anymore and will not load EsetListThreats
•Push Not able to Access sites anymore and will not load EsetExport, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the Not able to Access sites anymore and will not load EsetBack button.
•Push Not able to Access sites anymore and will not load EsetFinish
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load25th April 2013, 2:22 pm

more_horiz
Now not able to access the internet. Noticed that my avg. virus protection had a yellow caution on it. I clicked on it and it says that my web browsing is not active nor is my email protection. I ran a scan it it detected 11 items which are all of the IRP hook origin. I am not able to restore my computer to previous settings. I tried getting online in safe mode and not able to do that either. Avg suggested to download the avg rescue cd but can't do that without getting online. Thanks

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load25th April 2013, 6:54 pm

more_horiz
You will have to download this on another computer and transfer it to your computer using one of the methods I described in my first post.

Please download MiniToolBox to Desktop and run it.

Not able to Access sites anymore and will not load MiniToolBox

Checkmark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • Lst Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size

Click Go and copy/paste the log (Result.txt) into your next post.

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load27th April 2013, 2:36 am

more_horiz
MiniToolBox by Farbar Version:21-04-2013
Ran by LYNDA (administrator) on 26-04-2013 at 22:30:09
Running from "G:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip



popd
# End of interface IP configuration




Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Unable to contact IP driver, error code 2,


========================= Event log errors: ===============================

Application errors:
==================
Error: (04/26/2013 10:03:08 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (04/26/2013 08:21:16 AM) (Source: Application Error) (User: )
Description: Faulting application DataCollection.exe, version 2.1.0.4741, faulting module DataCollection.exe, version 2.1.0.4741, fault address 0x0004d981.
Processing media-specific event for [DataCollection.exe!ws!]

Error: (04/26/2013 07:16:01 AM) (Source: Application Error) (User: )
Description: Faulting application DataCollection.exe, version 2.1.0.4741, faulting module DataCollection.exe, version 2.1.0.4741, fault address 0x0004d981.
Processing media-specific event for [DataCollection.exe!ws!]

Error: (04/26/2013 06:10:47 AM) (Source: Application Error) (User: )
Description: Faulting application DataCollection.exe, version 2.1.0.4741, faulting module DataCollection.exe, version 2.1.0.4741, fault address 0x0004d981.
Processing media-specific event for [DataCollection.exe!ws!]

Error: (04/26/2013 05:05:33 AM) (Source: Application Error) (User: )
Description: Faulting application DataCollection.exe, version 2.1.0.4741, faulting module DataCollection.exe, version 2.1.0.4741, fault address 0x0004d981.
Processing media-specific event for [DataCollection.exe!ws!]

Error: (04/26/2013 04:00:18 AM) (Source: Application Error) (User: )
Description: Faulting application DataCollection.exe, version 2.1.0.4741, faulting module DataCollection.exe, version 2.1.0.4741, fault address 0x0004d981.
Processing media-specific event for [DataCollection.exe!ws!]

Error: (04/25/2013 08:01:41 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (04/25/2013 03:10:00 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (04/25/2013 02:47:25 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: with error: The server name or address could not be resolved

Error: (04/25/2013 02:47:07 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)


System errors:
=============
Error: (04/26/2013 10:30:17 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (04/26/2013 10:30:17 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2

Error: (04/26/2013 10:30:17 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (04/26/2013 10:30:17 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2

Error: (04/26/2013 10:30:16 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (04/26/2013 10:30:16 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2

Error: (04/26/2013 10:30:15 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (04/26/2013 10:30:15 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2

Error: (04/26/2013 10:30:15 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (04/26/2013 10:30:15 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (04/26/2013 10:03:08 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (04/26/2013 08:21:16 AM) (Source: Application Error)(User: )
Description: DataCollection.exe2.1.0.4741DataCollection.exe2.1.0.47410004d981

Error: (04/26/2013 07:16:01 AM) (Source: Application Error)(User: )
Description: DataCollection.exe2.1.0.4741DataCollection.exe2.1.0.47410004d981

