Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tidy Network


  • Please log in to reply
15 replies to this topic

#1 djlen

djlen

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 23 March 2013 - 12:16 PM

I have recently become infected with Tidy Network malware.  None of the usual apps. that I run have even spotted it
when I ran them, much less gotten rid of them.   
I really need some help as this malware has hi-jacked my Google Chrome.   I'm also getting pop-up ads constantly.
Any help will be appreciated.
 
Regards, 
Len

Edited by Orange Blossom, 23 March 2013 - 12:19 PM.
Moved to AII from Windows 7 ~ OB


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:12 PM

Posted 23 March 2013 - 12:19 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg
  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png
  • Click Start Scan and allow the scan process to run
  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg
  • Click Reboot computer
  • Please post the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply
  • Due to forum upgrade you may face issues posting the TDSSkiller log.Just last few lines of log is sufficient

===================================================

RKILL

  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another.) and save it to your desktop:
  • Link 2
  • Link 3
  • Link 4
  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

===================================================

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    esetsmartinstaller_enu.png

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button

===================================================

Junkware Removal Tool by thisisu

  • Please download Junkware Removal Tool
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply.

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • RKILL log
  • ESET log
  • Junkware removal tool log

Edited by narenxp, 23 March 2013 - 02:58 PM.


#3 djlen

djlen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 23 March 2013 - 02:27 PM

It finished in 40 seconds. 2507 objects scanned with no threats found.   I didn't know how to proceed as I didn't see that as an option in your 

instructions.   

Now what?



#4 djlen

djlen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 23 March 2013 - 02:30 PM

Perhaps I should just move on to step two: RKill?



#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:12 PM

Posted 23 March 2013 - 02:35 PM

Instructions are given already.In the end i need all the four logs.You can post here if you have any issues running scans.



#6 djlen

djlen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 23 March 2013 - 02:55 PM

Ok, not to be difficult but I have never been through this procedure before and cannot copy and paste the TDSSKiller report simply because it will not 

copy.   I right click it and nothing happens.  

I just tried all four links you provided for RKill and the first two were blind links and the second two re-routed me right back to this page.  

So yes I'm having issues running scans and I'm also having issues copying and pasting the information you've asked for.  Please be a little patient

as I m new to all this stuff.

Now how do I proceed with what you've asked?



#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:12 PM

Posted 23 March 2013 - 03:00 PM

Copy the contents of logs and post it here

 

http://www.pastebin.com/

 

Post the generate link from the website here

 

Rkill links works for me.You can download from here

 

http://www.bleepingcomputer.com/download/rkill/



#8 djlen

djlen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 23 March 2013 - 03:12 PM

Here is the logfile for Rkill.    As with TDSSKiller, it found no issues.   I don't understand this because clearly I have this 

thing in my computer.  I would be happy to send you the report of the TDSSkiller scan but I can't "copy" it to paste anywhere.

 

 

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 03/23/2013 04:06:50 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Users\Len\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (PID: 1148) [UP-HEUR]
 * C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (PID: 2140) [AU-HEUR]
 * C:\Windows\SysWOW64\nlssrv32.exe (PID: 2708) [WD-HEUR]
 * C:\Users\Len\AppData\Local\Temp\61DD55A9-9BD7-4843-9107-54BBFDDCBAED.exe (PID: 488) [T-HEUR]
 
4 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]
 
Backup Registry file created at:
 C:\Users\Len\Desktop\rkill\rkill-03-23-2013-04-06-55.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 03/23/2013 04:07:02 PM
Execution time: 0 hours(s), 0 minute(s), and 12 seconds(s)


#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:12 PM

Posted 23 March 2013 - 03:14 PM

If TDSSkiller clean ,no need to post the log.Will wait for other logs.



#10 djlen

djlen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 23 March 2013 - 07:01 PM

Final two scans: 

 

Eset List:

 

 

