Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have possibly the world's first "partial trojan" infecting my Chrome browser


  • Please log in to reply
11 replies to this topic

#1 sternrulez

sternrulez

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 14 March 2013 - 03:14 PM

Hello, everyone!

 

Long story short, I recently did a clean install of Windows 7 on a PC I built after my RAID array crashed on the previous one, and while attempting to install Firefox on my new system I inadvertently clicked on the wrong web result and began installing what I assumed was Firefox.  I quickly realized that it was not and was able to halt the install, to later find out that my homepage in Chrome was hijacked to something along the lines of "http://proxy.allsearchapp.com/s.php?q=%s" instead of Google.  I've since run MS Security Essentials as well as  SuperAntiSpyware (those 2 are mandatory for my PC due to the fact that I work from home using it and that is what the company requires), Hijackthis, SpeedyPC Pro and Spyhunter 4 (the last 2 of which I paid for).  Though they each found items in the usual fashion, this "allsearch" bug is still present.

 

NOW, this is the really strange part: from what I read about this thing, ALL of your browsers would be infected by it when in fact only Chrome is, and when I hit the home button on Chrome I am taken to the "real" Google page...no redirections are noticeable.  Basically the only time Allsearch shows up is when I open a new instance of Chrome, at least for now anyway.  At this point I think it's worth mentioning that when I attempt to change my homepage in Chrome, that ability is unavailable with 2 strange marks and the words "this option is enforced by your administrator" in both the startup and search engine areas of the settings (I can certainly provide screenshots if anyone would like to see it).

 

I must then assume that I am allowed to return to Google and also that it has not spread to either Firefox or IE due to my quick action in cancelling the download, thus my reasoning for the words "partial trojan".  I would still like to get this fixed though, because who knows how long allsearch will stay in its semi-dormant state and who knows if anything is going on in the background. I will be more than happy to post logs from any of the above program runs if needed and of course I'm welcome to any thoughts or ideas the community may have on the topic.

 

Thanks in advance for your time! :)



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:35 AM

Posted 14 March 2013 - 03:16 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg

  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    aswMBR1.png
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    aswMBR2.png
  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

    esetsmartinstaller_enu.png

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results


 



#3 sternrulez

sternrulez
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 15 March 2013 - 01:13 PM

OK, sorry it took so long to get back to you...had work this morning.  Anyway, before I post what you asked for I've noticed that IE IS in fact affected...I use IE purely for work purposes, and therefore have a list of work-related websites saved to start up when IE does.  However, now only Google starts, and when I make changes to the homepage list they are not saved despite my clicking 'apply'.  OK, on to the logs, in the order you listed them at the bottom of your post:

TDSSKiller log:

There were no problems reported with this test, but it produced 2 logs. one of which will cause me to make multiple posts here to include it all.  I will certainly post it if you would like, but I figured considering the size I will hold off on that:
 

16:22:29.0757 16168  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:22:30.0023 16168  ============================================================
16:22:30.0023 16168  Current date / time: 2013/03/14 16:22:30.0023
16:22:30.0023 16168  SystemInfo:
16:22:30.0023 16168  
16:22:30.0023 16168  OS Version: 6.1.7601 ServicePack: 1.0
16:22:30.0023 16168  Product type: Workstation
16:22:30.0024 16168  ComputerName: NIGHTMARE
16:22:30.0024 16168  UserName: Len's
16:22:30.0024 16168  Windows directory: C:\Windows
16:22:30.0024 16168  System windows directory: C:\Windows
16:22:30.0024 16168  Running under WOW64
16:22:30.0024 16168  Processor architecture: Intel x64
16:22:30.0024 16168  Number of processors: 4
16:22:30.0024 16168  Page size: 0x1000
16:22:30.0024 16168  Boot type: Normal boot
16:22:30.0024 16168  ============================================================
16:22:30.0476 16168  Drive \Device\Harddisk2\DR2 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:22:37.0572 16168  Drive \Device\Harddisk3\DR3 - Size: 0x2BAA1476000 (2794.52 Gb), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:22:41.0942 16168  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:22:41.0942 16168  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:22:51.0242 16168  Drive \Device\Harddisk5\DR5 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:22:58.0135 16168  Drive \Device\Harddisk6\DR6 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:22:58.0139 16168  ============================================================
16:22:58.0140 16168  \Device\Harddisk2\DR2:
16:22:58.0141 16168  MBR partitions:
16:22:58.0141 16168  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:22:58.0141 16168  \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
16:22:58.0141 16168  \Device\Harddisk3\DR3:
16:22:58.0142 16168  GPT partitions:
16:22:58.0167 16168  \Device\Harddisk3\DR3\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {06BC30FE-5508-490E-A235-5EA0A63101B0}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
16:22:58.0167 16168  \Device\Harddisk3\DR3\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {2A3A6DF9-2FDA-424C-BAED-4D2E74B7E9E1}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x5D4C9800
16:22:58.0167 16168  MBR partitions:
16:22:58.0167 16168  \Device\Harddisk0\DR0:
16:22:58.0167 16168  Invalid mbr signature
16:22:58.0167 16168  \Device\Harddisk1\DR1:
16:22:58.0168 16168  MBR partitions:
16:22:58.0168 16168  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:22:58.0168 16168  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D9000
16:22:58.0168 16168  \Device\Harddisk5\DR5:
16:22:58.0169 16168  MBR partitions:
16:22:58.0169 16168  \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
16:22:58.0170 16168  \Device\Harddisk6\DR6:
16:22:58.0170 16168  MBR partitions:
16:22:58.0171 16168  \Device\Harddisk6\DR6\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000
16:22:58.0171 16168  ============================================================
16:22:58.0173 16168  C: <-> \Device\Harddisk2\DR2\Partition2
16:22:58.0202 16168  F: <-> \Device\Harddisk6\DR6\Partition1
16:22:58.0234 16168  B: <-> \Device\Harddisk3\DR3\Partition2
16:22:58.0268 16168  H: <-> \Device\Harddisk5\DR5\Partition1
16:22:58.0269 16168  ============================================================
16:22:58.0269 16168  Initialize success
16:22:58.0269 16168  ============================================================
16:23:40.0371 16064  Deinitialize success
 

aswMBR log:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-14 16:36:00
-----------------------------
16:36:00.839    OS Version: Windows x64 6.1.7601 Service Pack 1
16:36:00.839    Number of processors: 4 586 0x503
16:36:00.840    ComputerName: NIGHTMARE  UserName: Len's
16:36:01.054    Initialize success
16:36:51.217    AVAST engine defs: 13031401
16:36:56.735    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
16:36:56.738    Disk 0 Vendor: WDC_WD5000AAKX-603CA0 16.01H16 Size: 476940MB BusType: 3
16:36:56.741    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4
16:36:56.744    Disk 1 Vendor: WDC_WD5000AAKX-603CA0 16.01H16 Size: 476940MB BusType: 3
16:36:56.747    Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0
16:36:56.751    Disk 2 Vendor: KINGSTON_SV300S37A120G 505ABBF0 Size: 114473MB BusType: 3
16:36:56.755    Disk 3  \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP1T0L0-1
16:36:56.759    Disk 3 Vendor: ST3000DM001-1CH166 CC24 Size: 2861588MB BusType: 3
16:36:56.764    Disk 2 MBR read successfully
16:36:56.767    Disk 2 MBR scan
16:36:56.772    Disk 2 Windows 7 default MBR code
16:36:56.775    Disk 2 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
16:36:56.780    Disk 2 Partition 2 00     07    HPFS/NTFS NTFS       114371 MB offset 206848
16:36:56.790    Disk 2 scanning C:\Windows\system32\drivers
16:37:00.236    Service scanning
16:37:08.437    Modules scanning
16:37:08.442    Disk 2 trace - called modules:
16:37:08.447    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
16:37:08.452    1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa800750e060]
16:37:08.455    3 CLASSPNP.SYS[fffff880018c243f] -> nt!IofCallDriver -> [0xfffffa80071e5d10]
16:37:08.459    5 ACPI.sys[fffff88000ef37a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007300060]
16:37:08.741    AVAST engine scan C:\Windows
16:37:09.514    AVAST engine scan C:\Windows\system32
16:38:49.450    AVAST engine scan C:\Windows\system32\drivers
16:38:53.769    AVAST engine scan C:\Users\Len's
16:39:12.700    AVAST engine scan C:\ProgramData
16:39:15.733    Scan finished successfully
16:39:32.420    Disk 2 MBR has been saved successfully to "C:\Users\Len's\Desktop\MBR.dat"
16:39:32.424    The log file has been saved successfully to "C:\Users\Len's\Desktop\aswMBR.txt"

Finally, the ESET results:

B:\NIGHTMARE\Backup Set 2013-03-09 135822\Backup Files 2013-03-09 135822\Backup files 1.zip    multiple threats    deleted - quarantined
B:\progs\me\CoreTemp64\CoreTempGadgetzip.exe    a variant of Win32/OpenInstall application    cleaned by deleting - quarantined
B:\progs\me\Format Factory\FFSetup295.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\Len's\Downloads\Firefox_setup (1).exe    a variant of Win32/Adware.iBryte.G application    cleaned by deleting - quarantined
C:\Users\Len's\Downloads\Firefox_setup.exe    a variant of Win32/Adware.iBryte.G application    cleaned by deleting - quarantined
 

I hope you'll be able to figure out what's going on because now it IS affecting my job, though to a minor extent...I just would like to fix it before it gets worse.  Thanks in advance for your help, narenXP! :)



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:35 AM

Posted 15 March 2013 - 01:35 PM

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Make sure you are connected to the Internet and double-click on the it to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log

 



#5 sternrulez

sternrulez
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 15 March 2013 - 02:40 PM

Pt 2 of my logs, in the order you requested:

mbam log:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.15.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Len's :: NIGHTMARE [administrator]

3/15/2013 2:53:14 PM
mbam-log-2013-03-15 (14-53-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry

| File System | Heuristics/Extra |

Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209882
Time elapsed: 1 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low

Rights\ElevationPolicy\{11111111-1111-1111-1111-

110111271159} (PUP.CrossRider) -> Quarantined and

deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion

\Ext\PreApproved\{11111111-1111-1111-1111-

110111271159} (PUP.CrossRider) -> Quarantined and

deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MiniToolBox log:

MiniToolBox by Farbar  Version:05-03-2013
Ran by Len's (administrator) on 15-03-2013 at

15:02:36
Running from "C:\Users\Len's\Downloads"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
**************************************************

*************************

========================= Flush DNS:

===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings:

==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were

reset.

