Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win 32 malware -gen


  • Please log in to reply
11 replies to this topic

#1 dockami

dockami

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 27 August 2012 - 02:22 PM

hi iam new on the forum recently i ran a boot scan with avast and it detected a high level win 32 malware-gen virus which couldnot be deleted and i had to leave it as such to allow me to boot the computer . i usually browse online and my laptop has been relatively free (or so i think ) of viruses till now !!! can u plz help me !!!

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum, due to the absence of any malware logs. ~ Animal

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:14 AM

Posted 27 August 2012 - 02:47 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 dockami

dockami
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 28 August 2012 - 11:31 AM

19:25:55.0747 3668 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:25:57.0204 3668 ============================================================
19:25:57.0204 3668 Current date / time: 2012/08/28 19:25:57.0204
19:25:57.0204 3668 SystemInfo:
19:25:57.0204 3668
19:25:57.0204 3668 OS Version: 6.1.7601 ServicePack: 1.0
19:25:57.0204 3668 Product type: Workstation
19:25:57.0204 3668 ComputerName: KAMI-PC
19:25:57.0205 3668 UserName: kami
19:25:57.0205 3668 Windows directory: C:\Windows
19:25:57.0205 3668 System windows directory: C:\Windows
19:25:57.0205 3668 Running under WOW64
19:25:57.0205 3668 Processor architecture: Intel x64
19:25:57.0205 3668 Number of processors: 2
19:25:57.0205 3668 Page size: 0x1000
19:25:57.0205 3668 Boot type: Normal boot
19:25:57.0205 3668 ============================================================
19:25:58.0769 3668 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:25:58.0799 3668 ============================================================
19:25:58.0799 3668 \Device\Harddisk0\DR0:
19:25:58.0799 3668 MBR partitions:
19:25:58.0799 3668 Initialize success
19:25:58.0799 3668 ============================================================
19:26:03.0681 0492 ============================================================
19:26:03.0681 0492 Scan started
19:26:03.0681 0492 Mode: Manual; TDLFS;
19:26:03.0681 0492 ============================================================
19:26:04.0101 0492 ================ Scan system memory ========================
19:26:04.0101 0492 System memory - ok
19:26:04.0101 0492 ================ Scan services =============================
19:26:04.0201 0492 1394ohci - ok
19:26:04.0221 0492 Accelerometer - ok
19:26:04.0231 0492 ACPI - ok
19:26:04.0231 0492 AcpiPmi - ok
19:26:04.0261 0492 AdobeARMservice - ok
19:26:04.0271 0492 adp94xx - ok
19:26:04.0291 0492 adpahci - ok
19:26:04.0301 0492 adpu320 - ok
19:26:04.0301 0492 AeLookupSvc - ok
19:26:04.0321 0492 AESTFilters - ok
19:26:04.0331 0492 AFD - ok
19:26:04.0351 0492 agp440 - ok
19:26:04.0361 0492 ALG - ok
19:26:04.0361 0492 aliide - ok
19:26:04.0371 0492 AMD External Events Utility - ok