Error: (04/26/2013 06:10:47 AM) (Source: Application Error)(User: )
Description: DataCollection.exe2.1.0.4741DataCollection.exe2.1.0.47410004d981

Error: (04/26/2013 05:05:33 AM) (Source: Application Error)(User: )
Description: DataCollection.exe2.1.0.4741DataCollection.exe2.1.0.47410004d981

Error: (04/26/2013 04:00:18 AM) (Source: Application Error)(User: )
Description: DataCollection.exe2.1.0.4741DataCollection.exe2.1.0.47410004d981

Error: (04/25/2013 08:01:41 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (04/25/2013 03:10:00 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (04/25/2013 02:47:25 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (04/25/2013 02:47:07 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)


========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 1014.07 MB
Available physical RAM: 544.66 MB
Total Pagefile: 2440.11 MB
Available Pagefile: 1870.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.36 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:37.24 GB) (Free:22.03 GB) NTFS
4 Drive f: (PHONE) (Removable) (Total:0.02 GB) (Free:0.02 GB) FAT
5 Drive g: (USB DISK) (Removable) (Total:0.48 GB) (Free:0.01 GB) FAT

========================= Users: ========================================

User accounts for \\GENERAL1

Administrator Guest HelpAssistant
LYNDA SUPPORT_388945a0


**** End of log ****

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load27th April 2013, 6:20 pm

more_horiz
Can you send me that link in a pm. I'll have a look at it?

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load27th April 2013, 10:19 pm

more_horiz
not understanding what link you want me to pm you. thanks

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load27th April 2013, 10:29 pm

more_horiz
Lynangeel wrote:
not understanding what link you want me to pm you. thanks

You mentioned that there was one particular site that you can't access. That's the link I would like you to send me in a pm. I would like to try it, if you don't mind.

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load28th April 2013, 12:04 am

more_horiz
I can't log into first-federal bank. Just a blank page but the WalMartone is ok. Let's try something else. Please do this even if you don't have the OS disk.Please tell me if the computer asks for a disk at some point.

Do you have an XP CD?

If so, place it in your CD ROM drive and follow the instructions below:
•Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load28th April 2013, 12:50 am

more_horiz
I am sorry for wasting your time on that crappy computer. I have a cd but the door won't open. Need to figure out why now our other good computer is not working right. Not loading sites as well. My husband uses it most and doesn't update things including the virus protection. I try to keep it up but I am usually worried about the other one the kids use. Thanks for your help

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load28th April 2013, 1:19 am

more_horiz
Not able to load things also like system restore. already have malwarebytes on this computer and it doesn't show anything. will not let you download new versions of stuff.

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load28th April 2013, 2:04 am

more_horiz
Please run SFC even if you don't have the disk and let me know what happens.

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load28th April 2013, 3:11 am

more_horiz
Ran it and it didn't change anything

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load28th April 2013, 6:41 pm

more_horiz
Have you tried re-setting your mode. Disconnect the power supply for at least 30 secs.

My husband uses it most and doesn't update things including the virus protection.

A good AV should update itself.


  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    Not able to Access sites anymore and will not load TDSSKillernumber1

  • If an infected file is detected, the default action will be Cure, click on Continue.

    Not able to Access sites anymore and will not load TDSSKillernumber2

  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    Not able to Access sites anymore and will not load TDSSKillernumber3

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Not able to Access sites anymore and will not load TDSSKillerlastone3

  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load28th April 2013, 10:57 pm

more_horiz
yes I have done the modem thing but it isn't that . it says that is connection to the services besides the other computer wouldn't work if the modem has a problem. it runs off the same. when you try to log on it says to diagnose connection problems but when you click to do so it will not do anything. The computer that has no connection has avg on it and it does update itself and doesn't expire unless i take it off. The other computer that is now messing up that my husband uses has avast but it is the free version and it expires every year and when you don't renew it. you have no protection. an he let it expire and i did update it along with a couple other programs it was fine at first but the next day you cannot load anything and I unable to update a couple of the other programs that need it.
I ran the Tdsskiller didn't find anything

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load29th April 2013, 12:01 am

more_horiz
Please download Farbar Service Scanner and run it on the computer with the issue.