========================= FF Proxy Settings:

==============================


"Reset FF Proxy Settings": Firefox Proxy settings

were reset.

========================= Hosts content:

=================================
127.0.0.1       localhost
127.0.0.1       localhost

========================= IP Configuration:

================================

Realtek PCIe GBE Family Controller = Local Area

Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Nightmare
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Realtek

PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 94-DE-80-

24-7D-39
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . :

fe80::9d43:7e0c:9c8a:cd75%11(Preferred)
   IPv4 Address. . . . . . . . . . . :

192.168.2.3(Preferred)
   Subnet Mask . . . . . . . . . . . :

255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday,

March 15, 2013 1:28:24 PM
   Lease Expires . . . . . . . . . . : Monday,

April 21, 2149 9:31:00 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 244637312
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-

01-18-CC-15-4B-94-DE-80-24-7D-39
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Belkin:

   Media State . . . . . . . . . . . : Media

disconnected
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Microsoft

ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-

00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo

Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-

00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . :

2001:0:9d38:953c:3833:288b:9d14:db2e(Preferred)
   Link-local IPv6 Address . . . . . :

fe80::3833:288b:9d14:db2e%13(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  router.belkin
Address:  192.168.2.1

Name:    google.com
Addresses:  2607:f8b0:4006:803::1008
      74.125.226.227
      74.125.226.224
      74.125.226.233
      74.125.226.228
      74.125.226.238
      74.125.226.225
      74.125.226.230
      74.125.226.229
      74.125.226.231
      74.125.226.226
      74.125.226.232


Pinging google.com [74.125.226.227] with 32 bytes

of data:
Reply from 74.125.226.227: bytes=32 time=37ms

TTL=54
Reply from 74.125.226.227: bytes=32 time=38ms

TTL=54

Ping statistics for 74.125.226.227:
    Packets: Sent = 2, Received = 2, Lost = 0 (0%

loss),
Approximate round trip times in milli-seconds:
    Minimum = 37ms, Maximum = 38ms, Average = 37ms
Server:  router.belkin
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  98.139.183.24
      206.190.36.45
      98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of

data:
Reply from 98.139.183.24: bytes=32 time=476ms

TTL=51
Reply from 98.139.183.24: bytes=32 time=519ms

TTL=49

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0%

loss),
Approximate round trip times in milli-seconds:
    Minimum = 476ms, Maximum = 519ms, Average =

497ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0%

loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
==================================================

=========================
Interface List
 11...94 de 80 24 7d 39 ......Realtek PCIe GBE

Family Controller
  1...........................Software Loopback

Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP

Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling

Pseudo-Interface
==================================================

=========================

IPv4 Route Table
==================================================

=========================
Active Routes:
Network Destination        Netmask          

Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      

192.168.2.1      192.168.2.3     20
        127.0.0.0        255.0.0.0         On-link

        127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link

        127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link

        127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link

      192.168.2.3    276
      192.168.2.3  255.255.255.255         On-link

      192.168.2.3    276
    192.168.2.255  255.255.255.255         On-link

      192.168.2.3    276
        224.0.0.0        240.0.0.0         On-link

        127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link

      192.168.2.3    276
  255.255.255.255  255.255.255.255         On-link

        127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link

      192.168.2.3    276
==================================================

=========================
Persistent Routes:
  None

IPv6 Route Table
==================================================

=========================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306

2001:0:9d38:953c:3833:288b:9d14:db2e/128
                                    On-link
 11    276 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::3833:288b:9d14:db2e/128
                                    On-link
 11    276 fe80::9d43:7e0c:9c8a:cd75/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
==================================================

=========================
Persistent Routes:
  None
========================= Winsock entries

=====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224]

(Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll

[52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll

[65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll

[65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll

[232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992]

(Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll

[232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll

[232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll

[232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll

[232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll

[232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll

[232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll

[232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll

[232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll

[232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll

[232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll

[70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll

[68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll

[86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll

[86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll

[326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll

[28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll

[326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll

[326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll

[326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll

[326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll

[326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll

[326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll

[326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll

[326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll

[326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll

[326144] (Microsoft Corporation)

========================= Event log errors:

===============================

Application errors:
==================
Error: (03/15/2013 01:29:02 PM) (Source: WinMgmt)

(User: )
Description: //./root/CIMV2SELECT * FROM

__InstanceModificationEvent WITHIN 60 WHERE

TargetInstance ISA "Win32_Processor" AND

TargetInstance.LoadPercentage > 990x80041003

Error: (03/15/2013 03:17:35 AM) (Source: WinMgmt)

(User: )
Description: //./root/CIMV2SELECT * FROM

__InstanceModificationEvent WITHIN 60 WHERE

TargetInstance ISA "Win32_Processor" AND

TargetInstance.LoadPercentage > 990x80041003

Error: (03/15/2013 00:47:29 AM) (Source:

SideBySide) (User: )
Description: Activation context generation failed

for "C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifest1".Error in manifest or

policy file "C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifest2" on line C:\Windows\WinSxS

\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifest3.
A component version required by the application

conflicts with another component version already

active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6

975e2bd6f2b2.manifest.

Error: (03/15/2013 00:47:29 AM) (Source:

SideBySide) (User: )
Description: Activation context generation failed

for "C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifest1".Error in manifest or

policy file "C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifest2" on line C:\Windows\WinSxS

\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifest3.
A component version required by the application

conflicts with another component version already

active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6

975e2bd6f2b2.manifest.

Error: (03/15/2013 00:47:27 AM) (Source:

SideBySide) (User: )
Description: Activation context generation failed

for "C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifest1".Error in manifest or

policy file "C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifest2" on line C:\Windows\WinSxS

\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifest3.
A component version required by the application

conflicts with another component version already

active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6

975e2bd6f2b2.manifest.

Error: (03/15/2013 00:47:27 AM) (Source:

SideBySide) (User: )
Description: Activation context generation failed

for "C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifest1".Error in manifest or

policy file "C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifest2" on line C:\Windows\WinSxS

\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifest3.
A component version required by the application

conflicts with another component version already

active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6

975e2bd6f2b2.manifest.

Error: (03/15/2013 00:47:18 AM) (Source:

SideBySide) (User: )
Description: Activation context generation failed

for "C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifest1".Error in manifest or

policy file "C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifest2" on line C:\Windows\WinSxS

\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifest3.
A component version required by the application

conflicts with another component version already

active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6

975e2bd6f2b2.manifest.

Error: (03/15/2013 00:47:17 AM) (Source:

SideBySide) (User: )
Description: Activation context generation failed

for "C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifest1".Error in manifest or

policy file "C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifest2" on line C:\Windows\WinSxS

\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifest3.
A component version required by the application

conflicts with another component version already

active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6

975e2bd6f2b2.manifest.

Error: (03/15/2013 00:01:41 AM) (Source: WinMgmt)

(User: )
Description: //./root/CIMV2SELECT * FROM

__InstanceModificationEvent WITHIN 60 WHERE

TargetInstance ISA "Win32_Processor" AND

TargetInstance.LoadPercentage > 990x80041003

Error: (03/14/2013 08:32:57 PM) (Source: WinMgmt)

(User: )
Description: //./root/CIMV2SELECT * FROM

__InstanceModificationEvent WITHIN 60 WHERE

TargetInstance ISA "Win32_Processor" AND

TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/15/2013 01:26:41 PM) (Source: DCOM)

(User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-

2FE65525666E}

Error: (03/15/2013 03:15:49 AM) (Source: DCOM)

(User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-

2FE65525666E}

Error: (03/14/2013 10:32:48 PM) (Source: DCOM)

(User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-

2FE65525666E}

Error: (03/14/2013 08:31:08 PM) (Source: DCOM)

(User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-

2FE65525666E}

Error: (03/14/2013 07:03:30 PM) (Source: Service

Control Manager) (User: )
Description: The PEVSystemStart service is marked

as an interactive service.  However, the system is

configured to not allow interactive services.  

This service may not function properly.

Error: (03/14/2013 06:58:13 PM) (Source:

Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been

blocked from loading due to incompatibility with

this system. Please contact your software vendor

for a compatible version of the driver.

Error: (03/14/2013 06:55:12 PM) (Source: Service

Control Manager) (User: )
Description: The PEVSystemStart service is marked

as an interactive service.  However, the system is

configured to not allow interactive services.  

This service may not function properly.

Error: (03/14/2013 06:52:54 PM) (Source: Service

Control Manager) (User: )
Description: The SpyHunter 4 Service service

terminated unexpectedly.  It has done this 1 time

(s).

Error: (03/14/2013 06:02:49 PM) (Source: Disk)

(User: )
Description: The driver detected a controller

error on \Device\Harddisk5\DR5.