C:\Program Files (x86)\FrostWire 5\frostwire-installer.exe multiple threats
C:\Users\Len\AppData\Local\Temp\Shortcut_bundlesweetimsetup_3112013.exe probably a variant of Win32/SweetIM.C application
C:\Users\Len\Documents\My Documents\Downloads\asc-setup.exe a variant of Win32/ELEX application
C:\Users\Len\Documents\My Documents\Downloads\avc-free.exe Win32/OpenCandy application
C:\Users\Len\Documents\My Documents\Downloads\defragsetup.exe a variant of Win32/ELEX application
C:\Users\Len\Documents\My Documents\Downloads\disk-defrag-setup(1).exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Len\Documents\My Documents\Downloads\frostwire-5.3.2.windows(1).exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Len\Documents\My Documents\Downloads\imf-setup(2).exe a variant of Win32/Toolbar.Widgi application
C:\Users\Len\Documents\My Documents\Downloads\imf-setup.exe multiple threats
C:\Users\Len\Documents\My Documents\Downloads\installer_ripit4me_1_7_1_0_English.exe multiple threats
C:\Users\Len\Documents\My Documents\Downloads\registry-cleaner-setup.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Len\Documents\My Documents\Downloads\sd-setup.exe a variant of Win32/ELEX application
C:\Users\Len\Documents\My Documents\Downloads\sd2-setup220.exe a variant of Win32/Toolbar.Widgi application
C:\Users\Len\Documents\My Documents\Downloads\winamp5621_full_emusic-7plus_en-us.exe Win32/OpenCandy application
C:\Users\Len\Documents\My Documents\Downloads\winzip155.exe Win32/OpenCandy application
C:\Users\Len\Documents\Pro Apps. w-keys\Corel PaintShop Pro X5 SP1 v15.1.0.10 Multilingual Incl Keymaker + SP1 Update---PMS\Corel 
PaintShop Pro X5 SP1 v15.1.0.10 Multilingual Incl Keymaker + SP1 Update---PMS.tg a variant of Win32/Keygen.AU application
 

 

 

 

Here is the Junkware removal tool logfile:

Please advise on whether I should re-boot or exactly how to proceed.   

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Home Premium x64
Ran by Len on Sat 03/23/2013 at 18:34:17.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] defaulttabsearch 
Successfully deleted: [Service] defaulttabsearch 
Successfully stopped: [Service] defaulttabupdate 
Successfully deleted: [Service] defaulttabupdate 
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\searchprotect
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} 
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{eee6c35b-6118-11dc-9c72-001320c79847} 
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2948679748-409015298-3203424273-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2948679748-409015298-3203424273-1001\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchurl\\Default
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Failed to delete: [Registry Key] hkey_current_user\software\datamngr
Failed to delete: [Registry Key] hkey_local_machine\software\datamngr
Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\default tab
Successfully deleted: [Registry Key] hkey_local_machine\software\default tab
Successfully deleted: [Registry Key] hkey_current_user\software\defaulttab
Successfully deleted: [Registry Key] hkey_local_machine\software\defaulttab
Successfully deleted: [Registry Key] hkey_current_user\software\igearsettings
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\defaulttab
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\search settings
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\extension.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\extension.extensionhelperobject
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\extension.extensionhelperobject.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\sweetie.ietoolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\sweetie.ietoolbar.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\sweetim_urlsearchhook.toolbarurlsearchhook
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.sweetie
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.sweetie.1
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Failed to delete: [Registry Key] hkey_local_machine\software\wow6432node\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2998365
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{10000000-1000-1000-1000-100000000000}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{3bd44f0e-0596-4008-aee0-45d47e3a8f0e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{7f6afbf1-e065-4627-a2fd-810366367d01}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{7f6afbf1-e065-4627-a2fd-810366367d01}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{eee6c35c-6118-11dc-9c72-001320c79847}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{eee6c35c-6118-11dc-9c72-001320c79847}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{2fa28606-de77-4029-af96-b231e3b8f827} 
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{2fa28606-de77-4029-af96-b231e3b8f827} 
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} 
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} 
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip" 
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\freerip"
Successfully deleted: [Folder] "C:\ProgramData\search protection"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Len\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Users\Len\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Len\AppData\Roaming\opencandy"
Failed to delete: [Folder] "C:\Users\Len\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "C:\Users\Len\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Len\appdata\local\coupon companion plugin"
Successfully deleted: [Folder] "C:\Users\Len\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Len\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Len\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\defaulttab"
Successfully deleted: [Folder] "C:\Program Files (x86)\dvdvideosofttb"
Successfully deleted: [Folder] "C:\Program Files (x86)\freerip3"
Failed to delete: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml"
Successfully deleted: [File] C:\Users\Len\AppData\Roaming\mozilla\firefox\profiles\ff98cwiv.default-1351434906144\user.js
Successfully deleted: [File] "C:\Users\Len\AppData\Roaming\mozilla\firefox\profiles\ff98cwiv.default-1351434906144\extensions\[email protected]
Successfully deleted: [File] C:\Users\Len\AppData\Roaming\mozilla\firefox\profiles\ff98cwiv.default-1351434906144\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi
Successfully deleted: [File] C:\Users\Len\AppData\Roaming\mozilla\firefox\profiles\ff98cwiv.default-1351434906144\extensions\[email protected]
Successfully deleted: [File] C:\Users\Len\AppData\Roaming\mozilla\firefox\profiles\ff98cwiv.default-1351434906144\searchplugins\conduit.xml
Successfully deleted: [File] C:\Users\Len\AppData\Roaming\mozilla\firefox\profiles\ff98cwiv.default-1351434906144\searchplugins\delta.xml
Successfully deleted: [File] C:\Users\Len\AppData\Roaming\mozilla\firefox\profiles\ff98cwiv.default-1351434906144\searchplugins\search-here.xml
Successfully deleted: [File] C:\Users\Len\AppData\Roaming\mozilla\firefox\profiles\ff98cwiv.default-1351434906144\searchplugins\sweetim.xml
Successfully deleted: [Folder] C:\Users\Len\AppData\Roaming\mozilla\firefox\profiles\ff98cwiv.default-1351434906144\smartbar
Successfully deleted: [Folder] C:\Users\Len\AppData\Roaming\mozilla\firefox\profiles\ff98cwiv.default-1351434906144\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
Successfully deleted: [Folder] C:\Users\Len\AppData\Roaming\mozilla\firefox\profiles\ff98cwiv.default-1351434906144\extensions\staged
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Successfully deleted the following from C:\Users\Len\AppData\Roaming\mozilla\firefox\profiles\ff98cwiv.default-1351434906144\prefs.js
 