19:26:04.0391 0492 AMD FUEL Service - ok
19:26:04.0401 0492 amdide - ok
19:26:04.0401 0492 amdiox64 - ok
19:26:04.0411 0492 AmdK8 - ok
19:26:04.0421 0492 amdkmdag - ok
19:26:04.0431 0492 amdkmdap - ok
19:26:04.0441 0492 AmdPPM - ok
19:26:04.0451 0492 amdsata - ok
19:26:04.0461 0492 amdsbs - ok
19:26:04.0461 0492 amdxata - ok
19:26:04.0481 0492 AODDriver4.01 - ok
19:26:04.0491 0492 AppID - ok
19:26:04.0501 0492 AppIDSvc - ok
19:26:04.0521 0492 Appinfo - ok
19:26:04.0531 0492 arc - ok
19:26:04.0531 0492 arcsas - ok
19:26:04.0551 0492 aswFsBlk - ok
19:26:04.0591 0492 aswMonFlt - ok
19:26:04.0631 0492 aswRdr - ok
19:26:04.0631 0492 aswSnx - ok
19:26:04.0641 0492 aswSP - ok
19:26:04.0651 0492 aswTdi - ok
19:26:04.0691 0492 AsyncMac - ok
19:26:04.0701 0492 atapi - ok
19:26:04.0701 0492 athr - ok
19:26:04.0711 0492 AtiHdmiService - ok
19:26:04.0741 0492 AtiPcie - ok
19:26:04.0761 0492 AudioEndpointBuilder - ok
19:26:04.0771 0492 AudioSrv - ok
19:26:04.0771 0492 avast! Antivirus - ok
19:26:04.0791 0492 AxInstSV - ok
19:26:04.0791 0492 b06bdrv - ok
19:26:04.0801 0492 b57nd60a - ok
19:26:04.0821 0492 BBSvc - ok
19:26:04.0841 0492 BBUpdate - ok
19:26:04.0851 0492 BDESVC - ok
19:26:04.0861 0492 Beep - ok
19:26:04.0881 0492 BFE - ok
19:26:04.0891 0492 BingDesktopUpdate - ok
19:26:04.0911 0492 BITCOMET_HELPER_SERVICE - ok
19:26:04.0911 0492 BITS - ok
19:26:04.0921 0492 blbdrive - ok
19:26:04.0931 0492 bowser - ok
19:26:04.0931 0492 BrFiltLo - ok
19:26:04.0941 0492 BrFiltUp - ok
19:26:04.0951 0492 Browser - ok
19:26:04.0951 0492 Brserid - ok
19:26:04.0961 0492 BrSerWdm - ok
19:26:04.0961 0492 BrUsbMdm - ok
19:26:04.0971 0492 BrUsbSer - ok
19:26:05.0001 0492 BthEnum - ok
19:26:05.0001 0492 BTHMODEM - ok
19:26:05.0021 0492 BthPan - ok
19:26:05.0041 0492 BTHPORT - ok
19:26:05.0051 0492 bthserv - ok
19:26:05.0061 0492 BTHUSB - ok
19:26:05.0071 0492 cdfs - ok
19:26:05.0081 0492 cdrom - ok
19:26:05.0101 0492 CertPropSvc - ok
19:26:05.0111 0492 circlass - ok
19:26:05.0111 0492 CLFS - ok
19:26:05.0121 0492 clr_optimization_v2.0.50727_32 - ok
19:26:05.0131 0492 clr_optimization_v2.0.50727_64 - ok
19:26:05.0141 0492 clr_optimization_v4.0.30319_32 - ok
19:26:05.0141 0492 clr_optimization_v4.0.30319_64 - ok
19:26:05.0151 0492 CmBatt - ok
19:26:05.0161 0492 cmdide - ok
19:26:05.0161 0492 CNG - ok
19:26:05.0181 0492 Compbatt - ok
19:26:05.0181 0492 CompositeBus - ok
19:26:05.0201 0492 COMSysApp - ok
19:26:05.0201 0492 crcdisk - ok
19:26:05.0221 0492 CryptSvc - ok
19:26:05.0241 0492 ctxusbm - ok
19:26:05.0251 0492 DcomLaunch - ok
19:26:05.0251 0492 defragsvc - ok
19:26:05.0261 0492 DfsC - ok
19:26:05.0261 0492 Dhcp - ok
19:26:05.0271 0492 discache - ok
19:26:05.0281 0492 Disk - ok
19:26:05.0291 0492 Dnscache - ok
19:26:05.0301 0492 dot3svc - ok
19:26:05.0311 0492 DPS - ok
19:26:05.0311 0492 drmkaud - ok
19:26:05.0321 0492 DVMIO - ok
19:26:05.0331 0492 DvmMDES - ok
19:26:05.0331 0492 DXGKrnl - ok
19:26:05.0341 0492 EapHost - ok
19:26:05.0341 0492 ebdrv - ok
19:26:05.0351 0492 EFS - ok