Error: (03/14/2013 04:27:01 PM) (Source: Service

Control Manager) (User: )
Description: The Service Control Manager tried to

take a corrective action (Restart the service)

after the unexpected termination of the Windows

Search service, but this action failed with the

following error:
%%1056


Microsoft Office Sessions:
=========================
Error: (03/15/2013 01:29:02 PM) (Source: WinMgmt)

(User: )
Description: //./root/CIMV2SELECT * FROM

__InstanceModificationEvent WITHIN 60 WHERE

TargetInstance ISA "Win32_Processor" AND

TargetInstance.LoadPercentage > 990x80041003

Error: (03/15/2013 03:17:35 AM) (Source: WinMgmt)

(User: )
Description: //./root/CIMV2SELECT * FROM

__InstanceModificationEvent WITHIN 60 WHERE

TargetInstance ISA "Win32_Processor" AND

TargetInstance.LoadPercentage > 990x80041003

Error: (03/15/2013 00:47:29 AM) (Source:

SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifestC:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6

975e2bd6f2b2.manifestc:\Users\Len's\downloads

\esetsmartinstaller_enu.exe

Error: (03/15/2013 00:47:29 AM) (Source:

SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifestC:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6

975e2bd6f2b2.manifestc:\Users\Len's\downloads

\esetsmartinstaller_enu (1).exe

Error: (03/15/2013 00:47:27 AM) (Source:

SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifestC:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6

975e2bd6f2b2.manifestc:\Users\Len's\downloads

\esetsmartinstaller_enu.exe

Error: (03/15/2013 00:47:27 AM) (Source:

SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifestC:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6

975e2bd6f2b2.manifestc:\Users\Len's\downloads

\esetsmartinstaller_enu (1).exe

Error: (03/15/2013 00:47:18 AM) (Source:

SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifestC:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6

975e2bd6f2b2.manifestc:\Users\Len's\downloads

\esetsmartinstaller_enu.exe

Error: (03/15/2013 00:47:17 AM) (Source:

SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa39

6087175ac9ac.manifestC:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6

975e2bd6f2b2.manifestc:\Users\Len's\downloads

\esetsmartinstaller_enu (1).exe

Error: (03/15/2013 00:01:41 AM) (Source: WinMgmt)

(User: )
Description: //./root/CIMV2SELECT * FROM

__InstanceModificationEvent WITHIN 60 WHERE

TargetInstance ISA "Win32_Processor" AND

TargetInstance.LoadPercentage > 990x80041003

Error: (03/14/2013 08:32:57 PM) (Source: WinMgmt)

(User: )
Description: //./root/CIMV2SELECT * FROM

__InstanceModificationEvent WITHIN 60 WHERE

TargetInstance ISA "Win32_Processor" AND

TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-03-14 18:58:13.762
  Description: Windows is unable to verify the

image integrity of the file \Device

\HarddiskVolume2\ComboFix\catchme.sys because file

hash could not be found on the system. A recent

hardware or software change might have installed a

file that is signed incorrectly or damaged, or

that might be malicious software from an unknown

source.

  Date: 2013-03-14 18:58:13.732
  Description: Windows is unable to verify the

image integrity of the file \Device

\HarddiskVolume2\ComboFix\catchme.sys because file

hash could not be found on the system. A recent

hardware or software change might have installed a

file that is signed incorrectly or damaged, or

that might be malicious software from an unknown

source.

  Date: 2013-03-13 18:35:19.822
  Description: Windows is unable to verify the

image integrity of the file \Device

\HarddiskVolume2\Program Files (x86)\Enigma

Software Group\SpyHunter\esgiguard.sys because

file hash could not be found on the system. A

recent hardware or software change might have

installed a file that is signed incorrectly or

damaged, or that might be malicious software from

an unknown source.

  Date: 2013-03-13 18:35:19.793
  Description: Windows is unable to verify the

image integrity of the file \Device

\HarddiskVolume2\Program Files (x86)\Enigma

Software Group\SpyHunter\esgiguard.sys because

file hash could not be found on the system. A

recent hardware or software change might have

installed a file that is signed incorrectly or

damaged, or that might be malicious software from

an unknown source.

  Date: 2013-03-13 16:17:47.492
  Description: Windows is unable to verify the

image integrity of the file \Device

\HarddiskVolume2\Program Files (x86)\Enigma

Software Group\SpyHunter\esgiguard.sys because

file hash could not be found on the system. A

recent hardware or software change might have

installed a file that is signed incorrectly or

damaged, or that might be malicious software from

an unknown source.

  Date: 2013-03-13 16:17:47.462
  Description: Windows is unable to verify the

image integrity of the file \Device

\HarddiskVolume2\Program Files (x86)\Enigma

Software Group\SpyHunter\esgiguard.sys because

file hash could not be found on the system. A

recent hardware or software change might have

installed a file that is signed incorrectly or

damaged, or that might be malicious software from

an unknown source.

  Date: 2013-03-13 16:17:22.344
  Description: Windows is unable to verify the

image integrity of the file \Device

\HarddiskVolume2\Program Files (x86)\Enigma

Software Group\SpyHunter\esgiguard.sys because

file hash could not be found on the system. A

recent hardware or software change might have

installed a file that is signed incorrectly or

damaged, or that might be malicious software from

an unknown source.

  Date: 2013-03-13 16:17:22.314
  Description: Windows is unable to verify the

image integrity of the file \Device

\HarddiskVolume2\Program Files (x86)\Enigma

Software Group\SpyHunter\esgiguard.sys because

file hash could not be found on the system. A

recent hardware or software change might have

installed a file that is signed incorrectly or

damaged, or that might be malicious software from

an unknown source.

  Date: 2013-03-13 16:16:45.091
  Description: Windows is unable to verify the

image integrity of the file \Device

\HarddiskVolume2\Program Files (x86)\Enigma

Software Group\SpyHunter\esgiguard.sys because

file hash could not be found on the system. A

recent hardware or software change might have

installed a file that is signed incorrectly or

damaged, or that might be malicious software from

an unknown source.

  Date: 2013-03-13 16:16:45.062
  Description: Windows is unable to verify the

image integrity of the file \Device

\HarddiskVolume2\Program Files (x86)\Enigma

Software Group\SpyHunter\esgiguard.sys because

file hash could not be found on the system. A

recent hardware or software change might have

installed a file that is signed incorrectly or

damaged, or that might be malicious software from

an unknown source.


=========================== Installed Programs

============================

µTorrent (Version: 3.3.0.29126)
Adobe AIR (Version: 3.6.0.6090)
Adobe Flash Player 11 ActiveX (Version:

11.6.602.180)
Adobe Flash Player 11 Plugin (Version:

11.6.602.180)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Adobe Shockwave Player 12.0 (Version: 12.0.0.112)
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
AVS DVD Copy version 4.1.2
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
BIG-IP Edge Client Components (All Users)

(Version: 70.2011.0623.0551)
Citrix online plug-in - web (Version: 12.3.0.8)
Citrix online plug-in (DV) (Version: 12.3.0.8)
Citrix online plug-in (HDX) (Version: 12.3.0.8)
Citrix online plug-in (USB) (Version: 12.3.0.8)
Citrix online plug-in (Web) (Version: 12.3.0.8)
Compatibility Pack for the 2007 Office system

(Version: 12.0.6612.1000)
Core Temp 1.0 RC5 (Version: 1.0)
DAEMON Tools Pro (Version: 5.2.0.0348)
Etron USB3.0 Host Controller (Version: 0.115)
FlashWindow Library for Instant Access (Version:

1.0.0.1)
FormatFactory 2.95 (Version: 2.95)
Google Chrome (Version: 25.0.1364.172)
Google Toolbar for Internet Explorer (Version:

1.0.0)
Google Toolbar for Internet Explorer (Version:

7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
HiJackThis (Version: 1.0.0)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Malwarebytes Anti-Malware version 1.70.0.1100

(Version: 1.70.0.1100)
Microsoft .NET Framework 4 Client Profile

(Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version:

4.0.30319)
Microsoft Office Excel Viewer (Version:

12.0.6612.1000)
Microsoft Office Word Viewer 2003 (Version:

11.0.8173.0)
Microsoft PowerPoint Viewer (Version:

14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Visual C++ 2005 Redistributable

(Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable

(Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64

9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64

9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64

9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86

9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86

9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86

9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 19.0.2 (x86 en-US) (Version:

19.0.2)
Mozilla Maintenance Service (Version: 19.0.2)
ON_OFF Charge B12.0308.1 (Version: 1.00.0001)
Openfire 3.8.1
Platform (Version: 1.39)
QuickTime (Version: 7.73.80.64)
Razer Synapse 2.0 (Version: 1.7.15)
Realtek Ethernet Controller Driver (Version:

7.48.823.2011)
Reset Your Browser
SABnzbd 0.7.11 (Version: 0.7.11)
Search Protect by conduit (Version: 1.4.1.12)
Spark 2.6.3.12555
SpeedyPC Pro (Version: 3.0.0.0)
SpyHunter (Version: 4.1.11)
SUPERAntiSpyware (Version: 5.6.1014)
swMSM (Version: 12.0.0.1)
System Requirements Lab CYRI (Version: 5.0.6.0)
The Weather Channel App
Update for Microsoft .NET Framework 4 Client

Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client

Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client

Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended

(KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended

(KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended

(KB2600217) (Version: 1)
VIA Platform Device Manager (Version: 1.39)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
XFINITY Caller ID (Version: 3.1.38)

========================= Devices:

================================

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub

Name: Bitlocker Drive Encryption Filter Driver
Description: Bitlocker Drive Encryption Filter

Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: fvevol

Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Ancillary Function Driver for Winsock
Description: Ancillary Function Driver for Winsock
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AFD

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: HL-DT-ST BD-RE  WH10LS30 ATA Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom

Name: DTSOFT Virtual CdRom Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom

Name: NETBT
Description: NETBT
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NetBT

Name: System timer
Description: System timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: gdrv
Description: gdrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: gdrv

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan

Name: ALSysIO
Description: ALSysIO
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ALSysIO