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.id", "8274a4f3000000000000002637bd3942");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.instlDay", "15741");
user_pref("extensions.delta.vrsn", "1.8.10.0");
user_pref("extensions.delta.vrsni", "1.8.10.0");
user_pref("extensions.delta.vrsnTs", "1.8.10.018:35:06");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.newTab", false);
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={8DCEAF73-9289-11E2-8A8D-74DE2B799674}");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
Emptied folder: C:\Users\Len\AppData\Roaming\mozilla\firefox\profiles\ff98cwiv.default-1351434906144\minidumps [102 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist
Successfully deleted: [Folder] C:\Users\Len\appdata\local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\kdidombaedgpfiiedeimiebkmbilgmlc
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/23/2013 at 19:36:23.18
End of JRT log


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:12 PM

Posted 23 March 2013 - 07:17 PM

You didnot remove the threats detected by ESET
 
 
Malwarebytes

Please download Malwarebytes Anti-Malware and save it to your desktop. If you already have it installed launch the program and update the database.

  • Make sure you are connected to the Internet and double-click on the it to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

===================================================

Farbar's MiniToolBox

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply

===================================================

Farbar's Service Scanner

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===================================================

AdwCleaner by Xplode - Search for Adware

  • Please download AdwCleaner by Xplode onto your desktop.
  • Security softwares may flag it as malicious.This is a false positive and can be ignored.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • Click YES if you receive a warning for reboot
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================

Malwarebytes Anti-Rootkit

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
  • Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • MBAR log


#12 djlen

djlen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 23 March 2013 - 07:32 PM

Have Malwarebytes Pro and had already started it up before you replied.   It has been updated and is running currently.  

In fact here is the Logfile:

I ran the "Quick Scan" at this time.   I usually run the full but you said to do the quick so that's what's below.

 

I will now get and run the Mini Tool Box.

 

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.03.23.11
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Len :: LEN1945 [administrator]
 
Protection: Enabled
 
3/23/2013 8:24:49 PM
mbam-log-2013-03-23 (20-24-49).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218435
Time elapsed: 4 minute(s), 30 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)

Edited by djlen, 23 March 2013 - 07:33 PM.


#13 djlen

djlen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 23 March 2013 - 07:38 PM

Mini Tool Box:

 

 