19:26:05.0361 0492 ehRecvr - ok
19:26:05.0361 0492 ehSched - ok
19:26:05.0371 0492 elxstor - ok
19:26:05.0371 0492 ErrDev - ok
19:26:05.0381 0492 EventSystem - ok
19:26:05.0401 0492 exfat - ok
19:26:05.0411 0492 fastfat - ok
19:26:05.0411 0492 Fax - ok
19:26:05.0421 0492 fdc - ok
19:26:05.0421 0492 fdPHost - ok
19:26:05.0431 0492 FDResPub - ok
19:26:05.0441 0492 FileInfo - ok
19:26:05.0441 0492 Filetrace - ok
19:26:05.0451 0492 flpydisk - ok
19:26:05.0461 0492 FltMgr - ok
19:26:05.0471 0492 FontCache - ok
19:26:05.0471 0492 FontCache3.0.0.0 - ok
19:26:05.0501 0492 Freemake Improver - ok
19:26:05.0521 0492 FreemakeVideoCapture - ok
19:26:05.0531 0492 FsDepends - ok
19:26:05.0551 0492 fssfltr - ok
19:26:05.0571 0492 fsssvc - ok
19:26:05.0581 0492 Fs_Rec - ok
19:26:05.0601 0492 fvevol - ok
19:26:05.0611 0492 gagp30kx - ok
19:26:05.0621 0492 gpsvc - ok
19:26:05.0668 0492 gupdate - ok
19:26:05.0683 0492 gupdatem - ok
19:26:05.0693 0492 hcw85cir - ok
19:26:05.0693 0492 HdAudAddService - ok
19:26:05.0703 0492 HDAudBus - ok
19:26:05.0713 0492 HidBatt - ok
19:26:05.0713 0492 HidBth - ok
19:26:05.0723 0492 HidIr - ok
19:26:05.0733 0492 hidserv - ok
19:26:05.0733 0492 HidUsb - ok
19:26:05.0743 0492 hkmsvc - ok
19:26:05.0753 0492 HomeGroupListener - ok
19:26:05.0753 0492 HomeGroupProvider - ok
19:26:05.0783 0492 HP Support Assistant Service - ok
19:26:05.0803 0492 HP Wireless Assistant Service - ok
19:26:05.0823 0492 HPDrvMntSvc.exe - ok
19:26:05.0833 0492 hpdskflt - ok
19:26:05.0833 0492 hpqwmiex - ok
19:26:05.0843 0492 HpSAMD - ok
19:26:05.0853 0492 hpsrv - ok
19:26:05.0853 0492 HPWMISVC - ok
19:26:05.0893 0492 hshld - ok
19:26:05.0933 0492 HssDRV6 - ok
19:26:05.0933 0492 HssSrv - ok
19:26:05.0943 0492 HssTrayService - ok
19:26:05.0963 0492 HssWd - ok
19:26:05.0983 0492 HTTP - ok
19:26:05.0993 0492 hwdatacard - ok
19:26:06.0003 0492 hwpolicy - ok
19:26:06.0013 0492 hwusbdev - ok
19:26:06.0033 0492 i8042prt - ok
19:26:06.0043 0492 iaStorV - ok
19:26:06.0053 0492 idsvc - ok
19:26:06.0063 0492 igfx - ok
19:26:06.0063 0492 iirsp - ok
19:26:06.0073 0492 IKEEXT - ok
19:26:06.0083 0492 intelide - ok
19:26:06.0083 0492 intelppm - ok
19:26:06.0093 0492 IPBusEnum - ok
19:26:06.0103 0492 IpFilterDriver - ok
19:26:06.0103 0492 iphlpsvc - ok
19:26:06.0113 0492 IPMIDRV - ok
19:26:06.0113 0492 IPNAT - ok
19:26:06.0123 0492 IRENUM - ok
19:26:06.0133 0492 isapnp - ok
19:26:06.0133 0492 iScsiPrt - ok
19:26:06.0143 0492 kbdclass - ok
19:26:06.0143 0492 kbdhid - ok
19:26:06.0153 0492 KeyIso - ok
19:26:06.0163 0492 KSecDD - ok
19:26:06.0163 0492 KSecPkg - ok
19:26:06.0173 0492 ksthunk - ok
19:26:06.0173 0492 KtmRm - ok
19:26:06.0183 0492 LanmanServer - ok
19:26:06.0183 0492 LanmanWorkstation - ok
19:26:06.0203 0492 LightScribeService - ok
19:26:06.0213 0492 lltdio - ok
19:26:06.0213 0492 lltdsvc - ok
19:26:06.0223 0492 lmhosts - ok
19:26:06.0253 0492 LSI_FC - ok
19:26:06.0253 0492 LSI_SAS - ok
19:26:06.0263 0492 LSI_SAS2 - ok
19:26:06.0273 0492 LSI_SCSI - ok
19:26:06.0283 0492 luafv - ok