Name: ATI I/O Communications Processor PCI Bus

Controller
Description: ATI I/O Communications Processor PCI

Bus Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI
Service: pci

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci

Name: AMD Radeon HD 6700 Series
Description: AMD Radeon HD 6700 Series
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI Technologies Inc.
Service: amdkmdap

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Microsoft Network Inspection System
Description: Microsoft Network Inspection System
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NisDrv

Name: Etron USB 3.0 Extensible Host Controller
Description: Etron USB 3.0 Extensible Host

Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Etron Technology Inc.
Service: EtronXHCI

Name: Microsoft Digital Media Server Module
Description: Microsoft Digital Media Server Module
Class Guid: {14b62f50-3f15-11dd-ae16-0800200c9a66}
Manufacturer: Microsoft
Service: UmPass

Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HTTP

Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan

Name: Etron USB 3.0 Extensible Root Hub
Description: Etron USB 3.0 Extensible Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Etron Technology Inc.
Service: EtronHub3

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: amdkmdag
Description: amdkmdag
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: amdkmdag

Name: Microsoft USB Trackball Optical
Description: Microsoft USB Trackball Optical
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: HidUsb

Name: Hardware Policy Driver
Description: Hardware Policy Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: hwpolicy

Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Disk Virtual Machine Bus Acceleration Filter

Driver
Description: Disk Virtual Machine Bus Acceleration

Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: storflt

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe

Name: AppleCharger
Description: AppleCharger
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AppleCharger

Name: NSI proxy service driver.
Description: NSI proxy service driver.
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: nsiproxy

Name: KINGSTON SV300S37A120G ATA Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: ATI I/O Communications Processor SMBus

Controller
Description: ATI I/O Communications Processor

SMBus Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI
Service:

Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci

Name: KSecDD
Description: KSecDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: KSecDD

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus

Name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Tcpip

Name: ATA Channel 0
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport

Name: AMD Phenom™ II X4 840 Processor
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM

Name: KSecPkg
Description: KSecPkg
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: KSecPkg

Name: Communications Port (COM1)
Description: Communications Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard port types)
Service: Serial

Name: TCP/IP Registry Compatibility
Description: TCP/IP Registry Compatibility
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tcpipreg

Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp

Name: ATA Channel 1
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi

Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Null

Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep

Name: System speaker
Description: System speaker
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Link-Layer Topology Discovery Mapper I/O

Driver
Description: Link-Layer Topology Discovery Mapper

I/O Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: lltdio

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Standard Dual Channel PCI IDE Controller
Description: Standard Dual Channel PCI IDE

Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: pciide

Name: NetIO Legacy TDI Support Driver
Description: NetIO Legacy TDI Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tdx

Name: Standard Dual Channel PCI IDE Controller
Description: Standard Dual Channel PCI IDE

Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: pciide

Name: F5 Networks VPN Adapter
Description: F5 Networks VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: F5 Networks
Service: urvpndrv

Name: Performance Counters for Windows Driver
Description: Performance Counters for Windows

Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: pcw

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: ST3000DM001-1CH166 ATA Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: VIA High Definition Audio
Description: VIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: VIA Technologies, Inc.
Service: VIAHdAudAddService

Name: PCI bus
Description: PCI bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci

Name: ATA Channel 0
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus

Name: PEAUTH
Description: PEAUTH
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PEAUTH

Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Terminal Server Keyboard Driver
Description: Terminal Server Keyboard Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD

Name: Mount Point Manager
Description: Mount Point Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mountmgr

Name: AMD Phenom™ II X4 840 Processor
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM

Name: VgaSave
Description: VgaSave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VgaSave

Name: ATA Channel 1
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Common Log (CLFS)
Description: Common Log (CLFS)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CLFS

Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Terminal Server Mouse Driver
Description: Terminal Server Mouse Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host

Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbehci

Name: PCI standard ISA bridge
Description: PCI standard ISA bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: msisadrv

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Dynamic Volume Manager
Description: Dynamic Volume Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: volmgrx

Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device

Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: swenum

Name: CNG
Description: CNG
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CNG

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Psched

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: WDC WD5000AAKX-603CA0 ATA Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: Microsoft USB Trackball Optical
Description: Microsoft USB Trackball Optical
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid

Name: USB Mass  Storage Device USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: IPBusEnum Root Enumerator
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name: Windows Firewall Authorization Driver
Description: Windows Firewall Authorization Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mpsdrv

Name: DAEMON Tools Virtual Bus
Description: DAEMON Tools Virtual Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: DT Soft Ltd
Service: dtsoftbus01

Name: Storage volumes
Description: Storage volumes
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: volsnap

Name: Offline Files Driver
Description: Offline Files Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CSC

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: G:\
Description:  Storage Device
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: USB Mass
Service: WUDFRd

Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host

Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbehci

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR

Name: Citrix USB Monitor Driver
Description: Citrix USB Monitor Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ctxusbm

Name: UMBus Enumerator
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name: Remote Access IPv6 ARP Driver
Description: Remote Access IPv6 ARP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wanarpv6

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: AMD Phenom™ II X4 840 Processor
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Razer Naga
Description: Razer Naga
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Razer USA Ltd
Service: mouhid

Name: RDPCDD
Description: RDPCDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPCDD

Name: Microsoft Virtual Drive Enumerator Driver
Description: Microsoft Virtual Drive Enumerator

Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: vdrvroot

Name: ACPI x64-based PC
Description: ACPI x64-based PC
Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: Kernel Mode Driver Frameworks service
Description: Kernel Mode Driver Frameworks service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wdf01000

Name: Volume Manager
Description: Volume Manager
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: volmgr

Name: RDP Encoder Mirror Driver
Description: RDP Encoder Mirror Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPENCDD

Name: WDC WD5000AAKX-603CA0 ATA Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp

Name: File as Volume Driver
Description: File as Volume Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: blbdrive

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: UMBus Enumerator
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name: System Attribute Cache
Description: System Attribute Cache
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: discache

Name: Razer Naga
Description: Razer Naga
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: Razer USA Ltd
Service: kbdhid

Name: WFP Lightweight Filter
Description: WFP Lightweight Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WfpLwf

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Composite Bus Enumerator
Description: Composite Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: CompositeBus

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host

Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbehci

Name: Reflector Display Driver used to gain access

to graphics data
Description: Reflector Display Driver used to gain

access to graphics data
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPREFMP

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: LDDM Graphics Subsystem
Description: LDDM Graphics Subsystem
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: DXGKrnl

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Winsock IFS Driver
Description: Winsock IFS Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ws2ifsl

Name: AMD Phenom™ II X4 840 Processor
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM

Name: Link-Layer Topology Discovery Responder
Description: Link-Layer Topology Discovery

Responder
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: rspndr

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: msisadrv
Description: msisadrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: msisadrv

Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service:

Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: User Mode Driver Frameworks Platform Driver
Description: User Mode Driver Frameworks Platform

Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WudfPf

Name: belkin.d05_MediaServer
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: PacketVideo
Service: umbus

Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASDIFSV

Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci

Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: ACPI

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS

Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: mssmbios

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASKUTIL

Name: NDIS System Driver
Description: NDIS System Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDIS

Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn

Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub

Name: Security Driver
Description: Security Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: secdrv

Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: NDProxy
Description: NDProxy
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDProxy

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp

Name: Generic PnP Monitor
Description: Generic PnP Monitor
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard monitor types)
Service: monitor

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr

Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:


========================= Memory info:

===================================

Percentage of memory in use: 33%
Total physical RAM: 8178.56 MB
Available physical RAM: 5406.8 MB
Total Pagefile: 16355.31 MB
Available Pagefile: 13069 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.21 MB

========================= Partitions:

=====================================

1 Drive b: (Barracuda) (Fixed) (Total:2794.39 GB)

(Free:2761.71 GB) NTFS
2 Drive c: () (Fixed) (Total:111.69 GB)

(Free:74.85 GB) NTFS

========================= Users:

========================================

User accounts for \\NIGHTMARE

Administrator            Guest                    

Len's                    


**** End of log ****


FSS log:

Farbar Service Scanner Version: 03-03-2013
Ran by Len's (administrator) on 15-03-2013 at

15:06:45
Running from "C:\Users\Len's\Downloads"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
**************************************************

**************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service

configuration:
The start type of WinDefend service is set to

Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is

legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is

legit
C:\Windows\System32\drivers\tdx.sys => MD5 is

legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is

legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is

legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is

legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5

is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

AdwCleaner log:

# AdwCleaner v2.114 - Logfile created 03/15/2013

at 15:12:07
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Ultimate Service

Pack 1 (64 bits)
# User : Len's - NIGHTMARE
# Boot Mode : Normal
# Running from : C:\Users\Len's\Downloads

\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : CltMngSvc

***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files

(x86)\SearchProtect
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\Users\Len's\AppData\Local\APN
Folder Deleted : C:\Users\Len's\AppData\Local

\Conduit
Folder Deleted : C:\Users\Len's\AppData\Local

\Lucky Savings
Folder Deleted : C:\Users\Len's\AppData\LocalLow

\Conduit
Folder Deleted : C:\Users\Len's\AppData\LocalLow

\Instagrille
Folder Deleted : C:\Users\Len's\AppData\Roaming

\OpenCandy
Folder Deleted : C:\Users\Len's\AppData\Roaming

\SearchProtect

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software

\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software

\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software

\Instagrille
Key Deleted : HKCU\Software\AppDataLow\Software

\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKLM\Software\BasicSeek
Key Deleted : HKLM\SOFTWARE\Classes

\Toolbar.CT3290520
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Instagrille
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows

\CurrentVersion\Ext\PreApproved\{664B892D-B55B-

497F-9594-29BA0C435583}
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes

\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes

\CLSID\{664B892D-B55B-497F-9594-29BA0C435583}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft

\Internet Explorer\Low Rights\ElevationPolicy

\{1A9A7CDB-5018-4AC0-8A17-8C2AED862D42}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft

\Internet Explorer\Low Rights\ElevationPolicy

\{45451135-5EBD-4669-AA6D-842E21505ADE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft

\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{341F4DAC-1966-47FF-AACF-0CE175F1498A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft

\Windows\CurrentVersion\Uninstall\SearchProtect
Value Deleted : HKCU\Software\Microsoft\Windows

\CurrentVersion\Run [searchprotect]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows

\CurrentVersion\Run [SearchProtectAll]
Value Deleted : HKLM\SOFTWARE\Wow6432Node

\Microsoft\Internet Explorer\Toolbar [{341F4DAC-

1966-47FF-AACF-0CE175F1498A}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Len's\AppData\Roaming\Mozilla

\Firefox\Profiles\0zpt8rrt.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Len's\AppData\Local\Google\Chrome

\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3154 octets] - [15/03/2013

15:10:05]
AdwCleaner[R2].txt - [3214 octets] - [15/03/2013

15:11:59]
AdwCleaner[S1].txt - [3223 octets] - [15/03/2013

15:12:07]

########## EOF - C:\AdwCleaner[S1].txt - [3283

octets] ##########



Junkware Removal Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows 7 Ultimate x64
Ran by Len's on Fri 03/15/2013 at 15:22:35.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value]

hkey_current_user\software\microsoft\windows

\currentversion\run\\dw7



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData

\speedypc software"
Successfully deleted: [Folder] "C:\Users\Len's

\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\Len's

\AppData\Roaming\speedypc software"
Successfully deleted: [Folder] "C:\Program Files

(x86)\speedypc software"
Successfully deleted: [Folder] "C:\Program Files

(x86)\Common Files\speedypc software"
Successfully deleted: [Folder] "C:\Users\Len's