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load29th April 2013, 12:55 am

more_horiz
Farbar Service Scanner Version: 14-04-2013
Ran by LYNDA (administrator) on 28-04-2013 at 20:50:09
Running from "G:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Other errors
Attempt to access Yahoo.com returned error: Other errors


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2010-11-17 18:31] - [2013-04-25 08:13] - 0073016 ____A (AVG Technologies CZ, s.r.o.) BCAB8B6531B595A9030274E8B6EAE3D8

ATTENTION!=====> C:\WINDOWS\system32\Drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED.

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys
[2010-11-17 18:31] - [2013-04-25 08:13] - 0073016 ____A (AVG Technologies CZ, s.r.o.) BCAB8B6531B595A9030274E8B6EAE3D8

ATTENTION!=====> C:\WINDOWS\system32\Drivers\ipsec.sys IS INFECTED AND SHOULD BE REPLACED.

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000900000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load29th April 2013, 1:25 am

more_horiz
Aha, two infected files. Now we need to find two clean ones.

Please download SystemLook from one of the links below and save it to your desktop.

Link # 1
Link # 2

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double-click SystemLook.exe to run it.

Copy the contents of the following codebox into the main textfield.

Code:

:filefind
ipsec.sys
afd.sys


Click the Look button to start the scan.

Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load29th April 2013, 11:39 pm

more_horiz
not able to run this system look. the only way i can download it is to a portable device. can't do it by cd since cd part doesn't work either. when i try it by the device it will not run. I keep getting an error that says "script required"

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load30th April 2013, 12:34 am

more_horiz
Lynangeel wrote:
not able to run this system look. the only way i can download it is to a portable device. can't do it by cd since cd part doesn't work either. when i try it by the device it will not run. I keep getting an error that says "script required"

You should be able to download to a USB memory stick, transfer it to your desktop and then try to run it. I need to see where I can find a copy of those files.

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load30th April 2013, 1:39 am

more_horiz
It downloads to the USB stick. I can put it on my desktop but when you click on look it says error "script required"

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load30th April 2013, 7:14 pm

more_horiz
Lynangeel wrote:
It downloads to the USB stick. I can put it on my desktop but when you click on look it says error "script required"

And, what happens then? Does it close?

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load30th April 2013, 11:36 pm

more_horiz
nothing, everytime you the script required box comes up you can't do anything and when you close it the program is still up but then you click look button again and it starts all over. maybe it isn't downloading properly due to the fact the this other computer i am typing on is messed up as well. the other scans downloaded ok it seemed.

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load1st May 2013, 7:17 pm

more_horiz
Please download and run MicroSoft Safety Scanner. This will take about 20 minutes to run and will produce a log if your computer was infected. Please post the log. This scanner only has a shelf life of 10 days so you will need to download a new one if you want to run a scan after the trial period has expired.
***********************************************************
Re-running ComboFix to remove infections:


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::

    FileLook::
    C:\WINDOWS\system32\Drivers\afd.sys
    C:\WINDOWS\system32\Drivers\ipsec.sys


