Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91983 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Driverwhiz.exe virus [Solved]


  • This topic is locked This topic is locked
50 replies to this topic

#16 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 13 January 2014 - 11:32 PM

Hi mikej62,

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
 
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] shell32.dll ATTENTION! ====> ZeroAccess/Alureon?
C:\RECYCLER\S-1-5-21-1214440339-1614895754-725345543-1003\$142e8fc1cdeb2027af6c9d8d24fdebc2
URLSearchHook: HKCU - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} -  No File
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

In your next post please provide the following:
  • Fixlog.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#17 mikej62

mikej62

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 14 January 2014 - 12:32 PM

My computer randomly shuts down like once or twice per day. Is that usually caused by a virus? This happens even though I've used different outlets and power cords.  

 

log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-01-2014 01
Ran by Nashih at 2014-01-14 13:31:15 Run:1
Running from C:\Documents and Settings\Nashih\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] shell32.dll ATTENTION! ====> ZeroAccess/Alureon?
C:\RECYCLER\S-1-5-21-1214440339-1614895754-725345543-1003\$142e8fc1cdeb2027af6c9d8d24fdebc2
URLSearchHook: HKCU - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} -  No File
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
*****************
 
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key not found.
"C:\RECYCLER\S-1-5-21-1214440339-1614895754-725345543-1003\$142e8fc1cdeb2027af6c9d8d24fdebc2" => File/Directory not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
 
==== End of Fixlog ====


#18 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 14 January 2014 - 06:25 PM

Hi mikej62,
 

My computer randomly shuts down like once or twice per day. Is that usually caused by a virus? This happens even though I've used different outlets and power cords.


It can be caused by a virus, but I can't confirm that is the case at this point. It should have little to do with your outlet/power cord set-up.

=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================

bullseye_zpse9eaf36e.gif chkdsk scan
  • Click Start and My Computer.
  • Right-click the hard drive you want to check, and click Properties.
  • Select the Tools tab in the Error Checking section click Check Now. Check both boxes. Click Start.
    • You'll get a message that the computer must be rebooted to run a complete check.
  • Click Yes and reboot. Chkdsk will take a while, so run it when you don't need to use the computer for something else.
bullseye_zpse9eaf36e.gif To view results log:
  • Go to Start - Run and type in eventvwr.msc, and hit enter.
  • When Event Viewer opens, click on "Application", then scroll down to "Winlogon" and double-click on it to open it up.
  • This is the log created after running chkdsk. Click on the icon that looks like two pieces of paper to copy it and then paste it here please.
=========================

In your next post please provide the following:
  • FRST.txt
  • chkdsk log

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#19 mikej62

mikej62

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 15 January 2014 - 09:53 AM

frst log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2014 01
Ran by Nashih (administrator) on HOME-7992934537 on 15-01-2014 09:40:51
Running from C:\Documents and Settings\Nashih\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

ATTENTION: If processes are not listed WMI should be repaired.


==================== Processes (Whitelisted) ===================



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [16125440 2007-02-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] - C:\Windows\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Samsung PanelMgr] - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [536576 2008-08-13] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-09] (Nero AG)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-04-27] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [ICF] - C:\Program Files\Internet Content Filter\mfp.exe [1280016 2010-03-09] (McAfee, Inc.)
HKLM\...\Run: [SpySweeper] - C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [6156336 2011-04-05] (Webroot Software, Inc.)
HKLM\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2007-03-12] (Nero AG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default
FF user.js: detected! => C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=
FF NetworkProxy: "http", "68.71.76.242"
FF NetworkProxy: "http_port", 8082
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll ()
FF Plugin: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\Nashih\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.17 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\Nashih\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\searchplugins\web-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
FF Extension: iMacros for Firefox - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2013-12-23]
FF Extension: Adobe DLM (powered by getPlus®) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009-11-04]
FF Extension: Clear Form History - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{1e0fd655-5aea-4b4c-a583-f76ef1e3af9c}.xpi [2013-11-20]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-01-13]
FF HKLM\...\Firefox\Extensions: [fbphotozoom@installdaddy.com] - C:\Program Files\fbphotozoom\fbphotozoom15.xpi
FF Extension: FBPhotoZoom - C:\Program Files\fbphotozoom\fbphotozoom15.xpi [2012-03-24]
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Documents and Settings\Nashih\Application Data\Move Networks
FF Extension: No Name - C:\Documents and Settings\Nashih\Application Data\Move Networks [2009-11-07]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (getPlusPlus for Adobe 16248) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Move Streaming Media Player) - C:\Documents and Settings\Nashih\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (FBPHOTOZOOM) - C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\3.0_0 [2014-01-07]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2014-01-07]
CHR HKLM\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files\fbphotozoom\fbphotozoom15.crx [2012-03-24]

========================== Services (Whitelisted) =================

S4 Alerter; C:\Windows\system32\alrsvc.dll [17408 2008-04-13] ()
S3 Dot3svc; C:\Windows\System32\dot3svc.dll [132096 2008-04-13] ()
R2 fpUpdateSvc; C:\Program Files\Internet Content Filter\UpdateService.exe [235024 2010-03-09] (McAfee, Inc.)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-09-23] (NOS Microsystems Ltd.)
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-11-10] (Sun Microsystems, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 WebrootSpySweeperService; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [4048256 2011-03-22] (Webroot Software, Inc. (www.webroot.com))
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] ()
R2 WRConsumerService; C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [1201656 2011-07-03] (Webroot Software, Inc. )
S3 Roxio UPnP Renderer 11; "C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe" [x]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-03] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-11] ()
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-21] (CACE Technologies, Inc.)
R0 nvata; C:\Windows\System32\DRIVERS\nvata.sys [105472 2006-10-17] (NVIDIA Corporation)
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [57856 2006-09-27] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [19968 2006-09-27] (NVIDIA Corporation)
S0 sr; C:\Windows\System32\DRIVERS\sr.sys [73472 2008-04-13] ()
R0 ssfs0bbc; C:\Windows\System32\DRIVERS\ssfs0bbc.sys [29832 2011-03-22] (Webroot Software, Inc. (www.webroot.com))
R0 sshrmd; C:\Windows\System32\DRIVERS\sshrmd.sys [23176 2011-03-22] (Webroot Software, Inc. (www.webroot.com))
R0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [176776 2011-03-22] (Webroot Software, Inc. (www.webroot.com))
S3 WISTechVIDCAP; C:\Windows\System32\drivers\Xstream.sys [118400 2004-09-03] (Plextor Corp.)
S1 WS2IFSL; C:\Windows\System32\drivers\ws2ifsl.sys [12032 2004-08-03] ()
S3 WudfRd; C:\Windows\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] ()
S3 XLoader; C:\Windows\System32\Drivers\XLoader.sys [13184 2004-09-03] (Plextor Corp.)
S3 catchme; \??\C:\DOCUME~1\Nashih\LOCALS~1\Temp\catchme.sys [x]
S3 cpuz132; \??\C:\DOCUME~1\Nashih\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-15 09:40 - 2014-01-15 09:41 - 00016907 _____ C:\Documents and Settings\Nashih\Desktop\FRST.txt
2014-01-15 09:40 - 2014-01-15 09:40 - 00000000 ____D C:\Documents and Settings\Nashih\Desktop\FRST-OlderVersion
2014-01-14 15:15 - 2014-01-14 15:15 - 00000352 _____ C:\Documents and Settings\Nashih\Desktop\sediag.txt
2014-01-14 14:24 - 2014-01-14 15:49 - 00011627 _____ C:\Documents and Settings\Nashih\My Documents\score.xlsx
2014-01-14 14:24 - 2014-01-14 14:24 - 00000165 ____H C:\Documents and Settings\Nashih\My Documents\~$score.xlsx
2014-01-14 13:30 - 2014-01-15 09:40 - 01220608 _____ (Farbar) C:\Documents and Settings\Nashih\Desktop\FRST.exe
2014-01-13 18:03 - 2014-01-13 18:03 - 00987410 _____ C:\Documents and Settings\Nashih\Desktop\SecurityCheck.exe
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Program Files\VS Revo Group
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Documents and Settings\Nashih\Local Settings\Application Data\VS Revo Group
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\VS Revo Group
2014-01-13 16:42 - 2009-12-30 10:20 - 00027064 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2014-01-13 16:41 - 2014-01-13 16:42 - 10619688 _____ (VS Revo Group                                               ) C:\Documents and Settings\Nashih\Desktop\RevoUninProSetup.exe
2014-01-13 12:07 - 2014-01-13 12:07 - 00009669 _____ C:\ComboFix.txt
2014-01-13 12:00 - 2014-01-13 12:01 - 05166068 ____R (Swearware) C:\Documents and Settings\Nashih\Desktop\ComboFix.exe
2014-01-12 14:42 - 2014-01-12 14:42 - 00000663 _____ C:\Documents and Settings\Nashih\Desktop\Shortcut to ComboFix.exe.lnk
2014-01-12 14:42 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2014-01-12 14:42 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2014-01-12 14:42 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-01-12 14:42 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-01-12 14:42 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-01-12 14:42 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-01-12 14:42 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2014-01-12 14:42 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2014-01-12 14:42 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2014-01-12 14:41 - 2014-01-13 12:07 - 00000000 ____D C:\Qoobox
2014-01-10 14:21 - 2014-01-15 09:40 - 00000000 ____D C:\FRST
2014-01-08 16:14 - 2014-01-08 16:14 - 00000499 _____ C:\Documents and Settings\Nashih\Desktop\MBR.zip
2014-01-08 16:13 - 2014-01-08 16:13 - 00002007 _____ C:\Documents and Settings\Nashih\Desktop\aswMBR.txt
2014-01-08 16:13 - 2014-01-08 16:13 - 00000512 _____ C:\Documents and Settings\Nashih\Desktop\MBR.dat
2014-01-07 13:13 - 2014-01-09 15:19 - 00012242 ____H C:\Documents and Settings\Nashih\My Documents\~WRL0003.tmp
2014-01-05 15:25 - 2014-01-05 15:25 - 00000000 ____D C:\Documents and Settings\Nashih\My Documents\New Folder (2)
2014-01-03 22:26 - 2014-01-03 22:26 - 00039823 _____ C:\Documents and Settings\Nashih\My Documents\Book11.xlsx
2013-12-31 11:04 - 2013-12-31 11:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-23 14:07 - 2013-12-23 14:08 - 00012685 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-23 14:07 - 2013-12-23 14:07 - 00005000 _____ C:\WINDOWS\KB2904266.log
2013-12-23 14:07 - 2013-12-23 14:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-23 14:07 - 2013-12-23 14:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-23 14:04 - 2013-12-23 14:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-23 14:03 - 2013-12-23 14:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-23 14:03 - 2013-12-23 14:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-18 13:45 - 2013-12-23 14:07 - 00011252 _____ C:\WINDOWS\KB2898715.log
2013-12-18 13:45 - 2013-12-23 14:04 - 00010089 _____ C:\WINDOWS\KB2893294.log
2013-12-18 13:45 - 2013-12-23 14:03 - 00010788 _____ C:\WINDOWS\KB2893984.log
2013-12-18 13:45 - 2013-12-23 14:03 - 00009292 _____ C:\WINDOWS\KB2892075.log