19:26:06.0323 0492 MBAMProtector - ok
19:26:06.0333 0492 MBAMService - ok
19:26:06.0333 0492 Mcx2Svc - ok
19:26:06.0343 0492 megasas - ok
19:26:06.0353 0492 MegaSR - ok
19:26:06.0353 0492 MMCSS - ok
19:26:06.0363 0492 Modem - ok
19:26:06.0373 0492 monitor - ok
19:26:06.0393 0492 mouclass - ok
19:26:06.0403 0492 mouhid - ok
19:26:06.0413 0492 mountmgr - ok
19:26:06.0423 0492 mpio - ok
19:26:06.0433 0492 mpsdrv - ok
19:26:06.0443 0492 MpsSvc - ok
19:26:06.0443 0492 MRxDAV - ok
19:26:06.0453 0492 mrxsmb - ok
19:26:06.0463 0492 mrxsmb10 - ok
19:26:06.0463 0492 mrxsmb20 - ok
19:26:06.0473 0492 msahci - ok
19:26:06.0473 0492 msdsm - ok
19:26:06.0483 0492 MSDTC - ok
19:26:06.0493 0492 Msfs - ok
19:26:06.0503 0492 mshidkmdf - ok
19:26:06.0503 0492 msisadrv - ok
19:26:06.0513 0492 MSiSCSI - ok
19:26:06.0523 0492 msiserver - ok
19:26:06.0533 0492 MSKSSRV - ok
19:26:06.0543 0492 MSPCLOCK - ok
19:26:06.0543 0492 MSPQM - ok
19:26:06.0553 0492 MsRPC - ok
19:26:06.0563 0492 mssmbios - ok
19:26:06.0573 0492 MSTEE - ok
19:26:06.0583 0492 MTConfig - ok
19:26:06.0583 0492 Mup - ok
19:26:06.0593 0492 napagent - ok
19:26:06.0603 0492 NativeWifiP - ok
19:26:06.0603 0492 NDIS - ok
19:26:06.0613 0492 NdisCap - ok
19:26:06.0613 0492 NdisTapi - ok
19:26:06.0623 0492 Ndisuio - ok
19:26:06.0633 0492 NdisWan - ok
19:26:06.0643 0492 NDProxy - ok
19:26:06.0653 0492 NetBIOS - ok
19:26:06.0663 0492 NetBT - ok
19:26:06.0663 0492 Netlogon - ok
19:26:06.0683 0492 Netman - ok
19:26:06.0693 0492 netprofm - ok
19:26:06.0703 0492 netr28ux - ok
19:26:06.0703 0492 NetTcpPortSharing - ok
19:26:06.0713 0492 netw5v64 - ok
19:26:06.0713 0492 nfrd960 - ok
19:26:06.0723 0492 NlaSvc - ok
19:26:06.0743 0492 npf - ok
19:26:06.0753 0492 Npfs - ok
19:26:06.0763 0492 nsi - ok
19:26:06.0763 0492 nsiproxy - ok
19:26:06.0773 0492 Ntfs - ok
19:26:06.0783 0492 Null - ok
19:26:06.0783 0492 nvraid - ok
19:26:06.0793 0492 nvstor - ok
19:26:06.0813 0492 nv_agp - ok
19:26:06.0813 0492 odserv - ok
19:26:06.0823 0492 ohci1394 - ok
19:26:06.0833 0492 ose - ok
19:26:06.0833 0492 p2pimsvc - ok
19:26:06.0843 0492 p2psvc - ok
19:26:06.0853 0492 Parport - ok
19:26:06.0853 0492 partmgr - ok
19:26:06.0863 0492 PcaSvc - ok
19:26:06.0863 0492 pci - ok
19:26:06.0873 0492 pciide - ok
19:26:06.0883 0492 pcmcia - ok
19:26:06.0883 0492 pcw - ok
19:26:06.0893 0492 PEAUTH - ok
19:26:06.0903 0492 PerfHost - ok
19:26:06.0913 0492 pla - ok
19:26:06.0963 0492 PlugPlay - ok
19:26:06.0973 0492 PNRPAutoReg - ok
19:26:06.0983 0492 PNRPsvc - ok
19:26:06.0993 0492 PolicyAgent - ok
19:26:07.0003 0492 Power - ok
19:26:07.0013 0492 PptpMiniport - ok
19:26:07.0023 0492 Processor - ok
19:26:07.0033 0492 ProfSvc - ok
19:26:07.0033 0492 ProtectedStorage - ok
19:26:07.0043 0492 Psched - ok
19:26:07.0053 0492 ql2300 - ok
19:26:07.0053 0492 ql40xx - ok
19:26:07.0063 0492 QWAVE - ok
19:26:07.0073 0492 QWAVEdrv - ok
19:26:07.0073 0492 RasAcd - ok
19:26:07.0083 0492 RasAgileVpn - ok
19:26:07.0083 0492 RasAuto - ok
19:26:07.0093 0492 Rasl2tp - ok