\AppData\Roaming\microsoft\windows\start menu

\programs\speedypc software"



~~~ FireFox

Emptied folder: C:\Users\Len's\AppData\Roaming

\mozilla\firefox\profiles\0zpt8rrt.default

\minidumps [1 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Len's

\appdata\local\Google\Chrome\User Data\Default

\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~
Scan was completed on Fri 03/15/2013 at

15:28:24.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~


Rkill log:

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this

link:
 

http://www.bleepingcomputer.com/forums/topic308364

.html

Program started at: 03/15/2013 03:31:46 PM in x64

mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\Len's\Downloads\CoreTemp64\Core

Temp.exe (PID: 2228) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the

Windows Registry.
  * HKLM\Software\Classes\exefile\shell\open

\command\\IsolatedCommand was changed. It was

reset to "%1" %*!

  * HKLM\Software\Classes\exefile\shell\runas

\command\\IsolatedCommand was changed. It was

reset to "%1" %*!


Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * FontCache => %SystemRoot%\system32\svchost.exe

-k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 03/15/2013 03:31:53 PM
Execution time: 0 hours(s), 0 minute(s), and 7

seconds(s)


Autoruns log:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion

\Run"    ""    ""    ""
+ "MSC"    "Microsoft Security Client User Interface"    

"Microsoft Corporation"    "c:\program files

\microsoft security client\msseces.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows

\CurrentVersion\Run"    ""    ""    ""
+ "Adobe ARM"    "Adobe Reader and Acrobat Manager"    

"Adobe Systems Incorporated"    "c:\program files

(x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon"    "Apple Push"    "Apple Inc."    

"c:\program files (x86)\common files\apple\apple

application support\apsdaemon.exe"
+ "ConnectionCenter"    "Citrix online plug-in

Connection Center"    "Citrix Systems, Inc."    

"c:\program files (x86)\citrix\ica client

\concentr.exe"
+ "HDAudDeck"    "VIA HD Audio CPL"    "VIA"    

"c:\program files (x86)\via\viaudioi\vdeck

\vdeck.exe"
+ "QuickTime Task"    "QuickTime Task"    

"Apple Inc."    "c:\program files (x86)\quicktime

\qttask.exe"
+ "Razer Synapse"    "Razer Synapse"    "Razer USA

Ltd"    "c:\program files (x86)\razer\synapse

\rzsynapse.exe"
+ "SunJavaUpdateSched"    "Java™ Update

Scheduler"    "Sun Microsystems, Inc."    

"c:\program files (x86)\common files\java\java

update\jusched.exe"
"C:\Users\Len's\AppData\Roaming\Microsoft\Windows

\Start Menu\Programs\Startup"    ""    ""    ""
+ "Caller ID.lnk"    ""    ""    "c:

\program files (x86)\caller id\caller id.exe"
+ "SABnzbd.lnk"    "SABnzbd 0.7.11"    ""    

"c:\program files (x86)\sabnzbd\sabnzbd.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed

Components"    ""    ""    ""
+ "Microsoft Windows"    "Windows Mail"    "Microsoft

Corporation"    "c:\program files\windows mail

\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup

\Installed Components"    ""    ""    ""
+ "Google Chrome"    "Google Chrome"    "Google

Inc."    "c:\program files (x86)\google\chrome

\application\25.0.1364.172\installer\chrmstp.exe"
+ "Microsoft Windows"    "Windows Mail"    "Microsoft

Corporation"    "c:\program files (x86)\windows

mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion

\Run"    ""    ""    ""
+ "DAEMON Tools Pro Agent"    "DAEMON Tools Pro

Agent"    "DT Soft Ltd"    "c:\program files

(x86)\daemon tools pro\dtagent.exe"
+

"GoogleChromeAutoLaunch_A79981AF9E4BAEFD6FF84875AF

C4A286"    "Google Chrome"    "Google Inc."    "c:

\program files (x86)\google\chrome\application

\chrome.exe"
+ "Sidebar"    "Windows Desktop Gadgets"    

"Microsoft Corporation"    "c:\program files\windows

sidebar\sidebar.exe"
+ "SUPERAntiSpyware"    "SUPERAntiSpyware

Application"    "SUPERAntiSpyware.com"    "c:

\program files\superantispyware

\superantispyware.exe"
"HKLM\Software\Classes\*\ShellEx

\ContextMenuHandlers"    ""    ""    ""
+ "DaemonShellExtImage"    "DAEMON Tools Pro"    

"DT Soft Ltd"    "c:\program files (x86)\daemon

tools pro\dtshl64.dll"
+ "EPP"    "Microsoft Security Client Shell

Extension"    "Microsoft Corporation"    "c:

\program files\microsoft security client

\shellext.dll"
+ "SASContextMenu Class"    "SUPERAntiSpyware

Context Menu Extension"    "SUPERAntiSpyware.com"    

"c:\program files\superantispyware\sasctxmn64.dll"
+ "WinRAR"    "WinRAR shell extension"    

"Alexander Roshal"    "c:\program files\winrar

\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx

\ContextMenuHandlers"    ""    ""    ""
+ "DaemonShellExtImage"    "DAEMON Tools Pro"    

"DT Soft Ltd"    "c:\program files (x86)\daemon

tools pro\dtshl32.dll"
+ "WinRAR32"    "WinRAR shell extension"    

"Alexander Roshal"    "c:\program files\winrar

\rarext32.dll"
"HKLM\Software\Classes\AllFileSystemObjects

\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    

"Malwarebytes Corporation"    "c:\program files

(x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx

\ContextMenuHandlers"    ""    ""    ""
+ "EPP"    "Microsoft Security Client Shell

Extension"    "Microsoft Corporation"    "c:

\program files\microsoft security client

\shellext.dll"
+ "SASContextMenu Class"    "SUPERAntiSpyware

Context Menu Extension"    "SUPERAntiSpyware.com"    

"c:\program files\superantispyware\sasctxmn64.dll"
"HKLM\Software\Classes\Directory\Background

\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "Gadgets"    "Sidebar droptarget"    "Microsoft

Corporation"    "c:\program files\windows sidebar

\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Directory

\Background\ShellEx\ContextMenuHandlers"    ""    

""    ""
+ "Gadgets"    "Sidebar droptarget"    "Microsoft

Corporation"    "c:\program files (x86)\windows

sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex

\ColumnHandlers"    ""    ""    ""
+ "PDF Shell Extension"    "PDF Shell Extension"    

"Adobe Systems, Inc."    "c:\program files

(x86)\common files\adobe\acrobat\activex

\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx

\ContextMenuHandlers"    ""    ""    ""
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    

"Malwarebytes Corporation"    "c:\program files

(x86)\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR"    "WinRAR shell extension"    

"Alexander Roshal"    "c:\program files\winrar

\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx

\ContextMenuHandlers"    ""    ""    ""
+ "WinRAR32"    "WinRAR shell extension"    

"Alexander Roshal"    "c:\program files\winrar

\rarext32.dll"
"HKLM\Software\Classes\Folder\ShellEx

\DragDropHandlers"    ""    ""    ""
+ "WinRAR"    "WinRAR shell extension"    

"Alexander Roshal"    "c:\program files\winrar

\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx

\DragDropHandlers"    ""    ""    ""
+ "WinRAR32"    "WinRAR shell extension"    

"Alexander Roshal"    "c:\program files\winrar

\rarext32.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion

\Explorer\Browser Helper Objects"    ""    ""    

""
+ "Google Toolbar Helper"    "Google Toolbar"    

"Google Inc."    "c:\program files (x86)\google

\google toolbar\googletoolbar_64.dll"
+ "Google Toolbar Notifier BHO"    

"GoogleToolbarNotifier"    "Google Inc."    "c:

\program files\google\googletoolbarnotifier

\5.7.8313.1002\swg64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows

\CurrentVersion\Explorer\Browser Helper Objects"    

""    ""    ""
+ "Adobe PDF Link Helper"    "Adobe PDF Helper

for Internet Explorer"    "Adobe Systems

Incorporated"    "c:\program files (x86)\common

files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Google Toolbar Helper"    "Google Toolbar"    

"Google Inc."    "c:\program files (x86)\google

\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO"    

"GoogleToolbarNotifier"    "Google Inc."    "c:

\program files (x86)\google\googletoolbarnotifier

\5.7.8313.1002\swg.dll"
+ "Java™ Plug-In 2 SSV Helper"    "Java™

Platform SE binary"    "Oracle Corporation"    

"c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper"    "Java™ Platform

SE binary"    "Oracle Corporation"    "c:

\program files (x86)\java\jre7\bin\ssv.dll"
"HKLM\Software\Microsoft\Internet Explorer

\Toolbar"    ""    ""    ""
+ "Google Toolbar"    "Google Toolbar"    

"Google Inc."    "c:\program files (x86)\google

\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet

Explorer\Toolbar"    ""    ""    ""
+ "Google Toolbar"    "Google Toolbar"    

"Google Inc."    "c:\program files (x86)\google

\google toolbar\googletoolbar_32.dll"
"Task Scheduler"    ""    ""    ""
+ "\Adobe Flash Player Updater"    "Adobe® Flash®

Player Update Service 11.6 r602"    "Adobe

Systems Incorporated"    "c:\windows

\syswow64\macromed\flash

\flashplayerupdateservice.exe"
+ "\Apple\AppleSoftwareUpdate"    "Apple Software

Update"    "Apple Inc."    "c:\program files

(x86)\apple software update\softwareupdate.exe"
+ "\Core Temp Autostart Len's"    "CPU temperature

and system information utility"    ""    "c:\users

\len's\downloads\coretemp64\core temp.exe"
+ "\GoogleUpdateTaskMachineCore"    "Google

Installer"    "Google Inc."    "c:\program files

(x86)\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskMachineUA"    "Google Installer"    

"Google Inc."    "c:\program files (x86)\google

\update\googleupdate.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft

Antimalware Scheduled Scan"    "Microsoft Malware

Protection Command Line Utility"    "Microsoft

Corporation"    "c:\program files\microsoft

security client\mpcmdrun.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo"    

""    ""    "c:\windows

\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing

\UpdateLibrary"    "Windows Media Player Network

Sharing Service Configuration Application"    

"Microsoft Corporation"    "c:\program files\windows

media player\wmpnscfg.exe"
+ "\SpeedyPC Pro"    ""    ""    "File not

found: C:\Program Files (x86)\SpeedyPC Software

\SpeedyPC\SpeedyPC.exe"
+ "\SpeedyPC Pro Startup"    ""    ""    

"File not found: C:\Program Files (x86)\SpeedyPC

Software\SpeedyPC\SpeedyPC.exe"
+ "\SpeedyPC Registration3"    ""    ""    

"File not found: C:\Program Files (x86)\Common

Files\SpeedyPC Software\UUS3\UUS3.dll"
+ "\SpeedyPC Update Version3"    ""    ""    

"File not found: C:\Program Files (x86)\Common

Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe"
+ "\SpyHunter4Startup"    "SpyHunter4 application"    

"Enigma Software Group USA, LLC."    "c:

\program files (x86)\enigma software group

\spyhunter\spyhunter4.exe"
X "\Test TimeTrigger"    ""    ""    "File not

found: C:\Users\Len's\AppData\Local\Temp

\Runner.exe"
"HKLM\System\CurrentControlSet\Services"    ""    

""    ""
+ "!SASCORE"    "SUPERAntiSpyware Core Service"    

"SUPERAntiSpyware.com"    "c:\program files

\superantispyware\sascore64.exe"
+ "AdobeARMservice"    "Adobe Acrobat Updater

keeps your Adobe software up to date."    "Adobe

Systems Incorporated"    "c:\program files

(x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc"    "This service

keeps your Adobe Flash Player installation up to