  • Save this as CFScript.txt, in the same location as ComboFix.exe

    Not able to Access sites anymore and will not load Cfscriptb4

  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load3rd May 2013, 4:00 pm

more_horiz
was not able to run microsoft scanner first. was getting a javascript void error.
ran combo fix first. now able to run the other scan. Here is the results of the combo scan:
ComboFix 13-05-01.03 - Dell User 05/03/2013 11:27:25.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.445 [GMT -4:00]
Running from: c:\documents and settings\Dell User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dell User\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\default\us_sres.data
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\5C321E34.TMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\Dell User\Desktop\EZ-Tracks.com.lnk
c:\documents and settings\Dell User\WINDOWS
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2013-04-03 to 2013-05-03 )))))))))))))))))))))))))))))))
.
.
2013-05-03 14:51 . 2013-05-03 14:51 -------- d-----w- c:\documents and settings\Dell User\Application Data\Registry Kit
2013-05-03 14:41 . 2013-05-03 14:56 -------- d-----w- c:\program files\Registry Kit
2013-05-01 00:05 . 2013-05-01 00:08 -------- dc-h--w- c:\windows\ie8
2013-04-30 00:24 . 2013-04-30 00:24 -------- d-----w- c:\windows\ERUNT
2013-04-30 00:23 . 2013-04-30 00:23 -------- d-----w- C:\JRT
2013-04-29 02:06 . 2013-05-03 15:40 -------- d-----w- c:\windows\system32\CatRoot2
2013-04-29 01:02 . 2013-04-29 01:02 -------- d-----w- c:\documents and settings\Dell User\Local Settings\Application Data\Sun
2013-04-28 23:19 . 2013-04-28 23:19 -------- d-----w- C:\RegBackup
2013-04-28 03:18 . 2013-04-29 02:05 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-04-28 03:15 . 2013-04-28 03:15 -------- d-----w- c:\program files\Tweaking.com
2013-04-28 02:20 . 2008-04-13 21:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2013-04-28 02:19 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2013-04-28 02:19 . 2008-04-13 21:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2013-04-28 02:19 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2013-04-28 02:19 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2013-04-28 02:19 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2013-04-28 02:18 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2013-04-28 02:18 . 2004-08-04 02:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2013-04-28 02:18 . 2008-04-13 15:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2013-04-28 02:18 . 2004-08-04 02:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2013-04-28 02:18 . 2008-04-13 21:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2013-04-28 02:18 . 2008-04-13 15:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2013-04-28 02:18 . 2004-08-04 02:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2013-04-28 02:18 . 2001-08-17 16:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2013-04-28 02:18 . 2008-04-14 00:11 156672 -c--a-w- c:\windows\system32\dllcache\OLD952.tmp
2013-04-28 02:18 . 2008-04-14 00:11 156672 -c--a-w- c:\windows\system32\dllcache\OLD94F.tmp
2013-04-28 02:18 . 2008-04-14 00:11 156672 -c--a-w- c:\windows\system32\dllcache\OLD94C.tmp
2013-04-28 02:16 . 2001-08-17 16:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2013-04-28 02:15 . 2001-08-17 17:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2013-04-28 02:15 . 2001-08-17 17:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2013-04-28 02:15 . 2001-08-17 17:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2013-04-28 02:15 . 2001-08-17 17:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2013-04-28 02:15 . 2001-08-17 17:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2013-04-28 02:15 . 2001-08-17 17:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2013-04-28 02:15 . 2001-08-17 17:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2013-04-28 02:15 . 2008-04-13 15:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2013-04-28 02:15 . 2008-04-13 15:45 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2013-04-28 02:15 . 2004-08-04 02:31 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
2013-04-28 02:15 . 2008-04-14 00:11 76288 -c--a-w- c:\windows\system32\dllcache\OLD8DC.tmp
2013-04-28 02:15 . 2008-04-14 00:11 65024 -c--a-w- c:\windows\system32\dllcache\OLD8D9.tmp
2013-04-28 02:15 . 2001-08-18 02:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2013-04-28 02:13 . 2001-08-18 02:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2013-04-28 02:12 . 2004-08-04 10:00 455168 -c--a-w- c:\windows\system32\dllcache\OLD898.tmp
2013-04-28 02:11 . 2001-08-17 18:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2013-04-28 02:10 . 2001-08-17 17:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2013-04-28 02:10 . 2004-08-04 10:00 16896 -c--a-w- c:\windows\system32\dllcache\OLD850.tmp
2013-04-28 02:10 . 2001-08-17 16:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2013-04-28 02:10 . 2001-08-18 02:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2013-04-28 02:10 . 2004-08-04 10:00 101376 -c--a-w- c:\windows\system32\dllcache\OLD847.tmp
2013-04-28 02:10 . 2001-08-18 02:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2013-04-28 02:10 . 2001-08-17 17:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2013-04-28 02:10 . 2001-08-18 02:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2013-04-28 02:10 . 2001-08-17 18:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2013-04-28 02:10 . 2001-08-17 17:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2013-04-28 02:10 . 2001-08-17 16:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2013-04-28 02:10 . 2001-08-18 02:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2013-04-28 02:08 . 2008-04-13 15:36 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2013-04-28 02:07 . 2001-08-17 18:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2013-04-28 02:07 . 2001-08-17 16:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2013-04-28 02:07 . 2001-08-17 18:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2013-04-28 02:07 . 2001-08-17 16:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2013-04-28 02:07 . 2004-08-04 10:00 18944 -c--a-w- c:\windows\system32\dllcache\OLD7B5.tmp