19:26:07.0103 0492 RasMan - ok
19:26:07.0103 0492 RasPppoe - ok
19:26:07.0113 0492 RasSstp - ok
19:26:07.0113 0492 rdbss - ok
19:26:07.0123 0492 rdpbus - ok
19:26:07.0133 0492 RDPCDD - ok
19:26:07.0143 0492 RDPENCDD - ok
19:26:07.0153 0492 RDPREFMP - ok
19:26:07.0153 0492 RDPWD - ok
19:26:07.0163 0492 rdyboost - ok
19:26:07.0173 0492 RemoteAccess - ok
19:26:07.0183 0492 RemoteRegistry - ok
19:26:07.0193 0492 RFCOMM - ok
19:26:07.0203 0492 RpcEptMapper - ok
19:26:07.0213 0492 RpcLocator - ok
19:26:07.0213 0492 RpcSs - ok
19:26:07.0223 0492 rspndr - ok
19:26:07.0233 0492 RSUSBSTOR - ok
19:26:07.0253 0492 RTL8167 - ok
19:26:07.0263 0492 SamSs - ok
19:26:07.0263 0492 sbp2port - ok
19:26:07.0273 0492 SCardSvr - ok
19:26:07.0283 0492 scfilter - ok
19:26:07.0293 0492 Schedule - ok
19:26:07.0293 0492 SCPolicySvc - ok
19:26:07.0313 0492 sdbus - ok
19:26:07.0313 0492 SDRSVC - ok
19:26:07.0333 0492 secdrv - ok
19:26:07.0333 0492 seclogon - ok
19:26:07.0343 0492 SENS - ok
19:26:07.0353 0492 SensrSvc - ok
19:26:07.0353 0492 Serenum - ok
19:26:07.0363 0492 Serial - ok
19:26:07.0373 0492 sermouse - ok
19:26:07.0383 0492 SessionEnv - ok
19:26:07.0393 0492 sffdisk - ok
19:26:07.0393 0492 sffp_mmc - ok
19:26:07.0403 0492 sffp_sd - ok
19:26:07.0403 0492 sfloppy - ok
19:26:07.0423 0492 SharedAccess - ok
19:26:07.0423 0492 ShellHWDetection - ok
19:26:07.0433 0492 SiSRaid2 - ok
19:26:07.0443 0492 SiSRaid4 - ok
19:26:07.0463 0492 SkypeUpdate - ok
19:26:07.0473 0492 Smb - ok
19:26:07.0493 0492 SNMPTRAP - ok
19:26:07.0503 0492 spldr - ok
19:26:07.0503 0492 Spooler - ok
19:26:07.0513 0492 sppsvc - ok
19:26:07.0523 0492 sppuinotify - ok
19:26:07.0523 0492 srv - ok
19:26:07.0533 0492 srv2 - ok
19:26:07.0573 0492 SrvHsfHDA - ok
19:26:07.0583 0492 SrvHsfV92 - ok
19:26:07.0593 0492 SrvHsfWinac - ok
19:26:07.0603 0492 srvnet - ok
19:26:07.0643 0492 SSDPSRV - ok
19:26:07.0643 0492 SstpSvc - ok
19:26:07.0653 0492 STacSV - ok
19:26:07.0653 0492 stexstor - ok
19:26:07.0693 0492 STHDA - ok
19:26:07.0713 0492 stisvc - ok
19:26:07.0723 0492 swenum - ok
19:26:07.0733 0492 swprv - ok
19:26:07.0743 0492 SynTP - ok
19:26:07.0743 0492 SysMain - ok
19:26:07.0753 0492 TabletInputService - ok
19:26:07.0763 0492 taphss - ok
19:26:07.0773 0492 TapiSrv - ok
19:26:07.0783 0492 TBS - ok
19:26:07.0783 0492 Tcpip - ok
19:26:07.0793 0492 TCPIP6 - ok
19:26:07.0803 0492 tcpipreg - ok
19:26:07.0813 0492 TDPIPE - ok
19:26:07.0823 0492 TDTCP - ok
19:26:07.0823 0492 tdx - ok
19:26:07.0833 0492 TermDD - ok
19:26:07.0833 0492 TermService - ok
19:26:07.0843 0492 Themes - ok
19:26:07.0843 0492 THREADORDER - ok
19:26:07.0853 0492 TrkWks - ok
19:26:07.0853 0492 TrustedInstaller - ok
19:26:07.0863 0492 tssecsrv - ok
19:26:07.0883 0492 TsUsbFlt - ok
19:26:07.0893 0492 TuneUp.UtilitiesSvc - ok
19:26:07.0903 0492 TuneUpUtilitiesDrv - ok
19:26:07.0923 0492 tunnel - ok
19:26:07.0923 0492 uagp35 - ok
19:26:07.0933 0492 udfs - ok
19:26:07.0953 0492 UDisk Monitor - ok
19:26:07.0973 0492 UI0Detect - ok
19:26:07.0973 0492 uliagpkx - ok
19:26:07.0983 0492 umbus - ok