==================== One Month Modified Files and Folders =======

2014-01-15 09:41 - 2014-01-15 09:40 - 00016907 _____ C:\Documents and Settings\Nashih\Desktop\FRST.txt
2014-01-15 09:40 - 2014-01-15 09:40 - 00000000 ____D C:\Documents and Settings\Nashih\Desktop\FRST-OlderVersion
2014-01-15 09:40 - 2014-01-14 13:30 - 01220608 _____ (Farbar) C:\Documents and Settings\Nashih\Desktop\FRST.exe
2014-01-15 09:40 - 2014-01-10 14:21 - 00000000 ____D C:\FRST
2014-01-15 09:32 - 2012-06-05 00:21 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-15 09:23 - 2012-08-11 12:24 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-15 09:00 - 2009-10-06 21:01 - 01177243 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-15 08:49 - 2012-08-11 12:24 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-15 08:49 - 2009-10-06 21:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-15 08:49 - 2009-10-06 16:55 - 00000159 ____C C:\WINDOWS\wiadebug.log
2014-01-15 08:49 - 2009-10-06 16:55 - 00000049 ____C C:\WINDOWS\wiaservc.log
2014-01-14 19:17 - 2009-10-06 21:06 - 00000178 __SHC C:\Documents and Settings\Nashih\ntuser.ini
2014-01-14 19:17 - 2009-10-06 21:05 - 00032586 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-14 18:28 - 2012-10-27 19:14 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-01-14 15:49 - 2014-01-14 14:24 - 00011627 _____ C:\Documents and Settings\Nashih\My Documents\score.xlsx
2014-01-14 15:37 - 2009-10-14 15:24 - 00002473 _____ C:\Documents and Settings\Nashih\Desktop\Microsoft Office Excel 2007.lnk
2014-01-14 15:15 - 2014-01-14 15:15 - 00000352 _____ C:\Documents and Settings\Nashih\Desktop\sediag.txt
2014-01-14 14:24 - 2014-01-14 14:24 - 00000165 ____H C:\Documents and Settings\Nashih\My Documents\~$score.xlsx
2014-01-14 11:46 - 2009-10-06 21:05 - 00000000 __SHD C:\Documents and Settings\NetworkService
2014-01-13 18:03 - 2014-01-13 18:03 - 00987410 _____ C:\Documents and Settings\Nashih\Desktop\SecurityCheck.exe
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Program Files\VS Revo Group
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Documents and Settings\Nashih\Local Settings\Application Data\VS Revo Group
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\VS Revo Group
2014-01-13 16:42 - 2014-01-13 16:41 - 10619688 _____ (VS Revo Group                                               ) C:\Documents and Settings\Nashih\Desktop\RevoUninProSetup.exe
2014-01-13 16:42 - 2009-10-06 16:53 - 00586881 ____C C:\WINDOWS\setupapi.log
2014-01-13 12:07 - 2014-01-13 12:07 - 00009669 _____ C:\ComboFix.txt
2014-01-13 12:07 - 2014-01-12 14:41 - 00000000 ____D C:\Qoobox
2014-01-13 12:06 - 2004-08-03 20:07 - 00000227 _____ C:\WINDOWS\system.ini
2014-01-13 12:01 - 2014-01-13 12:00 - 05166068 ____R (Swearware) C:\Documents and Settings\Nashih\Desktop\ComboFix.exe
2014-01-12 14:57 - 2009-10-06 16:54 - 00515094 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-12 14:52 - 2009-10-06 16:52 - 40108032 _____ C:\WINDOWS\system32\config\software.bak
2014-01-12 14:52 - 2009-10-06 16:52 - 08388608 _____ C:\WINDOWS\system32\config\system.bak
2014-01-12 14:52 - 2009-10-06 16:52 - 00524288 _____ C:\WINDOWS\system32\config\default.bak
2014-01-12 14:52 - 2009-10-06 16:52 - 00057344 _____ C:\WINDOWS\system32\config\SECURITY.bak
2014-01-12 14:52 - 2009-10-06 16:52 - 00024576 _____ C:\WINDOWS\system32\config\SAM.bak
2014-01-12 14:51 - 2011-12-28 16:11 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-01-12 14:51 - 2011-12-27 18:50 - 00000000 ____D C:\WINDOWS\ERDNT
2014-01-12 14:42 - 2014-01-12 14:42 - 00000663 _____ C:\Documents and Settings\Nashih\Desktop\Shortcut to ComboFix.exe.lnk
2014-01-10 10:38 - 2004-08-03 20:07 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-09 16:34 - 2009-10-06 21:06 - 00000000 ____D C:\Documents and Settings\Nashih
2014-01-09 15:19 - 2014-01-07 13:13 - 00012242 ____H C:\Documents and Settings\Nashih\My Documents\~WRL0003.tmp
2014-01-08 16:14 - 2014-01-08 16:14 - 00000499 _____ C:\Documents and Settings\Nashih\Desktop\MBR.zip
2014-01-08 16:13 - 2014-01-08 16:13 - 00002007 _____ C:\Documents and Settings\Nashih\Desktop\aswMBR.txt
2014-01-08 16:13 - 2014-01-08 16:13 - 00000512 _____ C:\Documents and Settings\Nashih\Desktop\MBR.dat
2014-01-05 15:25 - 2014-01-05 15:25 - 00000000 ____D C:\Documents and Settings\Nashih\My Documents\New Folder (2)
2014-01-03 22:26 - 2014-01-03 22:26 - 00039823 _____ C:\Documents and Settings\Nashih\My Documents\Book11.xlsx
2014-01-01 11:33 - 2012-05-06 12:45 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-31 11:05 - 2013-12-31 11:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-23 14:30 - 2011-09-14 15:53 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-23 14:14 - 2009-10-06 16:52 - 00291680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-23 14:08 - 2013-12-23 14:07 - 00012685 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-23 14:08 - 2009-10-06 16:54 - 00704065 ____C C:\WINDOWS\ocgen.log
2013-12-23 14:07 - 2013-12-23 14:07 - 00005000 _____ C:\WINDOWS\KB2904266.log
2013-12-23 14:07 - 2013-12-23 14:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-23 14:07 - 2013-12-23 14:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-23 14:07 - 2013-12-18 13:45 - 00011252 _____ C:\WINDOWS\KB2898715.log
2013-12-23 14:07 - 2013-08-26 02:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-23 14:07 - 2009-10-07 20:15 - 00055518 ____C C:\WINDOWS\system32\TZLog.log
2013-12-23 14:07 - 2009-10-07 19:15 - 00038737 ____C C:\WINDOWS\updspapi.log
2013-12-23 14:04 - 2013-12-23 14:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-23 14:04 - 2013-12-18 13:45 - 00010089 _____ C:\WINDOWS\KB2893294.log
2013-12-23 14:04 - 2009-10-07 19:31 - 88123800 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-23 14:03 - 2013-12-23 14:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-23 14:03 - 2013-12-23 14:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-23 14:03 - 2013-12-18 13:45 - 00010788 _____ C:\WINDOWS\KB2893984.log
2013-12-23 14:03 - 2013-12-18 13:45 - 00009292 _____ C:\WINDOWS\KB2892075.log
2013-12-18 13:14 - 2012-08-06 19:46 - 00000000 ____D C:\Documents and Settings\Nashih\Desktop\Samir

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

When I click on the icon with two papers, it does nothing. Nothing is popping up. Here is the text in the description box of winlogon:

 

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         
Cleaning up minor inconsistencies on the drive.
Cleaning up 246 unused index entries from index $SII of file 0x9.
Cleaning up 246 unused index entries from index $SDH of file 0x9.
Cleaning up 246 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.