2013-04-28 02:07 . 2001-07-21 18:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2013-04-28 02:07 . 2001-07-21 18:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2013-04-28 02:07 . 2001-08-17 16:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2013-04-28 02:07 . 2001-08-18 02:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2013-04-28 02:07 . 2001-08-17 16:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2013-04-28 02:07 . 2001-08-17 17:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2013-04-28 02:07 . 2001-08-17 17:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2013-04-28 02:05 . 2001-08-17 16:50 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2013-04-28 02:04 . 2001-08-18 02:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2013-04-28 02:04 . 2001-08-17 16:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2013-04-28 02:04 . 2008-04-14 00:11 26112 -c--a-w- c:\windows\system32\dllcache\OLD757.tmp
2013-04-28 02:04 . 2008-04-13 15:40 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2013-04-28 02:04 . 2001-08-17 16:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2013-04-28 02:04 . 2001-08-18 02:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2013-04-28 02:04 . 2001-08-18 05:36 23040 -c--a-w- c:\windows\system32\dllcache\OLD74E.tmp
2013-04-28 02:04 . 2004-08-04 10:00 14848 -c--a-w- c:\windows\system32\dllcache\OLD74A.tmp
2013-04-28 02:04 . 2001-08-17 17:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2013-04-28 02:04 . 2001-08-17 17:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2013-04-28 02:02 . 2001-08-18 02:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2013-04-28 02:01 . 2001-08-18 02:36 16384 -c--a-w- c:\windows\system32\dllcache\philcam1.dll
2013-04-28 02:00 . 2001-08-18 02:36 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2013-04-28 01:59 . 2001-08-17 16:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2013-04-28 01:59 . 2001-08-18 02:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2013-04-28 01:59 . 2013-03-07 00:50 2070016 -c--a-w- c:\windows\system32\dllcache\OLD68B.tmp
2013-04-28 01:59 . 2001-08-18 05:36 38912 -c--a-w- c:\windows\system32\dllcache\OLD686.tmp
2013-04-28 01:59 . 2001-08-17 16:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2013-04-28 01:59 . 2001-08-17 17:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2013-04-28 01:59 . 2001-08-17 17:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2013-04-28 01:59 . 2008-04-13 15:54 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2013-04-28 01:59 . 2001-08-17 16:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2013-04-28 01:59 . 2001-08-17 16:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2013-04-28 01:59 . 2001-08-17 16:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2013-04-28 01:57 . 2001-08-17 16:11 52255 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys
2013-04-28 01:57 . 2001-08-17 17:50 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2013-04-28 01:57 . 2001-08-18 02:36 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2013-04-28 01:57 . 2001-08-17 17:49 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2013-04-28 01:57 . 2001-08-18 02:36 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2013-04-28 01:57 . 2001-08-17 17:50 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2013-04-28 01:57 . 2004-08-04 10:00 229439 -c--a-w- c:\windows\system32\dllcache\OLD64A.tmp
2013-04-28 01:57 . 2001-08-17 16:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2013-04-28 01:57 . 2008-04-13 15:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2013-04-28 01:57 . 2008-04-13 15:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2013-04-28 01:57 . 2001-08-17 17:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2013-04-28 01:57 . 2001-08-17 18:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2013-04-28 01:56 . 2008-04-13 15:54 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2013-04-28 01:56 . 2004-08-04 10:00 1875968 -c--a-w- c:\windows\system32\dllcache\OLD639.tmp
2013-04-28 01:56 . 2004-08-04 10:00 98304 -c--a-w- c:\windows\system32\dllcache\OLD636.tmp
2013-04-28 01:56 . 2001-08-17 18:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2013-04-28 01:56 . 2001-08-17 17:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2013-04-28 01:56 . 2008-04-13 15:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2013-04-28 01:56 . 2001-08-17 17:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2013-04-28 01:56 . 2008-04-13 15:46 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2013-04-28 01:56 . 2001-08-17 17:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2013-04-28 01:54 . 2001-08-17 16:49 22848 -c--a-w- c:\windows\system32\dllcache\lwusbhid.sys
2013-04-28 01:53 . 2001-08-18 02:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2013-04-28 01:52 . 2008-04-13 21:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2013-04-28 01:51 . 2008-04-14 00:09 315455 -c--a-w- c:\windows\system32\dllcache\OLD527.tmp
2013-04-28 01:50 . 2001-08-18 02:36 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2013-04-28 01:49 . 2008-04-14 00:09 13463552 -c--a-w- c:\windows\system32\dllcache\OLD49D.tmp
2013-04-28 01:48 . 2001-08-17 17:28 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2013-04-28 01:47 . 2008-04-13 15:36 20352 -c--a-w- c:\windows\system32\dllcache\hidbatt.sys
2013-04-28 01:46 . 2001-08-17 16:15 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2013-04-28 01:45 . 2001-08-17 17:52 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-26 23:01 . 2008-11-22 14:26 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-26 23:01 . 2011-05-04 16:34 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-18 22:34 . 2012-04-07 22:44 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-18 22:34 . 2011-05-17 20:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 08:36 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2005-03-30 01:21 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2005-03-30 01:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-06 22:33 . 2012-01-19 00:31 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 22:33 . 2010-10-25 02:44 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 22:33 . 2010-10-25 02:44 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 22:33 . 2010-10-25 02:44 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 22:33 . 2010-10-25 02:44 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 22:32 . 2010-10-25 02:44 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 22:32 . 2010-10-25 02:44 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-02 02:06 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2004-08-04 10:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2008-04-21 18:47 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-04-13 18:56 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 10:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load3rd May 2013, 4:01 pm