19:26:07.0993 0492 UmPass - ok
19:26:08.0003 0492 upnphost - ok
19:26:08.0003 0492 usbccgp - ok
19:26:08.0013 0492 usbcir - ok
19:26:08.0013 0492 usbehci - ok
19:26:08.0033 0492 usbfilter - ok
19:26:08.0033 0492 usbhub - ok
19:26:08.0043 0492 usbohci - ok
19:26:08.0053 0492 usbprint - ok
19:26:08.0053 0492 usbscan - ok
19:26:08.0063 0492 USBSTOR - ok
19:26:08.0073 0492 usbuhci - ok
19:26:08.0083 0492 usbvideo - ok
19:26:08.0093 0492 UxSms - ok
19:26:08.0123 0492 UxTuneUp - ok
19:26:08.0133 0492 VaultSvc - ok
19:26:08.0133 0492 vdrvroot - ok
19:26:08.0193 0492 vds - ok
19:26:08.0203 0492 vga - ok
19:26:08.0203 0492 VgaSave - ok
19:26:08.0213 0492 vhdmp - ok
19:26:08.0213 0492 viaide - ok
19:26:08.0223 0492 volmgr - ok
19:26:08.0233 0492 volmgrx - ok
19:26:08.0233 0492 volsnap - ok
19:26:08.0243 0492 vsmraid - ok
19:26:08.0243 0492 VSS - ok
19:26:08.0253 0492 vwifibus - ok
19:26:08.0263 0492 vwififlt - ok
19:26:08.0273 0492 vwifimp - ok
19:26:08.0283 0492 W32Time - ok
19:26:08.0293 0492 WacomPen - ok
19:26:08.0313 0492 WANARP - ok
19:26:08.0313 0492 Wanarpv6 - ok
19:26:08.0323 0492 WatAdminSvc - ok
19:26:08.0333 0492 wbengine - ok
19:26:08.0333 0492 WbioSrvc - ok
19:26:08.0343 0492 wcncsvc - ok
19:26:08.0353 0492 WcsPlugInService - ok
19:26:08.0353 0492 Wd - ok
19:26:08.0373 0492 Wdf01000 - ok
19:26:08.0373 0492 WdiServiceHost - ok
19:26:08.0383 0492 WdiSystemHost - ok
19:26:08.0383 0492 WebClient - ok
19:26:08.0393 0492 Wecsvc - ok
19:26:08.0403 0492 wercplsupport - ok
19:26:08.0413 0492 WerSvc - ok
19:26:08.0413 0492 WfpLwf - ok
19:26:08.0423 0492 WIMMount - ok
19:26:08.0433 0492 WinDefend - ok
19:26:08.0433 0492 WinHttpAutoProxySvc - ok
19:26:08.0453 0492 Winmgmt - ok
19:26:08.0453 0492 WinRM - ok
19:26:08.0463 0492 Wlansvc - ok
19:26:08.0483 0492 wlcrasvc - ok
19:26:08.0493 0492 wlidsvc - ok
19:26:08.0503 0492 WmiAcpi - ok
19:26:08.0503 0492 wmiApSrv - ok
19:26:08.0513 0492 WMPNetworkSvc - ok
19:26:08.0523 0492 WPCSvc - ok
19:26:08.0533 0492 WPDBusEnum - ok
19:26:08.0533 0492 ws2ifsl - ok
19:26:08.0543 0492 wscsvc - ok
19:26:08.0543 0492 WSearch - ok
19:26:08.0553 0492 wuauserv - ok
19:26:08.0563 0492 WudfPf - ok
19:26:08.0583 0492 WUDFRd - ok
19:26:08.0593 0492 wudfsvc - ok
19:26:08.0603 0492 WwanSvc - ok
19:26:08.0603 0492 yukonw7 - ok
19:26:08.0613 0492 ztemtusbser - ok
19:26:08.0663 0492 ================ Scan global ===============================
19:26:08.0673 0492 [Global] - ok
19:26:08.0673 0492 ================ Scan MBR ==================================
19:26:08.0693 0492 [ 7CD43A74EEA9D4F30E997E26486B0019 ] \Device\Harddisk0\DR0
19:26:09.0173 0492 \Device\Harddisk0\DR0 - ok
19:26:09.0173 0492 ================ Scan VBR ==================================
19:26:09.0173 0492 ============================================================
19:26:09.0173 0492 Scan finished
19:26:09.0173 0492 ============================================================
19:26:09.0203 2568 Detected object count: 0
19:26:09.0203 2568 Actual detected object count: 0