MiniToolBox by Farbar  Version:05-03-2013
Ran by Len (administrator) on 23-03-2013 at 20:35:31
Running from "C:\Users\Len\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Broadcom WLAN Adapter = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
PdaNet Broadband Adapter = Local Area Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set subinterface interface=?& subinterface=ethernet_9 mtu=1477
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Len1945
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.nj.comcast.net.
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 9C-B7-0D-8E-1E-1A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : PdaNet Broadband Adapter
   Physical Address. . . . . . . . . : 00-26-37-BD-39-42
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 74-DE-2B-79-96-74
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : hsd1.nj.comcast.net.
   Description . . . . . . . . . . . : Broadcom WLAN Adapter
   Physical Address. . . . . . . . . : 9C-B7-0D-8E-1E-1A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4ded:45c5:6a36:1f25%14(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, March 23, 2013 8:06:58 PM
   Lease Expires . . . . . . . . . . : Sunday, March 24, 2013 8:07:03 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 261928717
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-BB-A4-40-E8-40-F2-0D-29-14
   DNS Servers . . . . . . . . . . . : 75.75.75.75
                                       75.75.76.76
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : hsd1.nj.comcast.net.
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : E8-40-F2-0D-29-14
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::10b4:b338:6e1:8994%13(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.149(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, March 23, 2013 8:06:55 PM
   Lease Expires . . . . . . . . . . : Sunday, March 24, 2013 8:06:54 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 272130167
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-BB-A4-40-E8-40-F2-0D-29-14
   DNS Servers . . . . . . . . . . . : 75.75.75.75
                                       75.75.76.76
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{088E7453-CDCF-4763-B36A-C5097365FF07}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 9:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{79A3E968-6B3F-4641-8064-F51B8CF08891}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.hsd1.nj.comcast.net.:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  cdns01.comcast.net
Address:  75.75.75.75
 
Name:    google.com
Addresses:  2607:f8b0:4006:803::1009
 173.194.43.2
 173.194.43.8
 173.194.43.1
 173.194.43.5
 173.194.43.9
 173.194.43.14
 173.194.43.3
 173.194.43.4
 173.194.43.0
 173.194.43.6
 173.194.43.7
 
 
Pinging google.com [74.125.226.226] with 32 bytes of data:
Reply from 74.125.226.226: bytes=32 time=23ms TTL=54
Reply from 74.125.226.226: bytes=32 time=23ms TTL=54
 
Ping statistics for 74.125.226.226:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 23ms, Average = 23ms
Server:  cdns01.comcast.net
Address:  75.75.75.75
 
DNS request timed out.
    timeout was 2 seconds.
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=89ms TTL=49
Reply from 98.138.253.109: bytes=32 time=67ms TTL=49
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 67ms, Maximum = 89ms, Average = 78ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=29ms TTL=128
Reply from 127.0.0.1: bytes=32 time=12ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 12ms, Maximum = 29ms, Average = 20ms
===========================================================================
Interface List
 23...9c b7 0d 8e 1e 1a ......Microsoft Virtual WiFi Miniport Adapter
 21...00 26 37 bd 39 42 ......PdaNet Broadband Adapter
 18...74 de 2b 79 96 74 ......Bluetooth Device (Personal Area Network)
 14...9c b7 0d 8e 1e 1a ......Broadcom WLAN Adapter
 13...e8 40 f2 0d 29 14 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 12...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.149     20
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.100     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.149    276
      192.168.1.0    255.255.255.0         On-link     192.168.1.100    281
    192.168.1.100  255.255.255.255         On-link     192.168.1.100    281
    192.168.1.149  255.255.255.255         On-link     192.168.1.149    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.149    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.100    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.149    276
        224.0.0.0        240.0.0.0         On-link     192.168.1.100    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.149    276
  255.255.255.255  255.255.255.255         On-link     192.168.1.100    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 13    276 fe80::/64                On-link
 14    281 fe80::/64                On-link
 13    276 fe80::10b4:b338:6e1:8994/128
                                    On-link
 14    281 fe80::4ded:45c5:6a36:1f25/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    276 ff00::/8                 On-link
 14    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/23/2013 08:02:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (03/23/2013 08:02:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (03/23/2013 08:02:58 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/23/2013 08:02:58 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (03/23/2013 08:06:13 PM) (Source: DCOM) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}
 
 
Microsoft Office Sessions:
=========================
Error: (03/23/2013 08:02:59 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Len\Downloads\SoftonicDownloader_for_youtube-to-mp3-converter.exe
 
Error: (03/23/2013 08:02:59 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Len\Downloads\SoftonicDownloader_for_mp3gain.exe
 
Error: (03/23/2013 08:02:58 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Len\Downloads\esetsmartinstaller_enu (2).exe
 