more_horiz
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\Drivers\afd.sys ---
Company: Microsoft Corporation
File Description: Ancillary Function Driver for WinSock
File Version: 5.1.2600.6142 (xpsp_sp3_gdr.110817-1643)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: afd.sys
File size: 138496
Created time: 2004-08-04 10:00
Modified time: 2011-08-17 13:49
MD5: 1E44BC1E83D8FD2305F8D452DB109CF9
SHA1: 985C2F081D3CFD46692681EB7CF2A1A357EB9FB2
.
.
--- c:\windows\system32\Drivers\ipsec.sys ---
Company: Microsoft Corporation
File Description: IPSec Driver
File Version: 5.1.2600.5512 (xpsp.080413-0852)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: ipsec.sys
File size: 75264
Created time: 2004-08-04 10:00
Modified time: 2008-04-13 19:19
MD5: 23C74D75E36E7158768DD63D92789A91
SHA1: 5C6DBEC1D047A3252E8FDAD3A240DDA073ACEFEC
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"cdloader"="c:\documents and settings\Dell User\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2011-01-10 4318520]
"Online Backup Auto Update"="c:\program files\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe" [2008-11-24 40960]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-03-06 4767304]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\documents and settings\Dell User\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Documents and Settings\\Dell User\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [4/26/2013 5:12 PM 49248]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [8/29/2011 1:40 AM 13496]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2/27/2012 1:57 PM 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/18/2012 8:31 PM 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/24/2010 10:44 PM 368176]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [8/6/2009 11:14 PM 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [8/6/2009 11:12 PM 1195008]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [4/2/2013 11:14 PM 464256]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/24/2010 10:44 PM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [4/26/2013 9:48 AM 66336]
R2 FilesystemWatcher;Filesystem Watcher;c:\program files\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe [9/2/2008 12:02 PM 24576]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [8/29/2011 1:39 AM 820568]
R2 OnlineBackupCommFrameworkService;Online Backup Communication Server;c:\program files\Verizon\Online Backup & Sharing\Communication\OnlineBackup.CommunicationFrameworkService.exe [11/24/2008 4:53 PM 20480]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 2:44 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 2:44 AM 399416]
R2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [12/22/2011 4:34 PM 689464]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 7:31 AM 92008]
R2 VaultProxy;DigiData Vault Proxy Service;c:\program files\Verizon\Online Backup & Sharing\DigiData.Vault.VaultExplorer.Service.exe [11/21/2008 1:07 PM 16384]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [8/6/2009 11:12 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [8/6/2009 11:14 PM 257432]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
R3 ZG760_XP;ZyXEL 802.11g XG762 1211 Driver;c:\windows\system32\drivers\WlanGZXP.sys [1/23/2009 11:14 PM 402944]
S0 Lbd;Lbd; [x]
S2 OnlineBackupSchedulerService;Online Backup Scheduler; [x]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [4/26/2013 5:12 PM 164736]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/27/2013 9:25 PM 35144]
S3 PSEXESVC;PsExec;c:\windows\PSEXESVC.EXE [4/27/2013 11:18 PM 181064]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [8/29/2011 1:39 AM 30368]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [8/29/2011 1:39 AM 16080]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [8/29/2011 1:39 AM 239600]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 22:34]
.
2013-05-03 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2013-04-03 00:33]
.
2013-05-03 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-06-30 22:32]
.
2013-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-26 21:12]
.
2013-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-26 21:12]
.
2013-05-03 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-08-29 00:19]
.
2013-05-03 c:\windows\Tasks\User_Feed_Synchronization-{36DA956C-FD18-42D8-89F3-9B2AE761A6E3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]
.
.