date with the latest enhancements and security

fixes."    "Adobe Systems Incorporated"    "c:

\windows\syswow64\macromed\flash

\flashplayerupdateservice.exe"
+ "AMD External Events Utility"    "AMD External

Events Service Module"    "AMD"    "c:\windows

\system32\atiesrxx.exe"
+ "AppleChargerSrv"    "Apple mobile devices

charging service"    ""    "c:\windows

\system32\applechargersrv.exe"
+ "gupdate"    "Keeps your Google software up to

date. If this service is disabled or stopped, your

Google software will not be kept up to date,

meaning security vulnerabilities that may arise

cannot be fixed and features may not work. This

service uninstalls itself when there is no Google

software using it."    "Google Inc."    "c:

\program files (x86)\google\update

\googleupdate.exe"
+ "gupdatem"    "Keeps your Google software up to

date. If this service is disabled or stopped, your

Google software will not be kept up to date,

meaning security vulnerabilities that may arise

cannot be fixed and features may not work. This

service uninstalls itself when there is no Google

software using it."    "Google Inc."    "c:

\program files (x86)\google\update

\googleupdate.exe"
+ "gusvc"    "Google Updater keeps your Google

software up to date. If Google Updater Service is

disabled or stopped, your Google software will not

be kept up to date, meaning security

vulnerabilities that may arise cannot be fixed and

features may not work."    "Google"    "c:

\program files (x86)\google\common\google updater

\googleupdaterservice.exe"
+ "MozillaMaintenance"    "The Mozilla Maintenance

Service ensures that you have the latest and most

secure version of Mozilla Firefox on your

computer. Keeping Firefox up to date is very

important for your online security, and Mozilla

strongly recommends that you keep this service

enabled."    "Mozilla Foundation"    "c:

\program files (x86)\mozilla maintenance service

\maintenanceservice.exe"
+ "MsMpSvc"    "Helps protect users from malware

and other potentially unwanted software"    

"Microsoft Corporation"    "c:\program files

\microsoft security client\msmpeng.exe"
+ "NisSrv"    "Helps guard against intrusion

attempts targeting known and newly discovered

vulnerabilities in network protocols"    "Microsoft

Corporation"    "c:\program files\microsoft

security client\nissrv.exe"
+ "ose"    "Saves installation files used for updates

and repairs and is required for the downloading of

Setup updates and Watson error reports."    

"Microsoft Corporation"    "c:\program files

(x86)\common files\microsoft shared\source engine

\ose.exe"
+ "SpyHunter 4 Service"    "SpyHunter 4 Helper

Service"    "Enigma Software Group USA, LLC."    

"c:\program files (x86)\enigma software group

\spyhunter\sh4service.exe"
+ "VIAKaraokeService"    "Service binary"    

"VIA Technologies, Inc."    "c:\windows

\system32\viakaraokesrv.exe"
+ "WinDefend"    "Protection against spyware and

potentially unwanted software"    "Microsoft

Corporation"    "c:\program files\windows

defender\mpsvc.dll"
+ "WMPNetworkSvc"    "Shares Windows Media

Player libraries to other networked players and

media devices using Universal Plug and Play"    

"Microsoft Corporation"    "c:\program files\windows

media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services"    ""    

""    ""
+ "adp94xx"    "Adaptec Windows SAS/SATA Storport

Driver"    "Adaptec, Inc."    "c:\windows

\system32\drivers\adp94xx.sys"
+ "adpahci"    "Adaptec Windows SATA Storport

Driver"    "Adaptec, Inc."    "c:\windows

\system32\drivers\adpahci.sys"
+ "adpu320"    "Adaptec StorPort Ultra320 SCSI

Driver (X64)"    "Adaptec, Inc."    "c:\windows

\system32\drivers\adpu320.sys"
+ "aliide"    "ALi mini IDE Driver"    "Acer

Laboratories Inc."    "c:\windows

\system32\drivers\aliide.sys"
+ "ALSysIO"    ""    ""    "File not found:

C:\Users\Len's\AppData\Local\Temp\ALSysIO64.sys"
+ "amdkmdag"    "ATI Radeon Kernel Mode Driver"    

"ATI Technologies Inc."    "c:\windows

\system32\drivers\atikmdag.sys"
+ "amdkmdap"    "AMD multi-vendor Miniport Driver"    

"Advanced Micro Devices, Inc."    "c:\windows

\system32\drivers\atikmpag.sys"
+ "amdsata"    "AHCI 1.2 Device Driver"    

"Advanced Micro Devices"    "c:\windows

\system32\drivers\amdsata.sys"
+ "amdsbs"    "AMD Technology AHCI Compatible

Controller Driver for Windows - AMD64 platform"    

"AMD Technologies Inc."    "c:\windows

\system32\drivers\amdsbs.sys"
+ "amdxata"    "Storage Filter Driver"    "Advanced

Micro Devices"    "c:\windows\system32\drivers

\amdxata.sys"
+ "AppleCharger"    "Apple mobile devices

charging program"    ""    "c:\windows

\system32\drivers\applecharger.sys"
+ "arc"    "Adaptec RAID Storport Driver"    "Adaptec,

Inc."    "c:\windows\system32\drivers\arc.sys"
+ "arcsas"    "Adaptec SAS RAID WS03 Driver"    

"Adaptec, Inc."    "c:\windows\system32\drivers

\arcsas.sys"
+ "b06bdrv"    "Broadcom NetXtreme II GigE VBD"    

"Broadcom Corporation"    "c:\windows

\system32\drivers\bxvbda.sys"
+ "b57nd60a"    "Broadcom NetXtreme Gigabit

Ethernet NDIS6.x Unified Driver."    "Broadcom

Corporation"    "c:\windows\system32\drivers

\b57nd60a.sys"
+ "BrFiltLo"    "Windows ME USB Mass-Storage

Bulk-Only Lower Filter Driver"    "Brother

Industries, Ltd."    "c:\windows

\system32\drivers\brfiltlo.sys"
+ "BrFiltUp"    "Windows ME USB Mass-Storage

Bulk-Only Upper Filter Driver"    "Brother

Industries, Ltd."    "c:\windows

\system32\drivers\brfiltup.sys"
+ "Brserid"    "Brotehr Serial I/F Driver (WDM)"    

"Brother Industries Ltd."    "c:\windows

\system32\drivers\brserid.sys"
+ "BrSerWdm"    "Brother Serial driver (WDM

version)"    "Brother Industries Ltd."    

"c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm"    "Brother USB MDM Driver "    

"Brother Industries Ltd."    "c:\windows

\system32\drivers\brusbmdm.sys"
+ "BrUsbSer"    "Brother USB Serial Driver"    

"Brother Industries Ltd."    "c:\windows

\system32\drivers\brusbser.sys"
+ "catchme"    ""    ""    "File not found:

C:\ComboFix\catchme.sys"
+ "cmdide"    "CMD PCI IDE Bus Driver"    

"CMD Technology, Inc."    "c:\windows

\system32\drivers\cmdide.sys"
+ "ctxusbm"    "Citrix USB Filter Driver"    

"Citrix Systems, Inc."    "c:\windows

\system32\drivers\ctxusbm.sys"
+ "dtsoftbus01"    "DAEMON Tools Virtual Bus Driver"    

"DT Soft Ltd"    "c:\windows\system32\drivers

\dtsoftbus01.sys"
+ "ebdrv"    "Broadcom NetXtreme II 10 GigE

VBD"    "Broadcom Corporation"    "c:\windows

\system32\drivers\evbda.sys"
+ "elxstor"    "Storport Miniport Driver for

LightPulse HBAs"    "Emulex"    "c:

\windows\system32\drivers\elxstor.sys"
+ "esgiguard"    ""    ""    "c:\program files

(x86)\enigma software group\spyhunter

\esgiguard.sys"
+ "EtronHub3"    "Etron eXtensible Hub Driver."    

"Etron Technology Inc"    "c:\windows

\system32\drivers\etronhub3.sys"
+ "EtronXHCI"    "Etron eXtensible Host Controller

Driver."    "Etron Technology Inc"    "c:

\windows\system32\drivers\etronxhci.sys"
+ "f5ipfw"    "StoneWall Filter Driver"    

"F5 Networks, Inc."    "c:\windows

\system32\drivers\urfltv64.sys"
+ "gdrv"    ""    ""    "File not found:

C:\Windows\gdrv.sys"
+ "hcw85cir"    "Hauppauge WinTV 885 Consumer IR

Driver for eHome"    "Hauppauge Computer Works,

Inc."    "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD"    "Smart Array SAS/SATA Controller

Media Driver"    "Hewlett-Packard Company"    

"c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV"    "Intel Matrix Storage Manager

driver - x64"    "Intel Corporation"    "c:

\windows\system32\drivers\iastorv.sys"
+ "iirsp"    "Intel/ICP Raid Storport Driver"    

"Intel Corp./ICP vortex GmbH"    "c:\windows

\system32\drivers\iirsp.sys"
+ "LSI_FC"    "LSI Fusion-MPT FC Driver

(StorPort)"    "LSI Corporation"    "c:

\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS"    "LSI Fusion-MPT SAS Driver

(StorPort)"    "LSI Corporation"    "c:

\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2"    "LSI SAS Gen2 Driver (StorPort)"    

"LSI Corporation"    "c:\windows

\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI"    "LSI Fusion-MPT SCSI Driver

(StorPort)"    "LSI Corporation"    "c:

\windows\system32\drivers\lsi_scsi.sys"
+ "megasas"    "MEGASAS RAID Controller Driver

for Windows 7\Server 2008 R2 for x64"    "LSI

Corporation"    "c:\windows\system32\drivers

\megasas.sys"
+ "MegaSR"    "LSI MegaRAID Software RAID

Driver"    "LSI Corporation, Inc."    "c:\windows

\system32\drivers\megasr.sys"
+ "nfrd960"    "IBM ServeRAID Controller Driver"    

"IBM Corporation"    "c:\windows

\system32\drivers\nfrd960.sys"
+ "nvraid"    "NVIDIA® nForce™ RAID Driver"    

"NVIDIA Corporation"    "c:\windows

\system32\drivers\nvraid.sys"
+ "nvstor"    "NVIDIA® nForce™ Sata

Performance Driver"    "NVIDIA Corporation"    

"c:\windows\system32\drivers\nvstor.sys"
+ "ql2300"    "QLogic Fibre Channel Stor

Miniport Driver"    "QLogic Corporation"    

"c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx"    "QLogic iSCSI Storport Miniport

Driver"    "QLogic Corporation"    "c:\windows

\system32\drivers\ql40xx.sys"
+ "RTL8167"    "Realtek 8136/8168/8169 NDIS 6.20

64-bit Driver                "    "Realtek           

                                 "    "c:

\windows\system32\drivers\rt64win7.sys"
+ "rzudd"    "Razer Rzudd Engine"    "Razer USA

Ltd"    "c:\windows\system32\drivers\rzudd.sys"
+ "SASDIFSV"    "SASDIFSV64.SYS"    

"SUPERAdBlocker.com and SUPERAntiSpyware.com"    

"c:\program files\superantispyware\sasdifsv64.sys"
+ "SASKUTIL"    "SASKUTIL64.SYS"    

"SUPERAdBlocker.com and SUPERAntiSpyware.com"    

"c:\program files\superantispyware\saskutil64.sys"
+ "secdrv"    "Macrovision SECURITY Driver"    

"Macrovision Corporation, Macrovision Europe

Limited, and Macrovision Japan and Asia K.K."    

"c:\windows\system32\drivers\secdrv.sys"
+ "Serial"    "Brotehr Serial I/F Driver (WDM)"    

"Brother Industries Ltd."    "c:\windows

\system32\drivers\serial.sys"
+ "SiSRaid2"    "SiS RAID Stor Miniport Driver"    

"Silicon Integrated Systems Corp."    "c:

\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4"    "SiS AHCI Stor-Miniport Driver"    

"Silicon Integrated Systems"    "c:\windows

\system32\drivers\sisraid4.sys"
+ "stexstor"    "Promise  SuperTrak EX Series

Driver for Windows "    "Promise Technology"    

"c:\windows\system32\drivers\stexstor.sys"
+ "urvpndrv"    "NetworkAccess NDIS WAN/TAPI

Miniport for Windows."    "F5 Networks, Inc."    

"c:\windows\system32\drivers\covpnv64.sys"
+ "VGPU"    ""    ""    "File not found:

System32\drivers\rdvgkmd.sys"
+ "VIAHdAudAddService"    "VIA High Definition Audio

Function Driver"    "VIA Technologies, Inc."    

"c:\windows\system32\drivers\viahduaa.sys"
+ "viaide"    "VIA Generic PCI IDE Bus Driver"    

"VIA Technologies, Inc."    "c:\windows

\system32\drivers\viaide.sys"
+ "vsmraid"    "VIA RAID DRIVER FOR AMD-X86-64"    

"VIA Technologies Inc.,Ltd"    "c:\windows

\system32\drivers\vsmraid.sys"
+ "WDC_SAM"    "Manages WD external storage

products."    "Western Digital Technologies"    

"c:\windows\system32\drivers\wdcsam64.sys"
"HKLM\Software\Microsoft\Windows NT