Error: (03/23/2013 08:02:58 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Len\Downloads\esetsmartinstaller_enu (1).exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-11-13 11:11:04.576
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00167_009\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-11-13 10:50:37.158
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00167_009\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-11-13 10:39:08.358
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00167_009\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-11-13 10:16:26.145
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00167_009\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-11-13 10:11:10.056
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00167_009\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-11-13 10:03:54.814
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00167_009\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-11-12 21:03:44.345
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00167_009\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-11-12 12:05:31.766
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00167_009\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-11-12 11:55:26.460
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00167_009\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-11-12 11:45:21.935
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00167_009\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
Adobe AIR (Version: 3.7.0.1240)
Adobe Community Help (Version: 3.4.980)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Advanced SystemCare 6 (Version: 6.1)
AMD APP SDK Runtime (Version: 2.5.732.1)
AMD Catalyst Install Manager (Version: 3.0.842.0)
AMD Media Foundation Decoders (Version: 1.0.60914.1136)
AMD Steady Video Plug-In  (Version: 1.00.0000)
AMD VISION Engine Control Center (Version: 2011.0908.1355.23115)
Any Video Converter 3.5.8
Any Video Converter 5 5.0.4
AnyDVD (Version: 7.1.7.0)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Panorama Maker 6 (Version: 6.0.0.92)
Audacity 2.0.2 (Version: 2.0.2)
Auslogics Disk Defrag (Version: 3.6)
avast! Free Antivirus (Version: 8.0.1483.0)
BlazePhoto 1.0
BlazePhoto 2.0.1
Blio (Version: 2.2.8188)
Bluetooth by hp (Version: 6.3.0.8200)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0908.1355.23115)
Catalyst Control Center InstallProxy (Version: 2011.0908.1355.23115)
Catalyst Control Center Localization All (Version: 2011.0908.1355.23115)
CCC Help Chinese Standard (Version: 2011.0908.1354.23115)
CCC Help Chinese Traditional (Version: 2011.0908.1354.23115)
CCC Help Czech (Version: 2011.0908.1354.23115)
CCC Help Danish (Version: 2011.0908.1354.23115)
CCC Help Dutch (Version: 2011.0908.1354.23115)
CCC Help English (Version: 2011.0908.1354.23115)
CCC Help Finnish (Version: 2011.0908.1354.23115)
CCC Help French (Version: 2011.0908.1354.23115)
CCC Help German (Version: 2011.0908.1354.23115)
CCC Help Greek (Version: 2011.0908.1354.23115)
CCC Help Hungarian (Version: 2011.0908.1354.23115)
CCC Help Italian (Version: 2011.0908.1354.23115)
CCC Help Japanese (Version: 2011.0908.1354.23115)
CCC Help Korean (Version: 2011.0908.1354.23115)
CCC Help Norwegian (Version: 2011.0908.1354.23115)
CCC Help Polish (Version: 2011.0908.1354.23115)
CCC Help Portuguese (Version: 2011.0908.1354.23115)
CCC Help Russian (Version: 2011.0908.1354.23115)
CCC Help Spanish (Version: 2011.0908.1354.23115)
CCC Help Swedish (Version: 2011.0908.1354.23115)
CCC Help Thai (Version: 2011.0908.1354.23115)
CCC Help Turkish (Version: 2011.0908.1354.23115)
ccc-utility64 (Version: 2011.0908.1355.23115)
CCleaner (Version: 3.28)
CloneDVD2 (Version: 2.9.3.0)
Content Transfer (Version: 1.3.0.23190)
ConvertHelper 2.2
Corel KPT Collection (Version: 1.0.0.46)
Corel KPT Collection (Version: 1.00.0000)
Corel PaintShop Pro Brush Content (Version: 1.0.0.39)
Corel PaintShop Pro Brush Content (Version: 1.00.0000)
Corel PaintShop Pro Misc Content (Version: 1.0.0.42)
Corel PaintShop Pro Misc Content (Version: 1.0.0.43)
Corel PaintShop Pro Misc Content (Version: 1.0.0.44)
Corel PaintShop Pro Misc Content (Version: 1.0.0.45)
Corel PaintShop Pro Misc Content (Version: 1.00.0000)
Corel PaintShop Pro Picture Frame Content (Version: 1.0.0.41)
Corel PaintShop Pro Picture Frame Content (Version: 1.00.0000)
Corel PaintShop Pro Picture Tube Content (Version: 1.0.0.40)
Corel PaintShop Pro Picture Tube Content (Version: 1.00.0000)
Corel PaintShop Pro X5 (Version: 15.0.0.183)