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load3rd May 2013, 4:02 pm

more_horiz
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel
Trusted Zone: microsoft.com\office
TCP: DhcpNameServer = 192.168.1.1 74.40.74.40
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM_ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files\Coupons\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-03 11:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1088)
c:\windows\system32\NavLogon.dll
.
- - - - - - - > 'explorer.exe'(3056)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\program files\Verizon\Online Backup & Sharing\DigiData.Vault.VaultExplorer.dll
c:\program files\Verizon\Online Backup & Sharing\LogicNP.EZNamespaceExtensions.dll
c:\windows\assembly\GAC_MSIL\DigiData.Vault.Proxy\1.4.0.0__9020972b7d9d3317\DigiData.Vault.Proxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\bgsvcgen.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-05-03 11:49:58 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-03 15:49
ComboFix2.txt 2010-07-05 21:16
.
Pre-Run: 463,269,400,576 bytes free
Post-Run: 463,380,836,352 bytes free
.
- - End Of File - - 5FB6409F193D68579912864069489E98

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load3rd May 2013, 7:28 pm

more_horiz
Download FileFind by Atribune

•Unzip the file and save it to your desktop.
•Double-click on FileFind.exe
•In the box labeled "Enter the directory to search" type C:\

•(note if your default Windows boot drive is not drive C, substitute your drive letter).
•In the box labeled "Enter the file to search" type C:\WINDOWS\system32\Drivers\afd.sys

•Click on the Find button.