 244196000 KB total disk space.
  29959872 KB in 60197 files.
     20872 KB in 11468 indexes.
  95095744 KB in bad sectors.
    320468 KB in use by the system.
     65536 KB occupied by the log file.
 118799044 KB available on disk.

      4096 bytes in each allocation unit.
  61049000 total allocation units on disk.
  29699761 allocation units available on disk.

Internal Info:
90 b9 03 00 fd 17 01 00 94 86 01 00 00 00 00 00  ................
7c 03 00 00 02 00 00 00 7b 08 00 00 00 00 00 00  |.......{.......
ee d2 d1 08 00 00 00 00 a2 b0 68 2b 00 00 00 00  ..........h+....
6a 17 08 17 00 00 00 00 fa b8 21 14 03 00 00 00  j.........!.....
96 e5 ef c1 04 00 00 00 62 09 be 28 08 00 00 00  ........b..(....
99 9e 36 00 00 00 00 00 98 38 07 00 25 eb 00 00  ..6......8..%...
00 00 00 00 00 00 9b 24 07 00 00 00 cc 2c 00 00  .......$.....,..

Windows has finished checking your disk.
Please wait while your computer restarts.


For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

 



#20 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 15 January 2014 - 08:37 PM

Hi mikej62,

bullseye_zpse9eaf36e.gif Tweaking.com - Windows Repair

Disable your Anti-Virus software BEFORE running this tool.
Tutorials: here.

=========================

Download Tweaking.com Windows Repair from here or here and save it to your desktop.

  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Once the program opens you will be at the Welcome tab.

WindowsRepairTool-1_zps280f6fca.png

Skip steps 1-3, begin with Step 4

=========================

Step 1: Malwarebytes

WindowsRepairTool-1MBAM_zps6fd04008.png

To download and run a Malwarebytes scan click the Download & Scan System button
Otherwise choose Next or an appropriate tab

=========================

Step 2: Check Disk (optional)

WindowsRepairTool-2CheckFileSystem_zpsb1

To run a Check Disk scan select the Do It button. (this action requires a system restart)
Otherwise choose Next or an appropriate tab to continue

=========================

Step 3: System File Checker (optional)

WindowsRepairTool-3SystemFileCheck_zpse7

To run a System File Check scan select the Do It button. (this action recommends a system restart)
Otherwise choose Next or an appropriate tab to continue

=========================

Step 4: Create a System Restore Point & Create a Registry Back-up < ------ Start Here

WindowsRepairTool-4RestorePointandbackup

Create a Restore Point:

  • Select the Create button to create a new restore point
  • Wait, confirmation will be displayed below the Restore button

=========================

Back-up the Registry:

  • Select the Back-up button,Tweaking.com Registry Back-up window will open and begin the back-up
  • It will close automatically. (that's normal)

=========================

Step 5: Start Repairs

WindowsRepairTool-5StartRepairs_zps54111

Select the Start button to continue, the window below will open.

Repair Window settings

WindowsRepairTool-6StartRepairsMenu_zps4

In the Repair Options window, place a check mark next to the following items: (not select all)

  • Repair WMI

=========================

  • Locate the Restart/Shutdown System when Finished, select the box, then choose Restart System
  • Click the Start button, a DOS window will/may appear during the repair process.
  • Acknowledge the System reboot when finished

=========================

Log files can be located by going to the Settings tab in the Windows Repair program and clicking the Open Log Folder button

WindowsRepairToolsettingtab_zpsf5e0d16c.

The default location for the logs is : C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs\

=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

  • Windows Repair Log (default location listed above)
  • FRST.txt
  • How is the computer running?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#21 mikej62

mikej62

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 16 January 2014 - 10:42 AM

Here is the repair WMI log (Not sure which logs from the folder you wanted me to attach):

 

The following services are dependent on the Windows Management Instrumentation service.
Stopping the Windows Management Instrumentation service will also stop these services.

   wscsvc

The wscsvc service is stopping.
The wscsvc service was stopped successfully.

The Windows Management Instrumentation service is stopping.
The Windows Management Instrumentation service was stopped successfully.

Deleted file - C:\WINDOWS\System32\Wbem\Repository\$WinMgmt.CFG
Deleted file - C:\WINDOWS\System32\Wbem\Repository\FS\INDEX.BTR
Deleted file - C:\WINDOWS\System32\Wbem\Repository\FS\INDEX.MAP
Deleted file - C:\WINDOWS\System32\Wbem\Repository\FS\MAPPING.VER
Deleted file - C:\WINDOWS\System32\Wbem\Repository\FS\MAPPING1.MAP
Deleted file - C:\WINDOWS\System32\Wbem\Repository\FS\MAPPING2.MAP
Deleted file - C:\WINDOWS\System32\Wbem\Repository\FS\OBJECTS.DATA
Deleted file - C:\WINDOWS\System32\Wbem\Repository\FS\OBJECTS.MAP
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\02E78424AB18BDBFA706C08B7D7B9F1D.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\092389D621F5A8834203DAAC74CCA279.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\1E97A05DE566CF6EEAE29D0634E27392.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\1EBE968EB7AF815A32641E6185350A9E.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\20D2C3B8CE10B96CE6B8A3C241EF4416.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\23BDE61F1F4FACE17E9B0C01F2A1FD9B.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\26D6C4EB696DD0C83F5D5BF2235000A7.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\2A61A823DC2C1C838EE71C4351BED0B4.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\2C142C4C15E3B8D139B98154CD083071.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\2CE64FBD51953C097BB5470043A6DAF9.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\2CFB5B149FA396D1AEA5F89B1C5A8D81.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\2DA80135BA8EC175C9B1C1598F659434.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\37134956F76D3C30C9BE0C12571CAF43.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\3EC317800FF508210BB945C81C0EACE7.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\42355E8E232EF8CADD187D531DEC55DD.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\42C894EEACAD83A4E41154685841B3E1.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\608B41C6A2CD9460C2263E6CD80C335A.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\60A06765DDFE47EF7240BD9C1EB29EFE.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\6B38F33147D0369D5038BBB61C7A31C8.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\6CF93667737B93EF167943B7E338E669.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\6FFF7467A5B40765D5740A413CA8BB8A.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\701B705ED7DF100F88D5BC4A595E938D.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\731AE1FC8C795979F40FAD645FFBAEB1.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\79E817BC978E2D450EB9E3794DFDA6CF.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\7A62FA52E22CE751514BC93BE067BC80.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\7BDE76979585395D59B5DA1D62E63C50.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\7E27EAAD25AA36FEADFF502991DFC5C1.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\852ECCDBABE77624586E4417FE66F857.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\8636DC7F9479DACE6778109CB4FB4B01.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\88744D2A29102FC88ECF505DD2E984FC.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\958A50DFF8A9DF5FAEA042AC9F60815F.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\98473EDE03F6AA4FAE07C9B8533F89F7.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\A7575F8DE31A912FFE91A7A41B1E382A.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\A99860BB696AE92ED001E48B014365CE.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\ABB70D53B97FC8002205F77E02C97304.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\AE7023598F41510BF261111652046301.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\AEA50E449C23761CA4D9B7F9ED0D9C89.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\B0F7571D09CBE0AE81CB8FC91B04A321.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\C3A0BE17B37ACE48BE78B31580231AE9.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\C6300BFE37ADE6B52EC023F66124985F.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\C81ACF420917AA0F87487BC4D958BEB4.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\C92641594A6F2DA8A55FE4738AFDA539.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\CA0106054EB09C302ED3E0669F99D021.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\CFC35B349D24A8495FD2CEAB15C32D88.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\D724DF13E0B0DF051EB5D403DD8EF2FC.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\D92470B796B6B18F9EE52301857F0567.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\DBD781C2C031C708BCB490F228E7BEF9.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\DC999686F8B85B326CEDFA199DD07F72.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\DFD614E4D613EF4506AC8F525F5F514B.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\E441354B9FE5F63362A481C9B9195A73.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\EDBF963FB003D0670AA9C2219BD091FB.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\FAAD7D567E76CAB10704AFD7C0488F23.mof
The Windows Management Instrumentation service is starting.
The Windows Management Instrumentation service was started successfully.

Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\documents and settings\nashih\local settings\application data\geckofx\1.9\defaultprofile\xpc.mfl
c:\documents and settings\nashih\local settings\application data\geckofx\1.9\defaultprofile\xpc.mfl (1): error SYNTAX 0X8004400a: Unexpected token at file scope


Compiler returned error 0x8004400aMicrosoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\program files\common files\microsoft shared\msinfo\oinfop12.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\$ntservicepackuninstall$\cimwin32.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\$ntservicepackuninstall$\cmdevtgprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\$ntservicepackuninstall$\cimwin32.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\microsoft.net\framework\v2.0.50727\adonetdiag.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\microsoft.net\framework\v2.0.50727\aspnet.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\microsoft.net\framework\v2.0.50727\clr.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\microsoft.net\framework\v3.0\windows communication foundation\servicemodel.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\microsoft.net\framework\v3.5\mof\servicemodel35.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\cimwin32.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\cli.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\cliegali.mof
c:\windows\servicepackfiles\i386\cliegali.mof (38593): error SYNTAX 0X80044007: Illegal constant value. (Numeric value out of range or strings without quotes)


Compiler returned error 0x80044007Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\evtgprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\licwmi.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\msdtctr.mof
c:\windows\servicepackfiles\i386\msdtctr.mof (5): error SYNTAX 0X8004400a: Unexpected token at file scope


Compiler returned error 0x8004400aMicrosoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\napprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\napschem.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\rsop.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\tscfgwmi.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\wmi.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\wscenter.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\cimwin32.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\cliegali.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\licwmi.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\tscfgwmi.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\msdtc\trace\msdtctr.mof
c:\windows\system32\msdtc\trace\msdtctr.mof (5): error SYNTAX 0X8004400a: Unexpected token at file scope


Compiler returned error 0x8004400aMicrosoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\cimwin32.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\cli.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\cliegaliases.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\cmdevtgprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\dgnet.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\dsprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\evntrprv.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\fconprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\fevprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\hnetcfg.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\ieinfo5.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\krnlprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\licwmi.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\msi.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\napclientprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\napclientschema.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\ncprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\ntevt.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\outlook_01ca5007d46ec008.mof
MOF file has been successfully parsed
Storing data in the repository...
An error occurred while creating object 1 defined on lines 31 - 163:
0X80041002 Class, instance, or property 'Win32_PerfRawData' was not found.
Compiler returned error 0x80041001Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\policman.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\regevent.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\rsop.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\scersop.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\scm.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\scrcons.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\secrcw32.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\smtpcons.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\sr.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\subscrpt.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\system.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\tmplprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\trnsprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\tscfgwmi.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\updprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wbemcons.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\whqlprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmi.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmipcima.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmipdskq.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmipicmp.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmipiprt.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmipjobj.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmipsess.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmitimep.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wscenter.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\cimwin32.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\cliegaliases.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\dsprov.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\fconprov.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\fevprov.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\krnlprov.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\licwmi.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\msi.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\ncprov.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\ntevt.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\policman.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\regevent.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\rsop.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\scrcons.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\secrcw32.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\smtpcons.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\tmplprov.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\trnsprov.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\tscfgwmi.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\updprov.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wbemcons.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmi.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmipcima.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmipdskq.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmipicmp.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmipiprt.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmipjobj.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmipsess.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmitimep.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\wbem\msfeeds.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\wbem\msfeedsbs.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!

 

 

 

Frst log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2014 03
Ran by Nashih (administrator) on HOME-7992934537 on 16-01-2014 11:41:19
Running from C:\Documents and Settings\Nashih\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

ATTENTION: If processes are not listed WMI should be repaired.


==================== Processes (Whitelisted) ===================



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [16125440 2007-02-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] - C:\Windows\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Samsung PanelMgr] - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [536576 2008-08-13] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-09] (Nero AG)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-04-27] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [ICF] - C:\Program Files\Internet Content Filter\mfp.exe [1280016 2010-03-09] (McAfee, Inc.)
HKLM\...\Run: [SpySweeper] - C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [6156336 2011-04-05] (Webroot Software, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2007-03-12] (Nero AG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default
FF user.js: detected! => C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=
FF NetworkProxy: "http", "68.71.76.242"
FF NetworkProxy: "http_port", 8082
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll ()
FF Plugin: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\Nashih\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.17 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\Nashih\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\searchplugins\web-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
FF Extension: iMacros for Firefox - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2013-12-23]
FF Extension: Adobe DLM (powered by getPlus®) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009-11-04]
FF Extension: Clear Form History - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{1e0fd655-5aea-4b4c-a583-f76ef1e3af9c}.xpi [2013-11-20]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-01-13]
FF HKLM\...\Firefox\Extensions: [fbphotozoom@installdaddy.com] - C:\Program Files\fbphotozoom\fbphotozoom15.xpi
FF Extension: FBPhotoZoom - C:\Program Files\fbphotozoom\fbphotozoom15.xpi [2012-03-24]
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Documents and Settings\Nashih\Application Data\Move Networks
FF Extension: No Name - C:\Documents and Settings\Nashih\Application Data\Move Networks [2009-11-07]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (getPlusPlus for Adobe 16248) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Move Streaming Media Player) - C:\Documents and Settings\Nashih\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (FBPHOTOZOOM) - C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\3.0_0 [2014-01-07]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2014-01-07]
CHR HKLM\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files\fbphotozoom\fbphotozoom15.crx [2012-03-24]

========================== Services (Whitelisted) =================

S4 Alerter; C:\Windows\system32\alrsvc.dll [17408 2008-04-13] ()
S3 Dot3svc; C:\Windows\System32\dot3svc.dll [132096 2008-04-13] ()
R2 fpUpdateSvc; C:\Program Files\Internet Content Filter\UpdateService.exe [235024 2010-03-09] (McAfee, Inc.)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-09-23] (NOS Microsystems Ltd.)
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-11-10] (Sun Microsystems, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 WebrootSpySweeperService; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [4048256 2011-03-22] (Webroot Software, Inc. (www.webroot.com))
S2 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] ()
R2 WRConsumerService; C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [1201656 2011-07-03] (Webroot Software, Inc. )
S3 Roxio UPnP Renderer 11; "C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe" [x]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-03] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-11] ()
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-21] (CACE Technologies, Inc.)
R0 nvata; C:\Windows\System32\DRIVERS\nvata.sys [105472 2006-10-17] (NVIDIA Corporation)
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [57856 2006-09-27] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [19968 2006-09-27] (NVIDIA Corporation)
S0 sr; C:\Windows\System32\DRIVERS\sr.sys [73472 2008-04-13] ()
R0 ssfs0bbc; C:\Windows\System32\DRIVERS\ssfs0bbc.sys [29832 2011-03-22] (Webroot Software, Inc. (www.webroot.com))
R0 sshrmd; C:\Windows\System32\DRIVERS\sshrmd.sys [23176 2011-03-22] (Webroot Software, Inc. (www.webroot.com))
R0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [176776 2011-03-22] (Webroot Software, Inc. (www.webroot.com))
S3 WISTechVIDCAP; C:\Windows\System32\drivers\Xstream.sys [118400 2004-09-03] (Plextor Corp.)
S1 WS2IFSL; C:\Windows\System32\drivers\ws2ifsl.sys [12032 2004-08-03] ()
S3 WudfRd; C:\Windows\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] ()
S3 XLoader; C:\Windows\System32\Drivers\XLoader.sys [13184 2004-09-03] (Plextor Corp.)
S3 catchme; \??\C:\DOCUME~1\Nashih\LOCALS~1\Temp\catchme.sys [x]
S3 cpuz132; \??\C:\DOCUME~1\Nashih\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-16 11:35 - 2014-01-16 11:35 - 00001444 _____ C:\WINDOWS\COM+.log
2014-01-16 11:28 - 2014-01-16 11:28 - 00000000 ____D C:\Documents and Settings\LocalService\Start Menu\Programs\Accessories
2014-01-16 11:24 - 2014-01-16 11:32 - 00007514 _____ C:\WINDOWS\bitssetup.log
2014-01-16 11:24 - 2014-01-16 11:24 - 00000558 _____ C:\WINDOWS\Windows Update.log
2014-01-16 11:21 - 2014-01-16 11:34 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2014-01-16 11:19 - 2014-01-16 11:19 - 00000000 ____D C:\RegBackup
2014-01-16 11:18 - 2014-01-16 11:18 - 05048198 _____ C:\Documents and Settings\Nashih\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-01-16 11:18 - 2014-01-16 11:18 - 00001812 _____ C:\Documents and Settings\Nashih\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-01-16 11:18 - 2014-01-16 11:18 - 00000000 ____D C:\Program Files\Tweaking.com
2014-01-16 11:18 - 2014-01-16 11:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-01-16 08:54 - 2014-01-16 08:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-16 08:53 - 2014-01-16 08:54 - 00004529 _____ C:\WINDOWS\KB2914368.log
2014-01-15 09:40 - 2014-01-16 11:41 - 00016763 _____ C:\Documents and Settings\Nashih\Desktop\FRST.txt
2014-01-15 09:40 - 2014-01-16 11:41 - 00000000 ____D C:\Documents and Settings\Nashih\Desktop\FRST-OlderVersion
2014-01-14 15:15 - 2014-01-14 15:15 - 00000352 _____ C:\Documents and Settings\Nashih\Desktop\sediag.txt
2014-01-14 14:24 - 2014-01-14 15:49 - 00011627 _____ C:\Documents and Settings\Nashih\My Documents\score.xlsx
2014-01-14 14:24 - 2014-01-14 14:24 - 00000165 ____H C:\Documents and Settings\Nashih\My Documents\~$score.xlsx
2014-01-14 13:30 - 2014-01-16 11:41 - 01221120 _____ (Farbar) C:\Documents and Settings\Nashih\Desktop\FRST.exe
2014-01-13 18:03 - 2014-01-13 18:03 - 00987410 _____ C:\Documents and Settings\Nashih\Desktop\SecurityCheck.exe
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Program Files\VS Revo Group
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Documents and Settings\Nashih\Local Settings\Application Data\VS Revo Group
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\VS Revo Group
2014-01-13 16:42 - 2009-12-30 10:20 - 00027064 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2014-01-13 16:41 - 2014-01-13 16:42 - 10619688 _____ (VS Revo Group                                               ) C:\Documents and Settings\Nashih\Desktop\RevoUninProSetup.exe
2014-01-13 12:07 - 2014-01-13 12:07 - 00009669 _____ C:\ComboFix.txt
2014-01-13 12:00 - 2014-01-13 12:01 - 05166068 ____R (Swearware) C:\Documents and Settings\Nashih\Desktop\ComboFix.exe
2014-01-12 14:42 - 2014-01-12 14:42 - 00000663 _____ C:\Documents and Settings\Nashih\Desktop\Shortcut to ComboFix.exe.lnk
2014-01-12 14:42 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2014-01-12 14:42 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2014-01-12 14:42 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-01-12 14:42 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-01-12 14:42 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-01-12 14:42 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-01-12 14:42 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2014-01-12 14:42 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2014-01-12 14:42 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2014-01-12 14:41 - 2014-01-13 12:07 - 00000000 ____D C:\Qoobox
2014-01-10 14:21 - 2014-01-16 11:41 - 00000000 ____D C:\FRST
2014-01-08 16:14 - 2014-01-08 16:14 - 00000499 _____ C:\Documents and Settings\Nashih\Desktop\MBR.zip
2014-01-08 16:13 - 2014-01-08 16:13 - 00002007 _____ C:\Documents and Settings\Nashih\Desktop\aswMBR.txt
2014-01-08 16:13 - 2014-01-08 16:13 - 00000512 _____ C:\Documents and Settings\Nashih\Desktop\MBR.dat
2014-01-07 13:13 - 2014-01-09 15:19 - 00012242 ____H C:\Documents and Settings\Nashih\My Documents\~WRL0003.tmp
2014-01-05 15:25 - 2014-01-05 15:25 - 00000000 ____D C:\Documents and Settings\Nashih\My Documents\New Folder (2)
2014-01-03 22:26 - 2014-01-03 22:26 - 00039823 _____ C:\Documents and Settings\Nashih\My Documents\Book11.xlsx
2013-12-31 11:04 - 2013-12-31 11:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-23 14:07 - 2013-12-23 14:08 - 00012685 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-23 14:07 - 2013-12-23 14:07 - 00005000 _____ C:\WINDOWS\KB2904266.log
2013-12-23 14:07 - 2013-12-23 14:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-23 14:07 - 2013-12-23 14:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-23 14:04 - 2013-12-23 14:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-23 14:03 - 2013-12-23 14:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-23 14:03 - 2013-12-23 14:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-18 13:45 - 2013-12-23 14:07 - 00011252 _____ C:\WINDOWS\KB2898715.log
2013-12-18 13:45 - 2013-12-23 14:04 - 00010089 _____ C:\WINDOWS\KB2893294.log
2013-12-18 13:45 - 2013-12-23 14:03 - 00010788 _____ C:\WINDOWS\KB2893984.log
2013-12-18 13:45 - 2013-12-23 14:03 - 00009292 _____ C:\WINDOWS\KB2892075.log