Corel PaintShop Pro X5 (Version: 15.1.0.10)
Cradle of Rome 2 (Version: 2.2.0.98)
CyberLink PhotoDirector 3 (Version: 3.0.3618)
D3DX10 (Version: 15.4.2368.0902)
DefaultTab (Version: 2.1.7.0)
Defraggler (Version: 2.13)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904)
DownloadTerms (Version: 1.0)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EasyChange Powered by TrueSwitch
EasySolve
eReg (Version: 1.20.138.34)
ESET Online Scanner v3
Facebook (Version: 1.1.0004)
FFmpeg v0.6.2 for Audacity
FileHippo.com Update Checker
Final Drive Fury (Version: 2.2.0.95)
Free Audio CD to MP3 Converter version 1.3.12.1228 (Version: 1.3.12.1228)
Free Audio Converter version 5.0.21.1212 (Version: 5.0.21.1212)
Free MP4 Video Converter version 5.0.19.1015 (Version: 5.0.19.1015)
Free Video to DVD Converter version 5.0.21.1212 (Version: 5.0.21.1212)
Free YouTube Download version 3.1.37.918 (Version: 3.1.37.918)
Free YouTube to MP3 Converter version 3.12.0.128 (Version: 3.12.0.128)
FreeRIP 4.1 (Version: 4.1)
FrostWire 5.3.8 (Version: 5.3.8.0)
GIMP 2.6.10 (Version: 2.6.10)
Google Chrome (Version: 25.0.1364.172)
Google Earth (Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
High-Definition Video Playback (Version: 11.1.10400.2.65)
HiJackThis (Version: 1.0.0)
Hoyle Card Games (Version: 2.2.0.95)
HP Application Assistant (Version: 1.0.393.3870)
HP Auto (Version: 1.0.12935.3667)
HP Calendar (Version: 5.1.4245.23508)
HP Client Services (Version: 1.1.12938.3539)
HP Clock (Version: 5.1.4244.16367)
HP Customer Experience Enhancements (Version: 6.0.1.8)
HP Games (Version: 1.0.2.5)
HP LinkUp (Version: 2.01.029)
HP Magic Canvas (Version: 5.1.15.0)
HP Magic Canvas Tutorials (Version: 5.0.0.3)
HP MovieStore (Version: 2.1.091)
HP MovieStore (Version: 2.1.21091.0)
HP Notes (Version: 5.1.4274.30382)
HP Odometer (Version: 2.10.0000)
HP RSS (Version: 5.1.4301.21494)
HP Setup (Version: 9.0.15130.3904)
HP Setup Manager (Version: 1.2.15145.3905)
HP Support Assistant (Version: 6.1.12.1)
HP Support Information (Version: 11.00.0001)
HP TouchSmart RecipeBox (Version: 3.0.3830.27730)
HP Update (Version: 5.003.001.001)
HP Vision Hardware Diagnostics (Version: 2.12.1.0)
HP Weather (Version: 5.1.4295.16450)
ICA (Version: 15.0.0.183)
ieSpell (Version: 2.6.4 (build 573))
Internet Explorer Toolbar 4.7 by SweetPacks (Version: 4.7.0008)
IObit Apps Toolbar v6.9 (Version: 6.9)
IObit Malware Fighter (Version: 1.0)
IPM_PSP_COM (Version: 15.0.0.183)
iSEEK AnswerWorks English Runtime (Version: 010.000.0101)
iSkysoft DVD Creator(Build 1.5.1.6)
iTunes (Version: 11.0.2.26)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
Java Auto Updater (Version: 2.0.7.2)
Java™ 6 Update 39 (Version: 6.0.390)
Junk Mail filter update (Version: 16.4.3505.0912)
JustCloud  (Version: )
Kobo (Version: 2.0.3)
LabelPrint (Version: 2.5.4507)
Letters from Nowhere 2 (Version: 2.2.0.97)
Logitech SetPoint 6.51 (Version: 6.51.8)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Metric Converter (Version: 1.0.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mathematics (Version: 4.0)
Microsoft Money Plus (Version: 17)
Microsoft Money Shared Libraries (Version: 17.0.0.3817)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.5139.5005)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SkyDrive (Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
MotoCast (Version: 2.0.31)
Motorola Device Manager (Version: 2.3.4)
Motorola Device Software Update (Version: 12.10.3002)
MOTOROLA MEDIA LINK (Version: 1.9.0002.0)
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0)
Movie Maker (Version: 16.4.3505.0912)
Mozilla Firefox 19.0 (x86 en-US) (Version: 19.0)
Mozilla Maintenance Service (Version: 19.0)
Mp3tag v2.54 (Version: v2.54)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nero 11 (Version: 11.0.15800)
Nero 11 Cliparts (Version: 11.0.11200.12.0)
Nero 11 Disc Menus 1 (Version: 11.0.11200.12.0)
Nero 11 Disc Menus 2 (Version: 11.0.11200.12.0)
Nero 11 Disc Menus 3 (Version: 11.0.11200.12.0)
Nero 11 Disc Menus Basic (Version: 11.0.11200.12.0)
Nero 11 Effects Basic (Version: 11.0.11200.12.0)
Nero 11 Image Samples (Version: 11.0.11200.12.0)
Nero 11 Kwik Themes 1 (Version: 11.0.11200.12.0)
Nero 11 Kwik Themes 2 (Version: 11.0.11200.12.0)
Nero 11 Kwik Themes 3 (Version: 11.0.11200.12.0)
Nero 11 Kwik Themes 4 (Version: 11.0.11200.12.0)
Nero 11 Kwik Themes Basic (Version: 11.0.11200.12.0)
Nero 11 PiP Effects 1 (Version: 11.0.11200.12.0)
Nero 11 PiP Effects Basic (Version: 11.0.11300.12.0)
Nero 11 Video Samples (Version: 11.0.11200.12.0)