\CurrentVersion\Drivers32"    ""    ""    ""
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for

MSACM"    "Fraunhofer Institut Integrierte

Schaltungen IIS"    "c:\windows

\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT

\CurrentVersion\Drivers32"    ""    ""    ""
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for

MSACM"    "Fraunhofer Institut Integrierte

Schaltungen IIS"    "c:\windows

\syswow64\l3codeca.acm"
+ "vidc.cvid"    "Cinepak® Codec"    "Radius

Inc."    "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID

\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    

""    ""    ""
+ "AC3Filter"    "ac3filter"    ""    "c:

\program files (x86)\freetime\formatfactory

\ffmodules\filters\ac3filter.ax"
+ "AVS Video Out"    "AVSVideoOutFilter

DirectShow Filter"    "Online Media Technologies

Ltd"    "c:\program files (x86)\common files

\avsmedia\activex\avsvideooutfilter3.ax"
+ "DirectVobSub"    "VobSub & TextSub filter

for DirectShow/VirtualDub/Avisynth"    "Gabest"    

"c:\program files (x86)\freetime\formatfactory

\ffmodules\avisynthplugins\vsfilter.dll"
+ "DirectVobSub (auto-loading version)"    "VobSub &

TextSub filter for DirectShow/VirtualDub/Avisynth"    

"Gabest"    "c:\program files (x86)\freetime

\formatfactory\ffmodules\avisynthplugins

\vsfilter.dll"
+ "ffdshow Audio Decoder"    "DirectShow and

VFW video and audio decoding/encoding/processing

filter"    ""    "c:\program files (x86)\freetime

\formatfactory\ffmodules\filters\ffdshow

\ffdshow.ax"
+ "ffdshow Audio Processor"    "DirectShow and

VFW video and audio decoding/encoding/processing

filter"    ""    "c:\program files (x86)\freetime

\formatfactory\ffmodules\filters\ffdshow

\ffdshow.ax"
+ "ffdshow DXVA Video Decoder"    "DirectShow and

VFW video and audio decoding/encoding/processing

filter"    ""    "c:\program files (x86)\freetime

\formatfactory\ffmodules\filters\ffdshow

\ffdshow.ax"
+ "ffdshow raw video filter"    "DirectShow and

VFW video and audio decoding/encoding/processing

filter"    ""    "c:\program files (x86)\freetime

\formatfactory\ffmodules\filters\ffdshow

\ffdshow.ax"
+ "ffdshow subtitles filter"    "DirectShow and

VFW video and audio decoding/encoding/processing

filter"    ""    "c:\program files (x86)\freetime

\formatfactory\ffmodules\filters\ffdshow

\ffdshow.ax"
+ "ffdshow Video Decoder"    "DirectShow and

VFW video and audio decoding/encoding/processing

filter"    ""    "c:\program files (x86)\freetime

\formatfactory\ffmodules\filters\ffdshow

\ffdshow.ax"
+ "Haali Matroska Muxer"    "Haali Media

Splitter"    ""    "c:\program files

(x86)\freetime\formatfactory\ffmodules\filters

\haali\splitter.ax"
+ "Haali Media Splitter"    "Haali Media

Splitter"    ""    "c:\program files

(x86)\freetime\formatfactory\ffmodules\filters

\haali\splitter.ax"
+ "Haali Media Splitter (AR)"    "Haali Media

Splitter"    ""    "c:\program files

(x86)\freetime\formatfactory\ffmodules\filters

\haali\splitter.ax"
+ "Haali Simple Media Splitter"    "Haali Media

Splitter"    ""    "c:\program files

(x86)\freetime\formatfactory\ffmodules\filters

\haali\splitter.ax"
+ "Haali Video Renderer"    ""    ""    

"c:\program files (x86)\freetime\formatfactory

\ffmodules\filters\haali\dxr.dll"
+ "Haali Video Sink"    "Haali Media Splitter"    ""    

"c:\program files (x86)\freetime\formatfactory

\ffmodules\filters\haali\splitter.ax"
+ "MPC - Avi Source"    "Avi Splitter"    "Gabest"    

"c:\program files (x86)\freetime\formatfactory

\ffmodules\filters\avisplitter.ax"
+ "MPC - Avi Splitter"    "Avi Splitter"    "Gabest"    

"c:\program files (x86)\freetime\formatfactory

\ffmodules\filters\avisplitter.ax"
+ "MPC - FLV Source (Gabest)"    "FLV Splitter"    

"MPC-HC Team"    "c:\program files (x86)\freetime

\formatfactory\ffmodules\filters\flvsplitter.ax"
+ "MPC - FLV Splitter (Gabest)"    "FLV Splitter"    

"MPC-HC Team"    "c:\program files (x86)\freetime

\formatfactory\ffmodules\filters\flvsplitter.ax"
+ "MPC - Matroska Source"    "Matroska

Splitter"    "MPC-HC Team"    "c:\program files

(x86)\freetime\formatfactory\ffmodules\filters

\matroskasplitter.ax"
+ "MPC - Matroska Splitter"    "Matroska

Splitter"    "MPC-HC Team"    "c:\program files

(x86)\freetime\formatfactory\ffmodules\filters

\matroskasplitter.ax"
+ "MPC - MP4 Source"    "MP4 Splitter"    "MPC-HC

Team"    "c:\program files (x86)\freetime

\formatfactory\ffmodules\filters\mp4splitter.ax"
+ "MPC - MP4 Splitter"    "MP4 Splitter"    "MPC-HC

Team"    "c:\program files (x86)\freetime

\formatfactory\ffmodules\filters\mp4splitter.ax"
+ "MPC - Mpeg Source (Gabest)"    "Mpeg Splitter"    

"MPC-HC Team"    "c:\program files (x86)\freetime

\formatfactory\ffmodules\filters\mpegsplitter.ax"
+ "MPC - Mpeg Splitter (Gabest)"    "Mpeg

Splitter"    "MPC-HC Team"    "c:\program files

(x86)\freetime\formatfactory\ffmodules\filters

\mpegsplitter.ax"
+ "MPC - MPEG4 Video Source"    "MP4 Splitter"    

"MPC-HC Team"    "c:\program files (x86)\freetime

\formatfactory\ffmodules\filters\mp4splitter.ax"
+ "MPC - MPEG4 Video Splitter"    "MP4 Splitter"    

"MPC-HC Team"    "c:\program files (x86)\freetime

\formatfactory\ffmodules\filters\mp4splitter.ax"
+ "MPC - Video decoder"    "H.264/VC-1 DXVA video

decoder"    "MPC HomeCinema"    "c:

\program files (x86)\freetime\formatfactory

\ffmodules\filters\mpcvideodec.ax"
+ "RealAudio Decoder"    "RealMedia Splitter"    

"Gabest"    "c:\program files (x86)\freetime

\formatfactory\ffmodules\filters

\realmediasplitter.ax"
+ "RealMedia Source"    "RealMedia Splitter"    

"Gabest"    "c:\program files (x86)\freetime

\formatfactory\ffmodules\filters

\realmediasplitter.ax"
+ "RealMedia Splitter"    "RealMedia Splitter"    

"Gabest"    "c:\program files (x86)\freetime

\formatfactory\ffmodules\filters

\realmediasplitter.ax"
+ "RealVideo Decoder"    "RealMedia Splitter"    

"Gabest"    "c:\program files (x86)\freetime

\formatfactory\ffmodules\filters

\realmediasplitter.ax"
"C:\Users\Len's\AppData\Local\Microsoft\Windows

Sidebar\Settings.ini"    ""    ""    ""
+ ""    ""    ""    "C:\Users\Len's\AppData

\Local\Temp\Shutdown-Reboot.gadget.~0001"
+ ""    ""    ""    "C:\Users\Len's\AppData

\Local\Temp\Shutdown-Reboot.gadget.~0001"
+ ""    ""    ""    "C:\Users\Len's\AppData

\Local\Temp\Shutdown-Reboot.gadget.~0001"
+ "Absolute Technoise"    "Absolute-Technoise Radio

Gadget. View details about and listen live to

Absolute Technoise Radio."    "Glitch"    

"C:\Users\Len's\AppData\Local\Microsoft\Windows

Sidebar\Gadgets\absolute-technoise.gadget

\Gadget.xml"
+ "Alarm"    "Alarm"    "Vishwak"    "C:\Users

\Len's\AppData\Local\Microsoft\Windows Sidebar

\Gadgets\Reminder.gadget\Gadget.xml"
+ "Core Temp"    "Core Temp Windows Sidebar Gadget.

Requires the last version of "Core Temp" to work.

Monitor the status of your processor and memory.

This gadget displays processor information such as

processor brand and model, temperature, load per

core, frequency and VID. It also displays the main

memory utilization in megabytes and it percent.

All of the readings are also show on a graph."    

"Arthur Liberman"    "C:\Users\Len's\AppData

\Local\Microsoft\Windows Sidebar\Gadgets

\CoreTempGadget2.7.gadget\Gadget.xml"
+ "DAEMON Tools"    "Use main DAEMON Tools Pro

features faster and easier."    "DAEMON Tools

Gadget"    "C:\Users\Len's\AppData\Local\Microsoft

\Windows Sidebar\Gadgets\DT.gadget\Gadget.xml"
+ "Runescape Priceguide"    "Find prices for

Runescape Items."    "Mike G"    "C:\Users

\Len's\AppData\Local\Microsoft\Windows Sidebar

\Gadgets\rsgadget.gadget\Gadget.xml"
+ "Shutdown"    "Shortcut to Shutdown, Standby,

Restart."    "Sn1FFeR"    "C:\Users\Len's

\AppData\Local\Microsoft\Windows Sidebar\Gadgets

\Shutdown.gadget\Gadget.xml"
+ "Traffic Info"    "To see road traffic

flows, real-time traffic conditions in your area,

avoid the congested road sections, smooth all the

way.
Includes: U.S. almost big cities; U.K.

(England and Scotland); Canada; China 10 major

cities; Finland; Italy; Russia; Singapore;

Thailand; Ukraine and so on.
Select correct line to

save time and save money. Save resources to save

the earth!"    "Photo-Bon.com"    "C:\Users\Len's

\AppData\Local\Microsoft\Windows Sidebar\Gadgets

\Traffic_Info.gadget\Gadget.xml"
+ "Weather"    "See what the weather looks like

around the world."    "Microsoft Corporation"    

"C:\Program Files\Windows Sidebar\Gadgets

\Weather.Gadget\en-US\Gadget.xml"

 



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:35 AM

Posted 15 March 2013 - 02:44 PM

Restart the PC,check your browser and let me know if you still have issues.



#7 sternrulez

sternrulez
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 15 March 2013 - 03:07 PM

Unfortuntely yes...nothing has changed in Chrome for me...it's still coming up with "http://proxy.allsearchapp.com/app/start/" as my homepage, and disappears as before when I hit the home button. The same goes for IE...my homepage settings reset to google no matter what I try to replace it with.  Do you think it would help if I just uninstall Chrome?  I know that won't help the IE situation, but all the tests you had me run seemed a LOT more comprehensive than anything I would've come up with so I'd have to wonder if there's anything left to try short of completely starting over again with a reformat?  The good news is that I made a disc image of Windows a while back I can revert to since I'm running it on it's own SSD, which I'm sure from all the info you already know that...lol!  Anyway, let me know what you would think would be best for me to do next.  Thanks! :)



#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:35 AM

Posted 15 March 2013 - 04:09 PM


Export bookmarks from google chrome using this guide

http://support.google.com/chrome/bin/answer.py?hl=en&answer=96816

Uninstall google chrome,make sure to checkmark Also delete browsing data option
 

IMPORTANT:Do not forget to checkmark Also delete browsing data option


 
Reinstall chrome and let me know if that works



#9 sternrulez

sternrulez
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 15 March 2013 - 06:37 PM

Well, I reinstalled Chrome and that didn't help either.  However, since I just built the PC I was able to go back to a couple of days ago via a system restore point and that actually DID work!  The good news is I reported the malware site to Google and its already been removed from their site. :)  Please don't think that I don't appreciate all the work you've put into helping me with this because I most certainly do!  This was a very unique situation as I'm sure you'd agree, and at the very least you've armed me with an entire new arsenal of tools that I can now use to help others.  Thank you SO much for that, too! :)



#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:35 AM

Posted 15 March 2013 - 06:39 PM

Good work

 

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)
 



#11 sternrulez

sternrulez
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 16 March 2013 - 11:25 AM

All great info...tyvm again! :)



#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:35 AM

Posted 16 March 2013 - 11:28 AM

:bananas:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users