this is the tdss reply



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-28 19:19:26
-----------------------------
19:19:26.164 OS Version: Windows x64 6.1.7601 Service Pack 1
19:19:26.164 Number of processors: 2 586 0x603
19:19:26.174 ComputerName: KAMI-PC UserName: kami
19:19:27.230 Initialize success
19:19:30.224 AVAST engine defs: 12082801
19:19:46.596 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:19:46.596 Disk 0 Vendor: ST9500325AS 0005HPM1 Size: 476940MB BusType: 11
19:19:46.676 Disk 0 MBR read successfully
19:19:46.676 Disk 0 MBR scan
19:19:46.676 Disk 0 unknown MBR code
19:19:46.686 Disk 0 Partition 1 80 (A) 42 SFS NTFS 199 MB offset 2048
19:19:46.696 Disk 0 Partition 2 00 42 SFS NTFS 231966 MB offset 409600
19:19:46.726 Disk 0 Partition 3 00 42 SFS NTFS 22022 MB offset 931459072
19:19:46.746 Disk 0 Partition 4 00 42 SFS MSDOS5.0 103 MB offset 976560128
19:19:46.766 Disk 0 scanning C:\Windows\system32\drivers
19:19:46.766 Service scanning
19:20:11.104 Modules scanning
19:20:11.153 Disk 0 trace - called modules:
19:20:11.220 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:20:11.232 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046a0790]
19:20:11.243 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80046a0040]
19:20:11.257 5 hpdskflt.sys[fffff8800199b189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800462f060]
19:20:12.173 AVAST engine scan C:\Windows
19:20:12.178 AVAST engine scan C:\Windows\system32
19:20:12.183 AVAST engine scan C:\Windows\system32\drivers
19:20:12.192 AVAST engine scan C:\Users\kami
19:20:12.197 AVAST engine scan C:\ProgramData
19:20:12.202 Scan finished successfully
19:20:22.849 Disk 0 MBR has been saved successfully to "C:\Users\kami\Downloads\MBR.dat"
19:20:22.859 The log file has been saved successfully to "C:\Users\kami\Downloads\aswMBR.txt"


this is the asw MBR log
I WILL POST THE ESET NOD log once the scan finishes its taking too long !!!!

#4 dockami

dockami
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 28 August 2012 - 01:39 PM

C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
G:\PRIVATE AND FAMILY\my softwares\BestVideoDownloaderSetup.exe probably a variant of Win32/Adware.EHJCQJF application cleaned by deleting - quarantined
G:\PRIVATE AND FAMILY\my softwares\cnet2_WDM_R268_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
G:\PRIVATE AND FAMILY\my softwares\NEW OFFICE 2007\Outlook.WW\OlkWW.cab a variant of Win32/Kryptik.AGJL trojan deleted - quarantined
this is the eset log of deleted files .. hope i did everything right .

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:14 AM

Posted 28 August 2012 - 02:01 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#6 dockami

dockami
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 29 August 2012 - 06:20 AM

i had earlier downloaded the mbam and it had detected three viruses which it had deleted !!! this was the log that it generated at that time .

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.27.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
kami :: KAMI-PC [administrator]

Protection: Enabled

8/27/2012 6:23:12 PM
mbam-log-2012-08-27 (18-23-12).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 490089
Time elapsed: 1 hour(s), 35 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
G:\PRIVATE AND FAMILY\my softwares\Adobe.Photoshop.CS6.v13.0.Pre.Release.Incl.Keymaker-CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
G:\PRIVATE AND FAMILY\my softwares\keygen&crack for adobe 10\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
G:\PRIVATE AND FAMILY\my softwares\tune up utilities 2011\TuneUp Utilities 2011 Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

(end)












then i rescanned and it gave this log


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.27.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
kami :: KAMI-PC [administrator]

Protection: Enabled

8/28/2012 10:46:20 AM
mbam-log-2012-08-28 (10-46-20).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 489914
Time elapsed: 1 hour(s), 14 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)







so when i ran the programme this time it didnt show any infections and generated this log

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.29.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
kami :: KAMI-PC [administrator]

Protection: Enabled

8/29/2012 10:43:27 AM
mbam-log-2012-08-29 (10-43-27).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 491340
Time elapsed: 1 hour(s), 28 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#7 dockami

dockami
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 29 August 2012 - 07:40 AM

MiniToolBox by Farbar Version: 23-07-2012
Ran by kami (administrator) on 29-08-2012 at 17:36:58
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com

========================= IP Configuration: ================================

Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="Local Area Connection* 17" address=10.62.40.63 mask=255.255.248.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : kami-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