Nero 11 Video Transitions 1 (Version: 11.0.11200.12.0)
Nero Audio Pack 1 (Version: 11.0.11500.110.0)
Nero BackItUp 11 (Version: 6.0.16000.13.100)
Nero BackItUp 11 Help (CHM) (Version: 11.0.10200)
Nero Backup Drivers (Version: 1.0.10000.1.0)
Nero Burning ROM 11 (Version: 11.0.12200.23.100)
Nero Burning ROM 11 Help (CHM) (Version: 11.0.10300)
Nero ControlCenter 11 (Version: 11.0.12300.0.23)
Nero ControlCenter 11 Help (CHM) (Version: 11.0.10300)
Nero Core Components 11 (Version: 11.0.15000.1.12)
Nero CoverDesigner 11 (Version: 6.0.10800.11.100)
Nero CoverDesigner 11 Help (CHM) (Version: 11.0.10300)
Nero Express 11 (Version: 11.0.11700.23.100)
Nero Express 11 Help (CHM) (Version: 11.0.10300)
Nero Kwik Media (Version: 1.10.19300.93.100)
Nero Kwik Media Help (CHM) (Version: 11.0.10200)
Nero Recode 11 (Version: 5.0.13300.32.100)
Nero Recode 11 Help (CHM) (Version: 11.0.10300)
Nero RescueAgent 11 (Version: 4.0.10600.10.100)
Nero RescueAgent 11 Help (CHM) (Version: 11.0.10400)
Nero SoundTrax 11 (Version: 5.0.10400.4.100)
Nero SoundTrax 11 Help (CHM) (Version: 11.0.10400)
Nero Update (Version: 11.0.10623.22.0)
Nero Video 11 (Version: 8.0.14000.21.100)
Nero Video 11 Help (CHM) (Version: 11.0.10300)
Nero WaveEditor 11 (Version: 6.0.10800.5.100)
Nero WaveEditor 11 Help (CHM) (Version: 11.0.10400)
nero.prerequisites.msi (Version: 11.0.20008)
NewBlue Titler EX for Corel VSX5 (Version: 1.0)
Nikon Message Center 2 (Version: 2.0.1)
NWZ-E350 WALKMAN Guide (Version: 2.1.0.17210)
opensource (Version: 1.0.14960.3876)
OverDrive Media Console (Version: 3.2.20)
OVT Scanner X86 (Version: 1.00.0000)
OVTScanner_X64 (Version: 1.00.0000)
PdaNet for Android 3.50
PDF Complete Special Edition (Version: 4.0.65)
Perfect Uninstaller v6.3.3.9
Photo Gallery (Version: 16.4.3505.0912)
Picasa 3 (Version: 3.9)
Picture Control Utility (Version: 1.2.2)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Polar Golfer (Version: 2.2.0.98)
Power2Go (Version: 6.1.5706)
PressReader (Version: 5.11.0721.0)
PSPPContent (Version: 15.1.0.9)
PSPPHelp (Version: 15.0.0.183)
PSPPro64 (Version: 15.0.0.183)
Quicken 2013 (Version: 22.1.11.31)
QuickTime (Version: 7.73.80.64)
Realtek High Definition Audio Driver (Version: 6.0.1.6387)
Recovery Manager (Version: 5.5.0.4424)
Recuva (Version: 1.45)
Remote Graphics Receiver (Version: 5.4.5)
Search Protect by conduit (Version: 1.4.1.12)
Setup (Version: 15.0.0.183)
Skype Click to Call (Version: 6.6.11664)
Smart Defrag 2 (Version: 2.7)
SmartSound Common Data (Version: 1.1.0)
SmartSound Quicktracks 5 (Version: 5.1.6)
Sophos Virus Removal Tool (Version: 2.3)
Speccy (Version: 1.20)
Spybot - Search & Destroy (Version: 1.6.2)
Spybot - Search & Destroy (Version: 2.0.12)
SpywareBlaster 5.0 (Version: 5.0.0)
SUPERAntiSpyware (Version: 5.6.1012)
TimeCalendar 1.6.7 (Version: 1.6.7)
Total Recorder 8.4 Standard Edition
TotalAudioConverter
Trustworthy Toolbar (Version: 6.11.2.6)
TSHostedAppLauncher (Version: 5.1.15.0)
TurboTax 2012 (Version: 2012.0)
TurboTax 2012 WinPerFedFormset (Version: 012.000.1881)
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0419)
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0178)
TurboTax 2012 wnjiper (Version: 012.000.1331)
TurboTax 2012 wpaiper (Version: 012.000.1269)
TurboTax 2012 wrapper (Version: 012.000.0127)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update Installer for WildTangent Games App
Updater By SweetPacks 2.0.0.566 (Version: 2.0.0.566)
ViewNX 2 (Version: 2.1.2)
VirtualDJ Home FREE (Version: 7.3)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
welcome (Version: 11.0.21500.0.4)
WildTangent Games App (HP Games) (Version: 4.0.5.32)
Winamp (Version: 5.7 Beta)
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Mail (Version: 16.4.3505.0912)
Windows Live Messenger (Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Windows Live Writer (Version: 16.4.3505.0912)
Windows Live Writer Resources (Version: 16.4.3505.0912)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
WinZip 15.5 (Version: 15.5.9580)
WinZip 16.0 (Version: 16.0.9715)
YTD Video Downloader 3.9.6 (Version: 3.9.6)
Zinio Reader 4 (Version: 4.2.4164)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 42%
Total physical RAM: 7666.85 MB
Available physical RAM: 4376.04 MB
Total Pagefile: 15331.88 MB
Available Pagefile: 10700.27 MB
Total Virtual: 4095.88 MB
Available Virtual: 3958.83 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:914.58 GB) (Free:636.21 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:16.84 GB) (Free:2.07 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\LEN1945
 
Administrator            Guest                    Len                      
 
 
**** End of log ****


#14 djlen

djlen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 23 March 2013 - 07:56 PM

ADW Cleaner File:

 

 
 
# AdwCleaner v2.115 - Logfile created 03/23/2013 at 20:44:16
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Len - LEN1945
# Boot Mode : Normal
# Running from : C:\Users\Len\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : CltMngSvc
 
***** [Files / Folders] *****
 
File Deleted : C:\END
File Deleted : C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Trustworthy
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3
Folder Deleted : C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Folder Deleted : C:\Users\Len\AppData\Local\Temp\CT2998365
Folder Deleted : C:\Users\Len\AppData\LocalLow\Trustworthy
Folder Deleted : C:\Users\Len\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP
Folder Deleted : C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\ff98cwiv.default-1351434906144\CT2998365
Folder Deleted : C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\ff98cwiv.default-1351434906144\extensions\{ad32743c-16ef-46ec-977b-dce0c3c85b20}
Folder Deleted : C:\Users\Len\AppData\Roaming\SearchProtect
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\Trustworthy
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\GreenTree Applications
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AD32743C-16EF-46EC-977B-DCE0C3C85B20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD32743C-16EF-46EC-977B-DCE0C3C85B20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\534d9dde538ba42
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\GreenTree Applications
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FF7D5016-8AB5-446B-BADC-1B2C069E3841}
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Trustworthy
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AD32743C-16EF-46EC-977B-DCE0C3C85B20}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FF7D5016-8AB5-446B-BADC-1B2C069E3841}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AD02FD-1B5D-46FE-AE08-6528912328D9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D01D7CF1-C48F-4D77-A4C8-FD56DE5F85EA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD32743C-16EF-46EC-977B-DCE0C3C85B20}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Trustworthy Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{AD32743C-16EF-46EC-977B-DCE0C3C85B20}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{AD32743C-16EF-46EC-977B-DCE0C3C85B20}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{AD32743C-16EF-46EC-977B-DCE0C3C85B20}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AD32743C-16EF-46EC-977B-DCE0C3C85B20}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16521
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v19.0 (en-US)
 
File : C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\ff98cwiv.default-1351434906144\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v25.0.1364.172
 
File : C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.5117] : urls_to_restore_on_startup = [ "hxxp://www.philly.com/", "hxxp://web.mail.comcast.net/zimbra/[...]
 
*************************
 
AdwCleaner[S1].txt - [7742 octets] - [23/03/2013 20:44:16]
 
########## EOF - C:\AdwCleaner[S1].txt - [7802 octets] ##########


#15 djlen

djlen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 23 March 2013 - 08:18 PM

I believe we got it.   Can you confirm?






2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users