==================== One Month Modified Files and Folders =======

2014-01-16 11:41 - 2014-01-15 09:40 - 00016763 _____ C:\Documents and Settings\Nashih\Desktop\FRST.txt
2014-01-16 11:41 - 2014-01-15 09:40 - 00000000 ____D C:\Documents and Settings\Nashih\Desktop\FRST-OlderVersion
2014-01-16 11:41 - 2014-01-14 13:30 - 01221120 _____ (Farbar) C:\Documents and Settings\Nashih\Desktop\FRST.exe
2014-01-16 11:41 - 2014-01-10 14:21 - 00000000 ____D C:\FRST
2014-01-16 11:41 - 2009-10-06 21:01 - 01642792 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-16 11:35 - 2014-01-16 11:35 - 00001444 _____ C:\WINDOWS\COM+.log
2014-01-16 11:35 - 2012-08-11 12:24 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-16 11:35 - 2009-10-06 21:06 - 00000178 __SHC C:\Documents and Settings\Nashih\ntuser.ini
2014-01-16 11:35 - 2009-10-06 21:05 - 00032586 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-16 11:35 - 2009-10-06 21:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-16 11:35 - 2009-10-06 16:55 - 00000159 ____C C:\WINDOWS\wiadebug.log
2014-01-16 11:35 - 2009-10-06 16:55 - 00000049 ____C C:\WINDOWS\wiaservc.log
2014-01-16 11:35 - 2009-10-06 16:52 - 00291680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-16 11:34 - 2014-01-16 11:21 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2014-01-16 11:32 - 2014-01-16 11:24 - 00007514 _____ C:\WINDOWS\bitssetup.log
2014-01-16 11:32 - 2012-06-05 00:21 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-16 11:32 - 2009-10-06 21:00 - 00000000 ____D C:\WINDOWS\Registration
2014-01-16 11:29 - 2009-10-06 16:54 - 00515094 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-16 11:28 - 2014-01-16 11:28 - 00000000 ____D C:\Documents and Settings\LocalService\Start Menu\Programs\Accessories
2014-01-16 11:28 - 2009-10-06 21:05 - 00000000 __SHD C:\Documents and Settings\LocalService
2014-01-16 11:28 - 2009-10-06 21:02 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2014-01-16 11:28 - 2009-10-06 21:02 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2014-01-16 11:24 - 2014-01-16 11:24 - 00000558 _____ C:\WINDOWS\Windows Update.log
2014-01-16 11:23 - 2012-08-11 12:24 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-16 11:19 - 2014-01-16 11:19 - 00000000 ____D C:\RegBackup
2014-01-16 11:19 - 2009-10-06 16:53 - 00588593 ____C C:\WINDOWS\setupapi.log
2014-01-16 11:19 - 2009-10-06 16:49 - 00000000 ____D C:\WINDOWS\repair
2014-01-16 11:18 - 2014-01-16 11:18 - 05048198 _____ C:\Documents and Settings\Nashih\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-01-16 11:18 - 2014-01-16 11:18 - 00001812 _____ C:\Documents and Settings\Nashih\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-01-16 11:18 - 2014-01-16 11:18 - 00000000 ____D C:\Program Files\Tweaking.com
2014-01-16 11:18 - 2014-01-16 11:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-01-16 08:58 - 2013-08-26 02:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-16 08:54 - 2014-01-16 08:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-16 08:54 - 2014-01-16 08:53 - 00004529 _____ C:\WINDOWS\KB2914368.log
2014-01-16 08:54 - 2009-10-07 19:31 - 83425928 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-16 08:54 - 2009-10-06 16:54 - 00704193 ____C C:\WINDOWS\ocgen.log
2014-01-14 18:28 - 2012-10-27 19:14 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-01-14 15:49 - 2014-01-14 14:24 - 00011627 _____ C:\Documents and Settings\Nashih\My Documents\score.xlsx
2014-01-14 15:37 - 2009-10-14 15:24 - 00002473 _____ C:\Documents and Settings\Nashih\Desktop\Microsoft Office Excel 2007.lnk
2014-01-14 15:15 - 2014-01-14 15:15 - 00000352 _____ C:\Documents and Settings\Nashih\Desktop\sediag.txt
2014-01-14 14:24 - 2014-01-14 14:24 - 00000165 ____H C:\Documents and Settings\Nashih\My Documents\~$score.xlsx
2014-01-14 11:46 - 2009-10-06 21:05 - 00000000 __SHD C:\Documents and Settings\NetworkService
2014-01-13 18:03 - 2014-01-13 18:03 - 00987410 _____ C:\Documents and Settings\Nashih\Desktop\SecurityCheck.exe
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Program Files\VS Revo Group
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Documents and Settings\Nashih\Local Settings\Application Data\VS Revo Group
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\VS Revo Group
2014-01-13 16:42 - 2014-01-13 16:41 - 10619688 _____ (VS Revo Group                                               ) C:\Documents and Settings\Nashih\Desktop\RevoUninProSetup.exe
2014-01-13 12:07 - 2014-01-13 12:07 - 00009669 _____ C:\ComboFix.txt
2014-01-13 12:07 - 2014-01-12 14:41 - 00000000 ____D C:\Qoobox
2014-01-13 12:06 - 2004-08-03 20:07 - 00000227 _____ C:\WINDOWS\system.ini
2014-01-13 12:01 - 2014-01-13 12:00 - 05166068 ____R (Swearware) C:\Documents and Settings\Nashih\Desktop\ComboFix.exe
2014-01-12 14:52 - 2009-10-06 16:52 - 40108032 _____ C:\WINDOWS\system32\config\software.bak
2014-01-12 14:52 - 2009-10-06 16:52 - 08388608 _____ C:\WINDOWS\system32\config\system.bak
2014-01-12 14:52 - 2009-10-06 16:52 - 00524288 _____ C:\WINDOWS\system32\config\default.bak
2014-01-12 14:52 - 2009-10-06 16:52 - 00057344 _____ C:\WINDOWS\system32\config\SECURITY.bak
2014-01-12 14:52 - 2009-10-06 16:52 - 00024576 _____ C:\WINDOWS\system32\config\SAM.bak
2014-01-12 14:51 - 2011-12-28 16:11 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-01-12 14:51 - 2011-12-27 18:50 - 00000000 ____D C:\WINDOWS\ERDNT
2014-01-12 14:42 - 2014-01-12 14:42 - 00000663 _____ C:\Documents and Settings\Nashih\Desktop\Shortcut to ComboFix.exe.lnk
2014-01-10 10:38 - 2004-08-03 20:07 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-09 16:34 - 2009-10-06 21:06 - 00000000 ____D C:\Documents and Settings\Nashih
2014-01-09 15:19 - 2014-01-07 13:13 - 00012242 ____H C:\Documents and Settings\Nashih\My Documents\~WRL0003.tmp
2014-01-08 16:14 - 2014-01-08 16:14 - 00000499 _____ C:\Documents and Settings\Nashih\Desktop\MBR.zip
2014-01-08 16:13 - 2014-01-08 16:13 - 00002007 _____ C:\Documents and Settings\Nashih\Desktop\aswMBR.txt
2014-01-08 16:13 - 2014-01-08 16:13 - 00000512 _____ C:\Documents and Settings\Nashih\Desktop\MBR.dat
2014-01-05 15:25 - 2014-01-05 15:25 - 00000000 ____D C:\Documents and Settings\Nashih\My Documents\New Folder (2)
2014-01-03 22:26 - 2014-01-03 22:26 - 00039823 _____ C:\Documents and Settings\Nashih\My Documents\Book11.xlsx
2014-01-01 11:33 - 2012-05-06 12:45 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-31 11:05 - 2013-12-31 11:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-23 14:30 - 2011-09-14 15:53 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-23 14:08 - 2013-12-23 14:07 - 00012685 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-23 14:07 - 2013-12-23 14:07 - 00005000 _____ C:\WINDOWS\KB2904266.log
2013-12-23 14:07 - 2013-12-23 14:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-23 14:07 - 2013-12-23 14:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-23 14:07 - 2013-12-18 13:45 - 00011252 _____ C:\WINDOWS\KB2898715.log
2013-12-23 14:07 - 2009-10-07 20:15 - 00055518 ____C C:\WINDOWS\system32\TZLog.log
2013-12-23 14:07 - 2009-10-07 19:15 - 00038737 ____C C:\WINDOWS\updspapi.log
2013-12-23 14:04 - 2013-12-23 14:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-23 14:04 - 2013-12-18 13:45 - 00010089 _____ C:\WINDOWS\KB2893294.log
2013-12-23 14:03 - 2013-12-23 14:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-23 14:03 - 2013-12-23 14:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-23 14:03 - 2013-12-18 13:45 - 00010788 _____ C:\WINDOWS\KB2893984.log
2013-12-23 14:03 - 2013-12-18 13:45 - 00009292 _____ C:\WINDOWS\KB2892075.log
2013-12-18 13:14 - 2012-08-06 19:46 - 00000000 ____D C:\Documents and Settings\Nashih\Desktop\Samir