•Once the utility has found the files click on Export. This will save a text file to your C:\ drive (or your default Windows drive) as Export.txt.
Add the C:\Export.txt log to your next message.
***********************************************
Also please do a search for this file: C:\WINDOWS\system32\Drivers\ipsec.sys

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load7th May 2013, 2:06 pm

more_horiz
nothing to export says that 0 files found in 7364 directories

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load7th May 2013, 6:40 pm

more_horiz
Please try to run SystemLook on page 2 again. If that doesn't work, please try this scanner below.

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load10th May 2013, 2:59 am

more_horiz
The computer with the two infected files I am not able to get online. This virus remover that you suggested I run I am not able to download. I tried downloading it to a memory stick but the one I have doesn't have enough space I guess. There is nothing on it but keeps saying to full.

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load10th May 2013, 6:32 pm

more_horiz
I tried downloading it to a memory stick but the one I have doesn't have enough space I guess. There is nothing on it but keeps saying to full.

You could use a CD-RW which is re-writable.

Please run the Farbar Service Scanner found on page 2 and post the log again.

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load18th May 2013, 12:44 am

more_horiz
Farbar Service Scanner Version: 14-04-2013
Ran by LYNDA (administrator) on 17-05-2013 at 20:40:13
Running from "G:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Other errors
Attempt to access Yahoo.com returned error: Other errors

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load18th May 2013, 12:56 am

more_horiz
Please download MiniToolBox to Desktop and run it.

Not able to Access sites anymore and will not load MiniToolBox

Checkmark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • Lst Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size

Click Go and copy/paste the log (Result.txt) into your next post.

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load28th May 2013, 2:41 pm

more_horiz
MiniToolBox by Farbar Version:21-04-2013
Ran by LYNDA (administrator) on 28-05-2013 at 10:37:23
Running from "G:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip



popd
# End of interface IP configuration




Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Unable to contact IP driver, error code 2,


========================= Event log errors: ===============================

Application errors:
==================
Error: (05/28/2013 10:20:45 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/28/2013 10:20:45 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/23/2013 06:48:39 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/23/2013 06:48:39 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/17/2013 08:37:51 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/17/2013 08:37:51 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/09/2013 06:49:13 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/09/2013 06:49:13 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/07/2013 09:05:13 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/04/2013 00:46:35 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory


System errors:
=============
Error: (05/28/2013 10:37:31 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (05/28/2013 10:37:31 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2

Error: (05/28/2013 10:37:31 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (05/28/2013 10:37:31 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2

Error: (05/28/2013 10:37:30 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (05/28/2013 10:37:30 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2

Error: (05/28/2013 10:37:30 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (05/28/2013 10:37:30 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2

Error: (05/28/2013 10:37:29 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (05/28/2013 10:37:29 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (05/28/2013 10:20:45 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/28/2013 10:20:45 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/23/2013 06:48:39 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/23/2013 06:48:39 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/17/2013 08:37:51 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/17/2013 08:37:51 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/09/2013 06:49:13 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/09/2013 06:49:13 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/07/2013 09:05:13 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/04/2013 00:46:35 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory


========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 1014.07 MB
Available physical RAM: 542.33 MB
Total Pagefile: 2442.29 MB
Available Pagefile: 1865.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.91 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:37.24 GB) (Free:21.53 GB) NTFS
4 Drive f: (PHONE) (Removable) (Total:0.02 GB) (Free:0.02 GB) FAT
5 Drive g: (USB DISK) (Removable) (Total:0.48 GB) (Free:0.05 GB) FAT

========================= Users: ========================================

User accounts for \\GENERAL1

Administrator Guest HelpAssistant
LYNDA SUPPORT_388945a0


**** End of log ****

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load28th May 2013, 7:30 pm

more_horiz
I realize that we've already tried this but please try it again. We need to find a clean file to replace the one that is infected.

Please download SystemLook from one of the links below and save it to your desktop.

Link # 1
Link # 2

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double-click SystemLook.exe to run it.

Copy the contents of the following codebox into the main textfield.

Code:

:filefind
afd.sys


Click the Look button to start the scan.

Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt

descriptionNot able to Access sites anymore and will not load EmptyRe: Not able to Access sites anymore and will not load

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum