File recovery rogue scanner infection

Solved
By CanHazTrojanz?
Sep 1, 2012
  1. Broni

    Broni Malware Annihilator Posts: 45,296   +243

    Yes, run it anyway.
  2. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    OK, TDSS found no threats. Here is the aswMBR log:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-07 20:33:46
    -----------------------------
    20:33:46.534 OS Version: Windows x64 6.1.7601 Service Pack 1
    20:33:46.534 Number of processors: 2 586 0x602
    20:33:46.534 ComputerName: IDHUSSEYS-PC UserName: IdHusseys
    20:33:47.455 Initialize success
    20:33:58.936 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    20:33:58.952 Disk 0 Vendor: WDC_WD2500BEKT-60V5T1 12.01A12 Size: 238475MB BusType: 11
    20:33:58.952 Disk 0 MBR read successfully
    20:33:58.952 Disk 0 MBR scan
    20:33:58.952 Disk 0 Windows 7 default MBR code
    20:33:58.967 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    20:33:58.967 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 224323 MB offset 409600
    20:33:58.999 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13848 MB offset 459823104
    20:33:59.014 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
    20:33:59.045 Disk 0 scanning C:\Windows\system32\drivers
    20:34:07.781 Service scanning
    20:34:20.729 Modules scanning
    20:34:20.729 Disk 0 trace - called modules:
    20:34:20.761 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    20:34:20.776 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003126060]
    20:34:20.776 3 CLASSPNP.SYS[fffff8800106e43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80030cb060]
    20:34:20.776 Scan finished successfully
    20:34:58.700 Disk 0 MBR has been saved successfully to "H:\MBR.dat"
    20:34:58.715 The log file has been saved successfully to "H:\aswMBR.txt"
  3. Broni

    Broni Malware Annihilator Posts: 45,296   +243

    Very good :)

    It looks like we fixed the main issue - infected MBR.

    Let's see about your internet connection.

    Please download Farbar Service Scanner Download Link and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
  4. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    Farbar Service Scanner Version: 06-08-2012
    Ran by IdHusseys (administrator) on 07-09-2012 at 20:45:44
    Running from "C:\Users\IdHusseys\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    There is no connection to network.
    Google IP is accessible.
    Attempt to access Google.com returned error: Other errors
    Yahoo IP is accessible.
    Attempt to access Yahoo.com returned error: Other errors

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
  5. Broni

    Broni Malware Annihilator Posts: 45,296   +243

    Please download MiniToolBox, save it to your desktop and run it.

    Checkmark following boxes:
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Devices (do NOT change any settings)
    • List Users, Partitions and Memory size
    Click Go and post the result.
  6. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    MiniToolBox by Farbar Version: 23-07-2012
    Ran by IdHusseys (administrator) on 07-09-2012 at 20:53:30
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ***************************************************************************
    ========================= IE Proxy Settings: ==============================
    Proxy is not enabled.
    No Proxy Server is set.
    ========================= FF Proxy Settings: ==============================
    ========================= Hosts content: =================================
    127.0.0.1 localhost
    ========================= IP Configuration: ================================
    Atheros AR9285 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
    Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
    TAP-Win32 Adapter V9 = Local Area Connection 2 (Media disconnected)

    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4
    reset
    set global
    set interface interface="Local Area Connection" forwarding=enabled advertise=enabled metric=100 nud=enabled
    set interface interface="Wireless Network Connection" forwarding=enabled advertise=enabled metric=100 nud=enabled

    popd
    # End of IPv4 configuration

    Windows IP Configuration
    Host Name . . . . . . . . . . . . : IdHusseys-PC
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Mixed
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    Ethernet adapter Local Area Connection 2:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : TAP-Win32 Adapter V9
    Physical Address. . . . . . . . . : 00-FF-6D-68-D9-29
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Wireless LAN adapter Wireless Network Connection:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Atheros AR9285 802.11b/g/n WiFi Adapter
    Physical Address. . . . . . . . . : 90-4C-E5-47-C6-00
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::bc4f:c5c:6bf5:ad04%12(Preferred)
    Autoconfiguration IPv4 Address. . : 169.254.173.4(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.0.0
    Default Gateway . . . . . . . . . :
    DHCPv6 IAID . . . . . . . . . . . : 328223973
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-C0-E8-D9-00-26-9E-C3-6D-40
    DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
    fec0:0:0:ffff::2%1
    fec0:0:0:ffff::3%1
    NetBIOS over Tcpip. . . . . . . . : Enabled
    Ethernet adapter Local Area Connection:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
    Physical Address. . . . . . . . . : 00-26-9E-C3-6D-40
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter isatap.{CF0CB9F8-FA84-4B47-A1C1-735CF549A63D}:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter isatap.{6D68D929-6D09-4228-BF0D-F084C0AC3907}:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter Local Area Connection* 14:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Server: UnKnown
    Address: fec0:0:0:ffff::1
    Ping request could not find host google.com. Please check the name and try again.
    Server: UnKnown
    Address: fec0:0:0:ffff::1
    Ping request could not find host yahoo.com. Please check the name and try again.
    Server: UnKnown
    Address: fec0:0:0:ffff::1
    Ping request could not find host bleepingcomputer.com. Please check the name and try again.
    Pinging with 32 bytes of data:
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Ping statistics for }‹ns_˜˜˜Iö :
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
    ===========================================================================
    Interface List
    20...00 ff 6d 68 d9 29 ......TAP-Win32 Adapter V9
    12...90 4c e5 47 c6 00 ......Atheros AR9285 802.11b/g/n WiFi Adapter
    10...00 26 9e c3 6d 40 ......Realtek PCIe FE Family Controller
    1...........................Software Loopback Interface 1
    21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
    33...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
    19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
    ===========================================================================
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    169.254.0.0 255.255.0.0 On-link 169.254.173.4 356
    169.254.173.4 255.255.255.255 On-link 169.254.173.4 356
    169.254.255.255 255.255.255.255 On-link 169.254.173.4 356
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 169.254.173.4 356
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 169.254.173.4 356
    ===========================================================================
    Persistent Routes:
    None
    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    1 306 ::1/128 On-link
    12 281 fe80::/64 On-link
    12 281 fe80::bc4f:c5c:6bf5:ad04/128
    On-link
    1 306 ff00::/8 On-link
    12 281 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    None
    ========================= Winsock entries =====================================
    Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog5 02 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
    Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Catalog5 04 C:\Windows\SysWOW64\nwprovau.dll [File Not found] ()
    Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
    Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
    Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
    Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 18 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 19 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 20 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 21 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 22 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 23 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 24 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 25 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 26 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 27 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 28 C:\Windows\SysWOW64\rsvpsp.dll [File Not found] ()
    Catalog9 29 C:\Windows\SysWOW64\rsvpsp.dll [File Not found] ()
    x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
    x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
    x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
    x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
    x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
    x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
    ========================= Event log errors: ===============================
    Application errors:
    ==================
    Error: (09/07/2012 08:12:48 PM) (Source: Schedule) (User: )
    Description: Schedule error: 10044Initialize call failed, bailing out
    Error: (09/07/2012 08:08:37 PM) (Source: Schedule) (User: )
    Description: Schedule error: 10044Initialize call failed, bailing out
    Error: (09/07/2012 07:29:54 PM) (Source: Schedule) (User: )
    Description: Schedule error: 10044Initialize call failed, bailing out
    Error: (09/06/2012 11:38:48 PM) (Source: Schedule) (User: )
    Description: Schedule error: 10044Initialize call failed, bailing out
    Error: (09/06/2012 11:08:27 PM) (Source: Schedule) (User: )
    Description: Schedule error: 10044Initialize call failed, bailing out
    Error: (09/06/2012 11:05:03 PM) (Source: Schedule) (User: )
    Description: Schedule error: 10044Initialize call failed, bailing out
    Error: (09/06/2012 11:02:10 PM) (Source: Schedule) (User: )
    Description: Schedule error: 10044Initialize call failed, bailing out
    Error: (09/06/2012 10:55:53 PM) (Source: Schedule) (User: )
    Description: Schedule error: 10044Initialize call failed, bailing out
    Error: (09/06/2012 10:11:37 PM) (Source: Schedule) (User: )
    Description: Schedule error: 10044Initialize call failed, bailing out
    Error: (09/06/2012 10:06:23 PM) (Source: Schedule) (User: )
    Description: Schedule error: 10044Initialize call failed, bailing out

    System errors:
    =============
    Error: (09/07/2012 08:28:29 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%10044
    Error: (09/07/2012 08:28:23 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%10044
    Error: (09/07/2012 08:28:21 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%10044
    Error: (09/07/2012 08:27:38 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%10044
    Error: (09/07/2012 08:27:22 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%10044
    Error: (09/07/2012 08:26:20 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%10044
    Error: (09/07/2012 08:26:14 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%10044
    Error: (09/07/2012 08:26:14 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%10044
    Error: (09/07/2012 08:26:12 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%10044
    Error: (09/07/2012 08:24:54 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%10044

    Microsoft Office Sessions:
    =========================
    Error: (09/07/2012 08:12:48 PM) (Source: Schedule)(User: )
    Description: Schedule error: 10044Initialize call failed, bailing out
    Error: (09/07/2012 08:08:37 PM) (Source: Schedule)(User: )
    Description: Schedule error: 10044Initialize call failed, bailing out
    Error: (09/07/2012 07:29:54 PM) (Source: Schedule)(User: )
    Description: Schedule error: 10044Initialize call failed, bailing out
    Error: (09/06/2012 11:38:48 PM) (Source: Schedule)(User: )
    Description: Schedule error: 10044Initialize call failed, bailing out
    Error: (09/06/2012 11:08:27 PM) (Source: Schedule)(User: )
    Description: Schedule error: 10044Initialize call failed, bailing out
    Error: (09/06/2012 11:05:03 PM) (Source: Schedule)(User: )
    Description: Schedule error: 10044Initialize call failed, bailing out
    Error: (09/06/2012 11:02:10 PM) (Source: Schedule)(User: )
    Description: Schedule error: 10044Initialize call failed, bailing out
    Error: (09/06/2012 10:55:53 PM) (Source: Schedule)(User: )
    Description: Schedule error: 10044Initialize call failed, bailing out
    Error: (09/06/2012 10:11:37 PM) (Source: Schedule)(User: )
    Description: Schedule error: 10044Initialize call failed, bailing out
    Error: (09/06/2012 10:06:23 PM) (Source: Schedule)(User: )
    Description: Schedule error: 10044Initialize call failed, bailing out

    ========================= Devices: ================================

    ========================= Memory info: ===================================
    Percentage of memory in use: 36%
    Total physical RAM: 2812.2 MB
    Available physical RAM: 1773.73 MB
    Total Pagefile: 5622.59 MB
    Available Pagefile: 4450.05 MB
    Total Virtual: 4095.88 MB
    Available Virtual: 3968.65 MB
    ========================= Partitions: =====================================
    1 Drive c: () (Fixed) (Total:219.07 GB) (Free:149.45 GB) NTFS
    2 Drive d: (RECOVERY) (Fixed) (Total:13.52 GB) (Free:2.24 GB) NTFS
    3 Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    5 Drive h: () (Removable) (Total:7.45 GB) (Free:7.36 GB) FAT32
    ========================= Users: ========================================
    User accounts for \\IDHUSSEYS-PC
    Administrator Guest IdHusseys

    **** End of log ****
  7. Broni

    Broni Malware Annihilator Posts: 45,296   +243

    Make sure, your settings are correct.
    1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
    2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
    3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
    4. For a wired network connection, right-click Local Area Connection, and then select Properties.
    For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
    5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
    6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
    7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:
    [​IMG]
    Make sure "DNS" tab looks like this:
    [​IMG]
    Make sure "WINS" tab looks like this:
    [​IMG]
    8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
    If you made any changes OK your way out.
    Restart computer.


    If that doesn't work...
    Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
    Reconnect everything.
    Restart computer.

    If that doesn't work, bypass router, and connect computer straight to the modem.

    If that doesn't work...
    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Restart computer.

    If that doesn't work...
    Go Start>Run (Start search in Vista and 7), type in:
    cmd
    Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

    At Command Prompt, type in:
    netsh int ip reset reset.log
    Hit Enter.
    Type in:
    netsh winsock reset catalog
    Hit Enter.

    Restart computer.
  8. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    Everything was fine except my LAN settings...so I checked that box. Then the troubleshooter for my WLAN (HP assistant) said:

    "Problems found

    Windows could not automatically detect this network's proxy settings."

    Trying your other solutions.
  9. Broni

    Broni Malware Annihilator Posts: 45,296   +243

    Go on...
  10. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    I skipped over the "directly connect to the internet/bypass modem" because my daughter is doing some college homework and gave me the evil eye last time I kicked her off, I'll come back to that if the rest doesn't work.

    So I went ahead with the CMD window.

    At the ipconfig /release the following error occurred:

    Windows IP Configuration

    No operation can be performed on Local Area Connection 2 while it has its media disconnected.
    An error occurred while releasing interface Wireless Network Connection : An address has not yet been associated with the network endpoint.

    No operation can be performed on Local Area Connection 2 while it has its media disconnected.

    Similarly at the ipconfig /renew command:

    Windows IP Configuration

    No operation can be performed on Local Area Connection 2 while it has its media disconnected.
    An error occurred while renewing interface Wireless Network Connection : The support for the specified socket type does not exist in this address family.

    No operation can be performed on Local Area Connection 2 while it has its media disconnected.

    Restarted and the WLAN troubleshooter says:

    Problems found

    Windows could not automatically detect this network's proxy settings.
  11. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    So I still have to circle back to trying a direct connection to the internet, bypassing the modem, but the final solution had a funny error:

    When I tried the "netsh int ip reset reset.log" it was "OK! OK! Restart the computer..."

    Then (before resetting) I did the netsh winsock reset catalog, and:

    Access is denied

    So I restarted, checked to see if I had a connection and still don't. Then ran the troubleshooter and it's still saying "Windows could not automatically detect this network's proxy settings" - and I still have "ghost" files (they're transparent on the desktop, hidden).

    Going to try a direct connection to the internet now, despite my daughter's evil eye.
  12. Broni

    Broni Malware Annihilator Posts: 45,296   +243

    Go on...
  13. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    I did connect directly to the internet via ethernet cable. Rebooted, re-ran troubleshooter since it didn't connect to the internet. Same error.

    Also, earlier from the CMD window, the "log" said it would be ready in 15 minutes (error log). Not sure if you want that or how to fetch it?
     
  14. Broni

    Broni Malware Annihilator Posts: 45,296   +243

    So you can connect while hardwired but not wirelessly?

    If so try to reinstall wireless adapter driver.
  15. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    I cannot connect either way.
  16. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    Would I simply go to the manufacturer's site and try to download the driver there, onto the thumb drive?
  17. Broni

    Broni Malware Annihilator Posts: 45,296   +243

    Download Windows Repair (all in one) from this site

    Install the program then run it.

    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    [​IMG]


    Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

    [​IMG]

    Click on box next to the Restart System when Finished. Then click on Start.
  18. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    OK, onto step 3 and was told it would "take some time" by the program. Will post when I'm done. Thanks.
  19. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    On the final step, watching it work - a LOT of "Failed" warnings, am I supposed to upload a log or anything? (It's still working presently, repair job 2 of 12.)
  20. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    Ran it, and it couldn't fix a lot of errors from what I was watching when it was running. But it restarted, and I still can't connect to the internet, and still have "Access Denied" files on the C: drive (Config.Msi, Documents and Settings, Recovery, System Volume Information).
  21. Broni

    Broni Malware Annihilator Posts: 45,296   +243

    It looks like your Windows installation is seriously corrupted.

    I think we may be facing Windows reinstallation.
  22. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    OK not ideal, I'm assuming I'll lose my current files? Not that it's your fault, but that's months of work down the drain and all my backup files for my websites...

    Would it help if I did the FRST scan using a 64-bit Windows 7 disc? I managed to get one from my brother.
  23. Broni

    Broni Malware Annihilator Posts: 45,296   +243

    You have to backup your files first but since you got 64-bit disk give me new FRST log.
  24. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    Farbar Recovery Scan Tool (x64) Version: 05-09-2012
    Ran by SYSTEM at 2012-09-08 14:02:21
    Running from H:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\ERDNT\cache64\services.exe
    [2011-06-16 12:35] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    ====== End Of Search ======

    Scan result of Farbar Recovery Scan Tool (x64) Version: 05-09-2012
    Ran by SYSTEM at 08-09-2012 14:00:35
    Running from H:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
    HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2399632 2011-04-13] (Microsoft Corporation)
    HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1860496 2011-04-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-08-04] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM-x32\...\Run: [SBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe" [3149704 2012-08-29] (GFI Software)
    HKU\IdHusseys\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2010-03-19] (Hewlett-Packard Company)
    HKU\IdHusseys\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17145992 2012-02-15] (Skype Technologies S.A.)
    HKU\IdHusseys\...\Run: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe [1975296 2011-11-17] (Alexander Nikiforov)
    Startup: C:\Users\IdHusseys\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    Startup: C:\Users\IdHusseys\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
    ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    ==================== Services ====================
    2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
    3 OpenVPNService; "C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe" [36352 2011-07-13] ()
    2 SBAMSvc; "C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe" [3677000 2012-08-29] (GFI Software)
    2 SBPIMSvc; "C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe" [175496 2012-08-29] (GFI Software)
    2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
    3 fsssvc; "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe" [x]
    ==================== Drivers =================================
    3 catchme; \??\C:\ComboFix\catchme.sys [x]
    3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
    3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
    ==================== NetSvcs (Whitelisted) =================

    ==================== One Month Created Files and Folders ======================
    2012-09-07 21:52 - 2012-09-07 21:52 - 00092928 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
    2012-09-07 21:49 - 2012-09-08 11:57 - 00131072 ____A C:\Windows\System32\Ikeext.etl
    2012-09-07 21:44 - 2008-05-07 21:03 - 00303616 ____A ( ) C:\SetACL.exe
    2012-09-07 21:31 - 2004-06-11 15:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
    2012-09-07 21:04 - 2012-09-07 21:04 - 00003304 ____N C:\bootsqm.dat
    2012-09-07 20:56 - 2012-09-07 21:48 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
    2012-09-07 20:55 - 2012-09-07 20:55 - 00002251 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
    2012-09-07 20:55 - 2012-09-07 20:55 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2012-09-07 20:55 - 2012-09-07 20:54 - 05313275 ____A C:\Users\IdHusseys\Desktop\tweaking.com_windows_repair_aio_setup.exe
    2012-09-07 19:33 - 2012-09-08 14:00 - 00000000 ____D C:\FRST
    2012-09-04 16:00 - 2012-09-04 16:02 - 00000000 ___SD C:\32788R22FWJFW
    2012-09-03 23:10 - 2012-09-03 23:10 - 00021485 ____A C:\ComboFix.txt
    2012-09-03 21:15 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-09-03 21:15 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-09-03 21:15 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-09-03 21:15 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-09-03 21:15 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-09-03 21:15 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2012-09-03 21:15 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-09-03 21:15 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2012-09-03 21:14 - 2012-09-03 23:10 - 00000000 ____D C:\ComboFix
    2012-09-03 21:13 - 2012-09-03 23:10 - 00000000 ____D C:\Qoobox
    2012-09-03 12:09 - 2012-09-03 12:09 - 02193345 ____A C:\Users\IdHusseys\Downloads\tdsskiller.zip
    2012-09-02 12:16 - 2012-09-02 12:18 - 00000000 ____D C:\Users\IdHusseys\Desktop\RK_Quarantine
    2012-09-01 17:49 - 2012-09-01 19:48 - 00607260 ____A (Swearware) C:\Users\IdHusseys\Desktop\dds.com
    2012-09-01 04:26 - 2012-09-01 04:26 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-01 04:26 - 2012-09-01 04:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-31 23:27 - 2012-08-31 23:27 - 00001975 ____A C:\Users\Public\Desktop\VIPRE.lnk
    2012-08-31 22:47 - 2012-08-31 22:47 - 00184231 ____A C:\Users\IdHusseys\Downloads\12-7-11_fakereanfix.zip
    2012-08-31 16:19 - 2012-08-31 16:19 - 00000093 ____A C:\Users\IdHusseys\AppData\Roaming\netstat.bat
    2012-08-31 13:57 - 2012-08-31 13:57 - 00058080 ____A C:\Users\IdHusseys\Desktop\Affmagic_08_29_2012.zip
    2012-08-30 22:39 - 2012-08-30 22:38 - 00080549 ____A C:\Users\IdHusseys\Desktop\lv.htm
    2012-08-30 20:12 - 2012-08-30 22:49 - 00001066 ____A C:\Users\IdHusseys\Desktop\Duct Tape SEO V2 2012 CopyCat SEO.txt
    2012-08-29 15:41 - 2012-08-29 15:41 - 00047496 ____A (GFI Software) C:\Windows\SysWOW64\sbbd.exe
    2012-08-29 14:28 - 2012-08-31 16:48 - 00000000 ____D C:\Users\IdHusseys\Downloads\www.curadebt.com (DTOX, 2012-08-29) - LinkResearchTools - OVERVIEW Percentages_files
    2012-08-29 14:28 - 2012-08-29 14:28 - 00282691 ___AH C:\Users\IdHusseys\Downloads\www.curadebt.com (DTOX, 2012-08-29) - LinkResearchTools - OVERVIEW Percentages.htm
    2012-08-27 20:46 - 2012-09-03 22:04 - 00000940 ____A C:\Windows\PFRO.log
    2012-08-27 14:52 - 2012-08-27 14:52 - 00000915 ____A C:\Users\IdHusseys\Desktop\Xenu.lnk
    2012-08-27 14:35 - 2012-08-27 14:36 - 00000308 ____A C:\Users\IdHusseys\Desktop\TO DO ON YOUR SITES.txt
    2012-08-26 17:25 - 2012-08-27 19:34 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-08-26 11:26 - 2012-08-26 11:26 - 00086816 ____A (GFI Software) C:\Windows\System32\Drivers\sbwtis.sys
    2012-08-25 02:21 - 2012-08-25 02:22 - 14690376 ____A (LastPass) C:\Users\IdHusseys\Downloads\lastpass_x64 (1).exe
    2012-08-25 02:20 - 2012-08-25 02:20 - 00002392 ____A C:\Users\IdHusseys\Desktop\Google Chrome.lnk
    2012-08-25 02:19 - 2012-09-03 17:44 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3455346300-1148100813-3106168065-1000UA.job
    2012-08-25 02:19 - 2012-09-01 02:34 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3455346300-1148100813-3106168065-1000Core.job
    2012-08-24 22:57 - 2012-08-30 03:28 - 00000000 ___HD C:\Users\IdHusseys\Documents\Magic Rank Tracker Reports
    2012-08-23 21:34 - 2012-08-23 21:34 - 14790243 ____A (Jayson Yanuaria ) C:\Program Files (x86)\SERPAttacks_Video.exe
    2012-08-23 21:22 - 2012-08-31 16:51 - 00000000 ____D C:\Program Files (x86)\Market Samurai
    2012-08-23 21:22 - 2012-08-31 16:37 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
    2012-08-23 21:22 - 2012-08-31 16:37 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
    2012-08-23 19:36 - 2012-08-23 19:39 - 20348849 ____A C:\Program Files (x86)\Sun_ODF_Template_Pack2_en-US.oxt
    2012-08-23 19:32 - 2012-08-23 19:38 - 135933721 ____A C:\Program Files (x86)\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe
    2012-08-22 16:56 - 2012-08-22 16:56 - 00001948 ____A C:\Users\Public\Desktop\A1 Keyword Research 4.lnk
    2012-08-22 01:05 - 2012-08-22 01:05 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-22 01:05 - 2012-08-22 01:05 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-22 00:09 - 2012-08-22 00:10 - 00000929 ____A C:\Users\IdHusseys\Desktop\LYNX.lnk
    2012-08-22 00:08 - 2012-08-31 16:51 - 00000000 ____D C:\lynx_w32
    2012-08-21 21:10 - 2012-08-31 16:52 - 00000000 ____D C:\Users\IdHusseys\Desktop\lynx2-8-7
    2012-08-20 02:38 - 2012-09-08 11:56 - 00003874 ____A C:\Windows\setupact.log
    2012-08-20 02:38 - 2012-08-20 02:38 - 00000000 ____A C:\Windows\setuperr.log
    2012-08-16 11:13 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-16 11:13 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-16 11:13 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-16 11:13 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-16 11:13 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-16 11:13 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-16 11:13 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-16 11:13 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-16 11:13 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-16 11:13 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-16 11:13 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-16 11:13 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-16 11:13 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-16 11:13 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-16 11:13 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-16 11:13 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-16 11:13 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-16 11:13 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-16 11:13 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-16 11:13 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-16 11:13 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-16 11:13 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-16 11:13 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-16 11:13 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-16 11:13 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-16 11:13 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-16 11:13 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-16 11:13 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-15 10:28 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-08-15 10:28 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-08-15 10:28 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-08-15 10:28 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-08-15 10:28 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-08-15 10:28 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-08-15 10:28 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
    2012-08-15 10:28 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2012-08-15 10:28 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2012-08-15 10:28 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2012-08-15 10:28 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
    2012-08-15 10:28 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
    2012-08-15 10:28 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2012-08-14 14:24 - 2012-08-23 13:23 - 15428440 ____A (Adobe Systems Inc.) C:\Program Files (x86)\AdobeAIRInstaller.exe
    2012-08-14 13:49 - 2012-08-14 13:49 - 00000000 ___HD C:\Users\IdHusseys\AppData\Local\{136E17CE-9D8C-4576-B5FB-9FD9476CEE7D}
    2012-08-13 11:53 - 2012-08-13 11:54 - 00000000 ___HD C:\Users\IdHusseys\AppData\Local\{22CFA543-8BC0-487D-B925-78E6564E6786}
    2012-08-11 13:18 - 2012-08-31 16:39 - 00000000 ____D C:\Users\IdHusseys\Documents\Microsys
    2012-08-11 13:18 - 2012-08-22 16:56 - 00000000 ___HD C:\Users\IdHusseys\AppData\Roaming\Microsys
    2012-08-11 13:18 - 2012-08-11 13:18 - 00001957 ____A C:\Users\Public\Desktop\A1 Website Analyzer 4.lnk
    2012-08-11 13:17 - 2012-08-31 16:33 - 00000000 ____D C:\Program Files\Microsys
    2012-08-09 12:55 - 1997-06-06 13:52 - 00011264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SPORDER.DLL

    ==================== 3 Months Modified Files ================================
    2012-09-08 11:57 - 2012-09-07 21:49 - 00131072 ____A C:\Windows\System32\Ikeext.etl
    2012-09-08 11:57 - 2009-07-13 21:08 - 00032582 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-09-08 11:57 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-08 11:57 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-08 11:57 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-08 11:56 - 2012-08-20 02:38 - 00003874 ____A C:\Windows\setupact.log
    2012-09-08 11:56 - 2009-12-21 00:30 - 01827493 ____A C:\Windows\WindowsUpdate.log
    2012-09-07 21:57 - 2009-07-13 21:13 - 00782480 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-07 21:52 - 2012-09-07 21:52 - 00092928 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
    2012-09-07 21:52 - 2012-09-07 21:52 - 00092928 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
    2012-09-07 21:49 - 2009-07-13 20:45 - 00377688 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-09-07 21:48 - 2012-09-07 20:56 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
    2012-09-07 21:46 - 2010-06-06 13:21 - 00782480 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-09-07 21:04 - 2012-09-07 21:04 - 00003304 ____N C:\bootsqm.dat
    2012-09-07 20:55 - 2012-09-07 20:55 - 00002251 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
    2012-09-07 20:54 - 2012-09-07 20:55 - 05313275 ____A C:\Users\IdHusseys\Desktop\tweaking.com_windows_repair_aio_setup.exe
    2012-09-03 23:10 - 2012-09-03 23:10 - 00021485 ____A C:\ComboFix.txt
    2012-09-03 22:50 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2012-09-03 22:04 - 2012-08-27 20:46 - 00000940 ____A C:\Windows\PFRO.log
    2012-09-03 17:44 - 2012-08-25 02:19 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3455346300-1148100813-3106168065-1000UA.job
    2012-09-03 12:09 - 2012-09-03 12:09 - 02193345 ____A C:\Users\IdHusseys\Downloads\tdsskiller.zip
    2012-09-01 19:48 - 2012-09-01 17:49 - 00607260 ____A (Swearware) C:\Users\IdHusseys\Desktop\dds.com
    2012-09-01 04:26 - 2012-09-01 04:26 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-01 02:34 - 2012-08-25 02:19 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3455346300-1148100813-3106168065-1000Core.job
    2012-08-31 23:27 - 2012-08-31 23:27 - 00001975 ____A C:\Users\Public\Desktop\VIPRE.lnk
    2012-08-31 22:47 - 2012-08-31 22:47 - 00184231 ____A C:\Users\IdHusseys\Downloads\12-7-11_fakereanfix.zip
    2012-08-31 16:19 - 2012-08-31 16:19 - 00000093 ____A C:\Users\IdHusseys\AppData\Roaming\netstat.bat
    2012-08-31 13:57 - 2012-08-31 13:57 - 00058080 ____A C:\Users\IdHusseys\Desktop\Affmagic_08_29_2012.zip
    2012-08-30 22:49 - 2012-08-30 20:12 - 00001066 ____A C:\Users\IdHusseys\Desktop\Duct Tape SEO V2 2012 CopyCat SEO.txt
    2012-08-30 22:38 - 2012-08-30 22:39 - 00080549 ____A C:\Users\IdHusseys\Desktop\lv.htm
    2012-08-29 15:41 - 2012-08-29 15:41 - 00047496 ____A (GFI Software) C:\Windows\SysWOW64\sbbd.exe
    2012-08-29 15:41 - 2010-04-17 08:15 - 00047496 ____A (GFI Software) C:\Windows\System32\sbbd.exe
    2012-08-29 14:28 - 2012-08-29 14:28 - 00282691 ___AH C:\Users\IdHusseys\Downloads\www.curadebt.com (DTOX, 2012-08-29) - LinkResearchTools - OVERVIEW Percentages.htm
    2012-08-27 19:34 - 2012-08-26 17:25 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-08-27 19:34 - 2011-10-21 16:50 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-08-27 14:52 - 2012-08-27 14:52 - 00000915 ____A C:\Users\IdHusseys\Desktop\Xenu.lnk
    2012-08-27 14:36 - 2012-08-27 14:35 - 00000308 ____A C:\Users\IdHusseys\Desktop\TO DO ON YOUR SITES.txt
    2012-08-26 11:26 - 2012-08-26 11:26 - 00086816 ____A (GFI Software) C:\Windows\System32\Drivers\sbwtis.sys
    2012-08-25 18:31 - 2010-07-15 11:12 - 00579257 ____A C:\Users\IdHusseys\.ranktracker.properties
    2012-08-25 02:51 - 2011-07-06 11:37 - 00001192 ____A C:\Users\Public\Desktop\My LastPass Vault.lnk
    2012-08-25 02:22 - 2012-08-25 02:21 - 14690376 ____A (LastPass) C:\Users\IdHusseys\Downloads\lastpass_x64 (1).exe
    2012-08-25 02:20 - 2012-08-25 02:20 - 00002392 ____A C:\Users\IdHusseys\Desktop\Google Chrome.lnk
    2012-08-24 14:38 - 2010-07-24 14:55 - 04159475 ____A C:\Users\IdHusseys\.websiteauditor.properties
    2012-08-24 01:02 - 2012-06-17 17:22 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-08-24 01:02 - 2010-04-15 20:03 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-08-23 21:34 - 2012-08-23 21:34 - 14790243 ____A (Jayson Yanuaria ) C:\Program Files (x86)\SERPAttacks_Video.exe
    2012-08-23 21:31 - 2010-04-10 12:39 - 00092928 ___AH C:\Users\IdHusseys\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-08-23 19:39 - 2012-08-23 19:36 - 20348849 ____A C:\Program Files (x86)\Sun_ODF_Template_Pack2_en-US.oxt
    2012-08-23 19:38 - 2012-08-23 19:32 - 135933721 ____A C:\Program Files (x86)\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe
    2012-08-23 15:24 - 2011-04-19 14:42 - 00165516 ___AH C:\Windows\SysWOW64\mlfcache.dat
    2012-08-23 13:23 - 2012-08-14 14:24 - 15428440 ____A (Adobe Systems Inc.) C:\Program Files (x86)\AdobeAIRInstaller.exe
    2012-08-22 16:56 - 2012-08-22 16:56 - 00001948 ____A C:\Users\Public\Desktop\A1 Keyword Research 4.lnk
    2012-08-22 01:05 - 2012-08-22 01:05 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-22 01:05 - 2012-08-22 01:05 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-22 00:10 - 2012-08-22 00:09 - 00000929 ____A C:\Users\IdHusseys\Desktop\LYNX.lnk
    2012-08-20 02:38 - 2012-08-20 02:38 - 00000000 ____A C:\Windows\setuperr.log
    2012-08-20 02:37 - 2012-03-07 02:20 - 00000498 ____A C:\Windows\SysWOW64\CountScans.XML
    2012-08-20 02:31 - 2011-01-17 23:49 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-08-16 14:46 - 2010-07-15 23:27 - 00532409 ____A C:\Users\IdHusseys\.linkassistant.properties
    2012-08-16 11:07 - 2010-04-11 14:46 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-08-12 14:58 - 2010-10-12 08:19 - 00000348 ____A C:\Windows\Tasks\HPCeeScheduleForIdHusseys.job
    2012-08-11 13:18 - 2012-08-11 13:18 - 00001957 ____A C:\Users\Public\Desktop\A1 Website Analyzer 4.lnk
    2012-08-02 15:31 - 2010-07-25 23:05 - 00638358 ____A C:\Users\IdHusseys\.spyglass.properties
    2012-08-01 18:33 - 2012-08-01 18:33 - 00005477 ___AH C:\Users\IdHusseys\.recently-used.xbel
    2012-08-01 12:36 - 2012-08-01 12:36 - 00082872 ____A (GFI Software) C:\Windows\System32\Drivers\sbapifs.sys
    2012-07-18 10:15 - 2012-08-15 10:28 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-09 18:15 - 2012-07-09 17:34 - 00000131 ____A C:\Users\IdHusseys\Desktop\Job Search Passwords.txt
    2012-07-04 14:16 - 2012-08-15 10:28 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-07-04 14:13 - 2012-08-15 10:28 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-07-04 14:13 - 2012-08-15 10:28 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-07-04 13:16 - 2012-08-15 10:28 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-07-04 13:14 - 2012-08-15 10:28 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-06-28 20:55 - 2012-08-16 11:13 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-28 20:09 - 2012-08-16 11:13 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-28 19:56 - 2012-08-16 11:13 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-28 19:49 - 2012-08-16 11:13 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-28 19:49 - 2012-08-16 11:13 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-28 19:48 - 2012-08-16 11:13 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-28 19:47 - 2012-08-16 11:13 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-28 19:45 - 2012-08-16 11:13 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-28 19:44 - 2012-08-16 11:13 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-28 19:43 - 2012-08-16 11:13 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-28 19:42 - 2012-08-16 11:13 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-28 19:40 - 2012-08-16 11:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-28 19:39 - 2012-08-16 11:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-28 19:35 - 2012-08-16 11:13 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-28 16:52 - 2012-08-16 11:13 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-28 16:27 - 2012-08-16 11:13 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-28 16:16 - 2012-08-16 11:13 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-28 16:09 - 2012-08-16 11:13 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-28 16:09 - 2012-08-16 11:13 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-28 16:08 - 2012-08-16 11:13 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-28 16:07 - 2012-08-16 11:13 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-28 16:06 - 2012-08-16 11:13 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-28 16:04 - 2012-08-16 11:13 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-28 16:04 - 2012-08-16 11:13 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-28 16:01 - 2012-08-16 11:13 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-28 16:01 - 2012-08-16 11:13 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-28 16:00 - 2012-08-16 11:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-28 15:57 - 2012-08-16 11:13 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-26 11:53 - 2012-06-26 11:53 - 04518720 ____A (FileZilla Project) C:\Users\IdHusseys\Downloads\FileZilla_3.5.3_win32-setup.exe
    2012-06-26 11:53 - 2012-06-26 11:53 - 00001964 ____A C:\Users\Public\Desktop\FileZilla Client.lnk
    2012-06-22 21:16 - 2012-06-22 15:44 - 00011183 ____A C:\Users\IdHusseys\Desktop\Penguin Part 3 Post.txt
    2012-06-20 22:49 - 2012-06-20 22:49 - 00003638 ____A C:\Users\IdHusseys\Desktop\object-cache.php
    2012-06-20 22:48 - 2012-06-20 22:48 - 00001316 ____A C:\Users\IdHusseys\Desktop\db.php
    2012-06-20 19:27 - 2012-06-20 16:51 - 00001023 ____A C:\Users\IdHusseys\Desktop\Flipping My Sites Evaluation.txt
    2012-06-16 01:41 - 2012-06-16 01:41 - 00000088 ___AH C:\Users\IdHusseys\.95d691779473f3e03bc4b4e56319d74c.key
    2012-06-16 01:32 - 2012-06-16 01:32 - 02271405 ___AH C:\Users\IdHusseys\Downloads\LongTailProTrial (1).zip
    2012-06-16 01:28 - 2012-06-16 01:28 - 02271405 ___AH C:\Users\IdHusseys\Downloads\LongTailProTrial.zip
    2012-06-15 22:45 - 2012-06-15 19:05 - 00012666 ____A C:\Users\IdHusseys\Desktop\Pand Recovery Part 2 Income Diversification.txt
    2012-06-13 14:29 - 2012-06-13 14:29 - 00290432 ___AH C:\Users\IdHusseys\Downloads\cj_tactics-getresponse-3-16-12.csv

    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-08-29 20:32:41
    Restore point made on: 2012-08-30 11:31:10
    Restore point made on: 2012-08-31 15:36:56
    Restore point made on: 2012-08-31 17:32:35
    Restore point made on: 2012-08-31 17:34:57
    Restore point made on: 2012-08-31 17:44:11
    Restore point made on: 2012-08-31 17:45:13
    Restore point made on: 2012-08-31 17:46:07
    Restore point made on: 2012-08-31 17:46:48
    Restore point made on: 2012-08-31 17:51:44
    Restore point made on: 2012-09-07 21:30:17
    ==================== Memory info ===========================
    Percentage of memory in use: 20%
    Total physical RAM: 2812.2 MB
    Available physical RAM: 2243.97 MB
    Total Pagefile: 2810.35 MB
    Available Pagefile: 2239.57 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB
    ==================== Partitions ============================
    1 Drive c: () (Fixed) (Total:219.07 GB) (Free:154.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (RECOVERY) (Fixed) (Total:13.52 GB) (Free:2.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    5 Drive h: () (Removable) (Total:7.45 GB) (Free:7.36 GB) FAT32
    6 Drive I: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
    7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 232 GB 0 B
    Disk 1 Online 7633 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 219 GB 200 MB
    Partition 3 Primary 13 GB 219 GB
    Partition 4 Primary 103 MB 232 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 Y SYSTEM NTFS Partition 199 MB Healthy
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C NTFS Partition 219 GB Healthy
    ==================================================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 E RECOVERY NTFS Partition 13 GB Healthy
    ==================================================================================
    Disk: 0
    Partition 4
    Type : 0C
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 F HP_TOOLS FAT32 Partition 103 MB Healthy
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7633 MB 16 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 H FAT32 Removable 7633 MB Healthy
    ==================================================================================
    Last Boot: 2012-08-27 07:39
    ==================== End Of Log =============================
  25. Broni

    Broni Malware Annihilator Posts: 45,296   +243

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Restart normally and see if you have your connection back.

    Attached Files:



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.