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================



#22 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 16 January 2014 - 10:02 PM

Hi mikej62,

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Locate Malwarebytes' Anti-Malware (it should be on your desktop).
If not, download it here
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================


bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:
  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.
=========================

In your next post please provide the following:
  • MBAM log
  • ESET's log.txt
  • How's the computer running?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#23 mikej62

mikej62

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 17 January 2014 - 12:40 PM

Malwarebytes log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.17.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Nashih :: HOME-7992934537 [administrator]

1/17/2014 12:27:08 PM
mbam-log-2014-01-17 (12-27-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204572
Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 11111111 -> Quarantined and deleted successfully.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 11111111 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

ESET Log:

 

C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\prefs-1.js    JS/SecurityDisabler.A.Gen application
C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\prefs.js    JS/SecurityDisabler.A.Gen application
C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\prefs.js.BAK    JS/SecurityDisabler.A.Gen application
C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\user.js    JS/SecurityDisabler.A.Gen application
 



#24 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 17 January 2014 - 08:36 PM

Hi mikej62,

bullseye_zpse9eaf36e.gif Delete a File/Folder

Using Windows Explorer (Windows Key + E), locate the following files, and DELETE them (if still present):
  • C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\prefs-1.js
  • C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\prefs.js
  • C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\prefs.js.BAK
  • C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\user.js
Exit Explorer

=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================

In your next post please provide the following:
  • FRST.txt
  • How is the computer running?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#25 mikej62

mikej62

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 17 January 2014 - 09:00 PM

My computer seems to be running the same. I don't notice much different now compared to what it was before I got spyware. I still get a popup when I start the computer called "LSP Install Error". I think it came around the same time I got this Driverwhiz error but I assumed that it was harmless. Apparently based on googling, this could be some kind of spyware

 

frst log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2014 03
Ran by Nashih (administrator) on HOME-7992934537 on 17-01-2014 21:56:18
Running from C:\Documents and Settings\Nashih\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

ATTENTION: If processes are not listed WMI should be repaired.


==================== Processes (Whitelisted) ===================



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [16125440 2007-02-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] - C:\Windows\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Samsung PanelMgr] - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [536576 2008-08-13] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-09] (Nero AG)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-04-27] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [ICF] - C:\Program Files\Internet Content Filter\mfp.exe [1280016 2010-03-09] (McAfee, Inc.)
HKLM\...\Run: [SpySweeper] - C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [6156336 2011-04-05] (Webroot Software, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2007-03-12] (Nero AG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll ()
FF Plugin: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\Nashih\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.17 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\Nashih\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\searchplugins\web-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
FF Extension: iMacros for Firefox - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2013-12-23]
FF Extension: Adobe DLM (powered by getPlus®) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009-11-04]
FF Extension: Clear Form History - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{1e0fd655-5aea-4b4c-a583-f76ef1e3af9c}.xpi [2013-11-20]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-01-13]
FF HKLM\...\Firefox\Extensions: [fbphotozoom@installdaddy.com] - C:\Program Files\fbphotozoom\fbphotozoom15.xpi
FF Extension: FBPhotoZoom - C:\Program Files\fbphotozoom\fbphotozoom15.xpi [2012-03-24]
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Documents and Settings\Nashih\Application Data\Move Networks
FF Extension: No Name - C:\Documents and Settings\Nashih\Application Data\Move Networks [2009-11-07]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (getPlusPlus for Adobe 16248) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Move Streaming Media Player) - C:\Documents and Settings\Nashih\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (FBPHOTOZOOM) - C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid [2012-10-27]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR HKLM\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files\fbphotozoom\fbphotozoom15.crx [2012-03-24]

========================== Services (Whitelisted) =================

S4 Alerter; C:\Windows\system32\alrsvc.dll [17408 2008-04-13] ()
S3 Dot3svc; C:\Windows\System32\dot3svc.dll [132096 2008-04-13] ()
R2 fpUpdateSvc; C:\Program Files\Internet Content Filter\UpdateService.exe [235024 2010-03-09] (McAfee, Inc.)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-09-23] (NOS Microsystems Ltd.)
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-11-10] (Sun Microsystems, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 WebrootSpySweeperService; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [4048256 2011-03-22] (Webroot Software, Inc. (www.webroot.com))
S2 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] ()
R2 WRConsumerService; C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [1201656 2011-07-03] (Webroot Software, Inc. )
S3 Roxio UPnP Renderer 11; "C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe" [x]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-03] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-11] ()
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-21] (CACE Technologies, Inc.)
R0 nvata; C:\Windows\System32\DRIVERS\nvata.sys [105472 2006-10-17] (NVIDIA Corporation)
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [57856 2006-09-27] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [19968 2006-09-27] (NVIDIA Corporation)
S0 sr; C:\Windows\System32\DRIVERS\sr.sys [73472 2008-04-13] ()
R0 ssfs0bbc; C:\Windows\System32\DRIVERS\ssfs0bbc.sys [29832 2011-03-22] (Webroot Software, Inc. (www.webroot.com))
R0 sshrmd; C:\Windows\System32\DRIVERS\sshrmd.sys [23176 2011-03-22] (Webroot Software, Inc. (www.webroot.com))
R0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [176776 2011-03-22] (Webroot Software, Inc. (www.webroot.com))
S3 WISTechVIDCAP; C:\Windows\System32\drivers\Xstream.sys [118400 2004-09-03] (Plextor Corp.)
S1 WS2IFSL; C:\Windows\System32\drivers\ws2ifsl.sys [12032 2004-08-03] ()
S3 WudfRd; C:\Windows\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] ()
S3 XLoader; C:\Windows\System32\Drivers\XLoader.sys [13184 2004-09-03] (Plextor Corp.)
S3 catchme; \??\C:\DOCUME~1\Nashih\LOCALS~1\Temp\catchme.sys [x]
S3 cpuz132; \??\C:\DOCUME~1\Nashih\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-17 13:37 - 2014-01-17 13:37 - 00000565 _____ C:\Documents and Settings\Nashih\Desktop\ESET.txt
2014-01-17 12:34 - 2014-01-17 12:34 - 02347384 _____ (ESET) C:\Documents and Settings\Nashih\Desktop\esetsmartinstaller_enu.exe
2014-01-17 12:08 - 2014-01-17 12:08 - 00000796 _____ C:\Documents and Settings\Nashih\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-16 11:35 - 2014-01-16 11:35 - 00001444 _____ C:\WINDOWS\COM+.log
2014-01-16 11:28 - 2014-01-16 11:28 - 00000000 ____D C:\Documents and Settings\LocalService\Start Menu\Programs\Accessories
2014-01-16 11:24 - 2014-01-16 11:32 - 00007514 _____ C:\WINDOWS\bitssetup.log
2014-01-16 11:24 - 2014-01-16 11:24 - 00000558 _____ C:\WINDOWS\Windows Update.log
2014-01-16 11:21 - 2014-01-16 11:34 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2014-01-16 11:19 - 2014-01-16 11:19 - 00000000 ____D C:\RegBackup
2014-01-16 11:18 - 2014-01-16 11:18 - 05048198 _____ C:\Documents and Settings\Nashih\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-01-16 11:18 - 2014-01-16 11:18 - 00001812 _____ C:\Documents and Settings\Nashih\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-01-16 11:18 - 2014-01-16 11:18 - 00000000 ____D C:\Program Files\Tweaking.com
2014-01-16 11:18 - 2014-01-16 11:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-01-16 08:54 - 2014-01-16 08:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-16 08:53 - 2014-01-16 08:54 - 00004529 _____ C:\WINDOWS\KB2914368.log
2014-01-15 09:40 - 2014-01-17 21:56 - 00016265 _____ C:\Documents and Settings\Nashih\Desktop\FRST.txt
2014-01-15 09:40 - 2014-01-17 21:56 - 00000000 ____D C:\Documents and Settings\Nashih\Desktop\FRST-OlderVersion
2014-01-14 15:15 - 2014-01-14 15:15 - 00000352 _____ C:\Documents and Settings\Nashih\Desktop\sediag.txt
2014-01-14 14:24 - 2014-01-14 15:49 - 00011627 _____ C:\Documents and Settings\Nashih\My Documents\score.xlsx
2014-01-14 14:24 - 2014-01-14 14:24 - 00000165 ____H C:\Documents and Settings\Nashih\My Documents\~$score.xlsx
2014-01-14 13:30 - 2014-01-17 21:56 - 01220608 _____ (Farbar) C:\Documents and Settings\Nashih\Desktop\FRST.exe
2014-01-13 18:03 - 2014-01-13 18:03 - 00987410 _____ C:\Documents and Settings\Nashih\Desktop\SecurityCheck.exe
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Program Files\VS Revo Group
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Documents and Settings\Nashih\Local Settings\Application Data\VS Revo Group
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\VS Revo Group
2014-01-13 16:42 - 2009-12-30 10:20 - 00027064 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2014-01-13 16:41 - 2014-01-13 16:42 - 10619688 _____ (VS Revo Group                                               ) C:\Documents and Settings\Nashih\Desktop\RevoUninProSetup.exe
2014-01-13 12:07 - 2014-01-13 12:07 - 00009669 _____ C:\ComboFix.txt
2014-01-13 12:00 - 2014-01-13 12:01 - 05166068 ____R (Swearware) C:\Documents and Settings\Nashih\Desktop\ComboFix.exe
2014-01-12 14:42 - 2014-01-12 14:42 - 00000663 _____ C:\Documents and Settings\Nashih\Desktop\Shortcut to ComboFix.exe.lnk
2014-01-12 14:42 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2014-01-12 14:42 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2014-01-12 14:42 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-01-12 14:42 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-01-12 14:42 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-01-12 14:42 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-01-12 14:42 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2014-01-12 14:42 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2014-01-12 14:42 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2014-01-12 14:41 - 2014-01-13 12:07 - 00000000 ____D C:\Qoobox
2014-01-10 14:21 - 2014-01-17 21:56 - 00000000 ____D C:\FRST
2014-01-08 16:14 - 2014-01-08 16:14 - 00000499 _____ C:\Documents and Settings\Nashih\Desktop\MBR.zip
2014-01-08 16:13 - 2014-01-08 16:13 - 00002007 _____ C:\Documents and Settings\Nashih\Desktop\aswMBR.txt
2014-01-08 16:13 - 2014-01-08 16:13 - 00000512 _____ C:\Documents and Settings\Nashih\Desktop\MBR.dat
2014-01-07 13:13 - 2014-01-09 15:19 - 00012242 ____H C:\Documents and Settings\Nashih\My Documents\~WRL0003.tmp
2014-01-05 15:25 - 2014-01-05 15:25 - 00000000 ____D C:\Documents and Settings\Nashih\My Documents\New Folder (2)
2014-01-03 22:26 - 2014-01-03 22:26 - 00039823 _____ C:\Documents and Settings\Nashih\My Documents\Book11.xlsx
2013-12-31 11:04 - 2013-12-31 11:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-23 14:07 - 2013-12-23 14:08 - 00012685 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-23 14:07 - 2013-12-23 14:07 - 00005000 _____ C:\WINDOWS\KB2904266.log
2013-12-23 14:07 - 2013-12-23 14:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-23 14:07 - 2013-12-23 14:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-23 14:04 - 2013-12-23 14:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-23 14:03 - 2013-12-23 14:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-23 14:03 - 2013-12-23 14:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-18 13:45 - 2013-12-23 14:07 - 00011252 _____ C:\WINDOWS\KB2898715.log
2013-12-18 13:45 - 2013-12-23 14:04 - 00010089 _____ C:\WINDOWS\KB2893294.log
2013-12-18 13:45 - 2013-12-23 14:03 - 00010788 _____ C:\WINDOWS\KB2893984.log
2013-12-18 13:45 - 2013-12-23 14:03 - 00009292 _____ C:\WINDOWS\KB2892075.log

==================== One Month Modified Files and Folders =======

2014-01-17 21:56 - 2014-01-15 09:40 - 00016265 _____ C:\Documents and Settings\Nashih\Desktop\FRST.txt
2014-01-17 21:56 - 2014-01-15 09:40 - 00000000 ____D C:\Documents and Settings\Nashih\Desktop\FRST-OlderVersion
2014-01-17 21:56 - 2014-01-14 13:30 - 01220608 _____ (Farbar) C:\Documents and Settings\Nashih\Desktop\FRST.exe
2014-01-17 21:56 - 2014-01-10 14:21 - 00000000 ____D C:\FRST
2014-01-17 21:56 - 2009-10-06 21:01 - 01908458 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-17 21:55 - 2012-08-11 12:24 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-17 21:55 - 2009-10-06 21:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-17 21:55 - 2009-10-06 16:55 - 00000159 ____C C:\WINDOWS\wiadebug.log
2014-01-17 21:55 - 2009-10-06 16:55 - 00000049 ____C C:\WINDOWS\wiaservc.log
2014-01-17 21:32 - 2012-06-05 00:21 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-17 21:23 - 2012-08-11 12:24 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-17 16:32 - 2009-10-06 21:05 - 00032472 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-17 14:12 - 2009-10-06 21:06 - 00000178 __SHC C:\Documents and Settings\Nashih\ntuser.ini
2014-01-17 13:37 - 2014-01-17 13:37 - 00000565 _____ C:\Documents and Settings\Nashih\Desktop\ESET.txt
2014-01-17 12:34 - 2014-01-17 12:34 - 02347384 _____ (ESET) C:\Documents and Settings\Nashih\Desktop\esetsmartinstaller_enu.exe
2014-01-17 12:08 - 2014-01-17 12:08 - 00000796 _____ C:\Documents and Settings\Nashih\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-16 11:35 - 2014-01-16 11:35 - 00001444 _____ C:\WINDOWS\COM+.log
2014-01-16 11:35 - 2009-10-06 16:52 - 00291680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-16 11:34 - 2014-01-16 11:21 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2014-01-16 11:32 - 2014-01-16 11:24 - 00007514 _____ C:\WINDOWS\bitssetup.log
2014-01-16 11:32 - 2009-10-06 21:00 - 00000000 ____D C:\WINDOWS\Registration
2014-01-16 11:29 - 2009-10-06 16:54 - 00515094 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-16 11:28 - 2014-01-16 11:28 - 00000000 ____D C:\Documents and Settings\LocalService\Start Menu\Programs\Accessories
2014-01-16 11:28 - 2009-10-06 21:05 - 00000000 __SHD C:\Documents and Settings\LocalService
2014-01-16 11:28 - 2009-10-06 21:02 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2014-01-16 11:28 - 2009-10-06 21:02 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2014-01-16 11:24 - 2014-01-16 11:24 - 00000558 _____ C:\WINDOWS\Windows Update.log
2014-01-16 11:19 - 2014-01-16 11:19 - 00000000 ____D C:\RegBackup
2014-01-16 11:19 - 2009-10-06 16:53 - 00588593 ____C C:\WINDOWS\setupapi.log
2014-01-16 11:19 - 2009-10-06 16:49 - 00000000 ____D C:\WINDOWS\repair
2014-01-16 11:18 - 2014-01-16 11:18 - 05048198 _____ C:\Documents and Settings\Nashih\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-01-16 11:18 - 2014-01-16 11:18 - 00001812 _____ C:\Documents and Settings\Nashih\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-01-16 11:18 - 2014-01-16 11:18 - 00000000 ____D C:\Program Files\Tweaking.com
2014-01-16 11:18 - 2014-01-16 11:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-01-16 08:58 - 2013-08-26 02:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-16 08:54 - 2014-01-16 08:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-16 08:54 - 2014-01-16 08:53 - 00004529 _____ C:\WINDOWS\KB2914368.log
2014-01-16 08:54 - 2009-10-07 19:31 - 83425928 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-16 08:54 - 2009-10-06 16:54 - 00704193 ____C C:\WINDOWS\ocgen.log
2014-01-14 18:28 - 2012-10-27 19:14 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-01-14 15:49 - 2014-01-14 14:24 - 00011627 _____ C:\Documents and Settings\Nashih\My Documents\score.xlsx
2014-01-14 15:37 - 2009-10-14 15:24 - 00002473 _____ C:\Documents and Settings\Nashih\Desktop\Microsoft Office Excel 2007.lnk
2014-01-14 15:15 - 2014-01-14 15:15 - 00000352 _____ C:\Documents and Settings\Nashih\Desktop\sediag.txt
2014-01-14 14:24 - 2014-01-14 14:24 - 00000165 ____H C:\Documents and Settings\Nashih\My Documents\~$score.xlsx
2014-01-14 11:46 - 2009-10-06 21:05 - 00000000 __SHD C:\Documents and Settings\NetworkService
2014-01-13 18:03 - 2014-01-13 18:03 - 00987410 _____ C:\Documents and Settings\Nashih\Desktop\SecurityCheck.exe
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Program Files\VS Revo Group
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Documents and Settings\Nashih\Local Settings\Application Data\VS Revo Group
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\VS Revo Group
2014-01-13 16:42 - 2014-01-13 16:41 - 10619688 _____ (VS Revo Group                                               ) C:\Documents and Settings\Nashih\Desktop\RevoUninProSetup.exe
2014-01-13 12:07 - 2014-01-13 12:07 - 00009669 _____ C:\ComboFix.txt
2014-01-13 12:07 - 2014-01-12 14:41 - 00000000 ____D C:\Qoobox
2014-01-13 12:06 - 2004-08-03 20:07 - 00000227 _____ C:\WINDOWS\system.ini
2014-01-13 12:01 - 2014-01-13 12:00 - 05166068 ____R (Swearware) C:\Documents and Settings\Nashih\Desktop\ComboFix.exe
2014-01-12 14:52 - 2009-10-06 16:52 - 40108032 _____ C:\WINDOWS\system32\config\software.bak
2014-01-12 14:52 - 2009-10-06 16:52 - 08388608 _____ C:\WINDOWS\system32\config\system.bak
2014-01-12 14:52 - 2009-10-06 16:52 - 00524288 _____ C:\WINDOWS\system32\config\default.bak
2014-01-12 14:52 - 2009-10-06 16:52 - 00057344 _____ C:\WINDOWS\system32\config\SECURITY.bak
2014-01-12 14:52 - 2009-10-06 16:52 - 00024576 _____ C:\WINDOWS\system32\config\SAM.bak
2014-01-12 14:51 - 2011-12-28 16:11 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-01-12 14:51 - 2011-12-27 18:50 - 00000000 ____D C:\WINDOWS\ERDNT
2014-01-12 14:42 - 2014-01-12 14:42 - 00000663 _____ C:\Documents and Settings\Nashih\Desktop\Shortcut to ComboFix.exe.lnk
2014-01-10 10:38 - 2004-08-03 20:07 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-09 16:34 - 2009-10-06 21:06 - 00000000 ____D C:\Documents and Settings\Nashih
2014-01-09 15:19 - 2014-01-07 13:13 - 00012242 ____H C:\Documents and Settings\Nashih\My Documents\~WRL0003.tmp
2014-01-08 16:14 - 2014-01-08 16:14 - 00000499 _____ C:\Documents and Settings\Nashih\Desktop\MBR.zip
2014-01-08 16:13 - 2014-01-08 16:13 - 00002007 _____ C:\Documents and Settings\Nashih\Desktop\aswMBR.txt
2014-01-08 16:13 - 2014-01-08 16:13 - 00000512 _____ C:\Documents and Settings\Nashih\Desktop\MBR.dat
2014-01-05 15:25 - 2014-01-05 15:25 - 00000000 ____D C:\Documents and Settings\Nashih\My Documents\New Folder (2)
2014-01-03 22:26 - 2014-01-03 22:26 - 00039823 _____ C:\Documents and Settings\Nashih\My Documents\Book11.xlsx
2014-01-01 11:33 - 2012-05-06 12:45 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-31 11:05 - 2013-12-31 11:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-23 14:30 - 2011-09-14 15:53 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-23 14:08 - 2013-12-23 14:07 - 00012685 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-23 14:07 - 2013-12-23 14:07 - 00005000 _____ C:\WINDOWS\KB2904266.log
2013-12-23 14:07 - 2013-12-23 14:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-23 14:07 - 2013-12-23 14:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-23 14:07 - 2013-12-18 13:45 - 00011252 _____ C:\WINDOWS\KB2898715.log
2013-12-23 14:07 - 2009-10-07 20:15 - 00055518 ____C C:\WINDOWS\system32\TZLog.log
2013-12-23 14:07 - 2009-10-07 19:15 - 00038737 ____C C:\WINDOWS\updspapi.log
2013-12-23 14:04 - 2013-12-23 14:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-23 14:04 - 2013-12-18 13:45 - 00010089 _____ C:\WINDOWS\KB2893294.log
2013-12-23 14:03 - 2013-12-23 14:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-23 14:03 - 2013-12-23 14:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-23 14:03 - 2013-12-18 13:45 - 00010788 _____ C:\WINDOWS\KB2893984.log
2013-12-23 14:03 - 2013-12-18 13:45 - 00009292 _____ C:\WINDOWS\KB2892075.log
2013-12-18 13:14 - 2012-08-06 19:46 - 00000000 ____D C:\Documents and Settings\Nashih\Desktop\Samir

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


    Advertisements

Register to Remove


#26 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 17 January 2014 - 09:26 PM

Hi mikej62,

Well your LSP might have become corrupt, that's why you are receiving the error.

bullseye_zpse9eaf36e.gif Reset WINSOCK entries to installation defaults

You must run the command prompt as an administrator or in an "elevated mode".
  • Start menu, in the search bar type "cmd"
  • Right-click the cmd icon, select "run as administrator"
    • If you have user account control (UAC) set up it may prompt you to accept that action.
  • Then type in "netsh winsock reset" (without the quotes) then hit Enter
=========================

bullseye_zpse9eaf36e.gif Reboot into Normal Mode

=========================

Please explain what issues still remain.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#27 mikej62

mikej62

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 18 January 2014 - 11:11 AM

Hi mikej62,

Well your LSP might have become corrupt, that's why you are receiving the error.

bullseye_zpse9eaf36e.gif Reset WINSOCK entries to installation defaults

You must run the command prompt as an administrator or in an "elevated mode".

  • Start menu, in the search bar type "cmd"
  • Right-click the cmd icon, select "run as administrator"
    • If you have user account control (UAC) set up it may prompt you to accept that action.
  • Then type in "netsh winsock reset" (without the quotes) then hit Enter
=========================

bullseye_zpse9eaf36e.gif Reboot into Normal Mode

=========================

Please explain what issues still remain.

 

 

I ran the cmd prompt and tried to do this but it did nothing. How do I run it in an elevated mode or as an administrator? When I try to run as administrator, I need to type in a password (I don't know it).



#28 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 19 January 2014 - 12:32 AM

Hi mikej62,

Let's try another way.

bullseye_zpse9eaf36e.gif Reboot Windows XP in Safe Mode w Command Prompt

  • Restart your computer.
  • When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
  • Select the option for Safe Mode w/ Command Prompt using the arrow keys.
  • Then press enter on your keyboard to boot into Safe Mode w/ Command Prompt.

=========================

In the command prompt window type in "netsh winsock reset catalog" (without the quotes) then hit Enter

Follow the onscreen instructions, when finished reboot back into normal mode and see if error still occurs.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#29 mikej62

mikej62

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 20 January 2014 - 11:01 AM

Hi mikej62,

Let's try another way.

bullseye_zpse9eaf36e.gif Reboot Windows XP in Safe Mode w Command Prompt

  • Restart your computer.
  • When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
  • Select the option for Safe Mode w/ Command Prompt using the arrow keys.
  • Then press enter on your keyboard to boot into Safe Mode w/ Command Prompt.

=========================

In the command prompt window type in "netsh winsock reset catalog" (without the quotes) then hit Enter

Follow the onscreen instructions, when finished reboot back into normal mode and see if error still occurs.

 

For some reason when I click f8 when the computer starts I get a screen with the option being HDD.



#30 mikej62

mikej62

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 20 January 2014 - 11:39 AM

I got to safe mode by pressing F5. I did the command prompt safe mode and had 2 options: Administrator and my user account. I enter the "netsh winsock reset catalog" on both administrator and user account but when I pressed enter nothing really happened. I rebooted to normal and I still have the LSP install error.


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users