PPP adapter ZTE Wireless Terminal:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : ZTE Wireless Terminal
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 119.154.78.234(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 119.159.255.36
203.99.163.240
NetBIOS over Tcpip. . . . . . . . : Disabled

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 2A-E4-00-D7-CF-76
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Anchorfree HSS Adapter
Physical Address. . . . . . . . . : 00-FF-70-C9-D4-7B
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter
Physical Address. . . . . . . . . : 78-E4-00-D7-CF-76
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{260C67B7-BB14-4018-B948-F286552E63C2}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{396FA8F7-4E84-4963-822B-50208591561D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{6C4C2394-441B-4F9E-BFA6-A1358EEA6F75}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1c2d:2932:8865:b115(Preferred)
Link-local IPv6 Address . . . . . : fe80::1c2d:2932:8865:b115%13(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{70C9D47B-FF95-4EEE-851C-8BF64B152108}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:779a:4eea::779a:4eea(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : 119.159.255.36
203.99.163.240
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: rwp-cns01.ptcl.net
Address: 119.159.255.36

Name: google.com
Addresses: 2a00:1450:4002:802::1006
173.194.35.40
173.194.35.41
173.194.35.46
173.194.35.32
173.194.35.33
173.194.35.34
173.194.35.35
173.194.35.36
173.194.35.37
173.194.35.38
173.194.35.39


Pinging google.com [173.194.35.38] with 32 bytes of data:
Reply from 173.194.35.38: bytes=32 time=189ms TTL=53
Reply from 173.194.35.38: bytes=32 time=191ms TTL=53

Ping statistics for 173.194.35.38:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 189ms, Maximum = 191ms, Average = 190ms
Server: rwp-cns01.ptcl.net
Address: 119.159.255.36

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=453ms TTL=41
Reply from 98.138.253.109: bytes=32 time=372ms TTL=42

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 372ms, Maximum = 453ms, Average = 412ms
Server: rwp-cns01.ptcl.net
Address: 119.159.255.36

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=14ms TTL=128
Reply from 127.0.0.1: bytes=32 time=4ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 4ms, Maximum = 14ms, Average = 9ms
===========================================================================
Interface List
26...........................ZTE Wireless Terminal
18...2a e4 00 d7 cf 76 ......Microsoft Virtual WiFi Miniport Adapter
17...00 ff 70 c9 d4 7b ......Anchorfree HSS Adapter
12...78 e4 00 d7 cf 76 ......Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter
1...........................Software Loopback Interface 1
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
42...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
19...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 On-link 119.154.78.234 41
119.154.78.234 255.255.255.255 On-link 119.154.78.234 296
127.0.0.0 255.0.0.0 On-link 127.0.0.1 4531
127.0.0.1 255.255.255.255 On-link 127.0.0.1 4531
127.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-link 119.154.78.234 41
255.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
255.255.255.255 255.255.255.255 On-link 119.154.78.234 296
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
19 1140 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:1c2d:2932:8865:b115/128
On-link
19 1040 2002::/16 On-link
19 296 2002:779a:4eea::779a:4eea/128
On-link
13 306 fe80::/64 On-link
13 306 fe80::1c2d:2932:8865:b115/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/29/2012 04:12:02 PM) (Source: Google Update) (User: kami-PC)kami-PC
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7

Error: (08/29/2012 04:11:51 PM) (Source: RasClient) (User: )
Description: CoId={D5F03BAB-C57C-4709-BE1F-5BA4659E4A7C}: The user kami-PC\kami dialed a connection named ZTE Wireless Terminal which has failed. The error code returned on failure is 633.

Error: (08/29/2012 03:22:18 PM) (Source: RasClient) (User: )
Description: CoId={E38D020A-8992-4EAE-80BD-34080C6FA493}: The user kami-PC\kami dialed a connection named ZTE Wireless Terminal which has failed. The error code returned on failure is 633.

Error: (08/28/2012 07:22:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/28/2012 07:20:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/28/2012 07:06:18 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)NT AUTHORITY
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/28/2012 07:06:18 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)NT AUTHORITY
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (08/28/2012 03:38:07 PM) (Source: Google Update) (User: kami-PC)kami-PC
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7

Error: (08/28/2012 03:23:29 PM) (Source: RasClient) (User: )
Description: CoId={5C667EE9-7AA1-448A-9AA9-7FB7FFDE3212}: The user kami-PC\kami dialed a connection named ZTE Wireless Terminal which has failed. The error code returned on failure is 618.

Error: (08/28/2012 10:50:23 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)NT AUTHORITY
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.


System errors:
=============
Error: (08/29/2012 04:29:26 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
%%1058

Error: (08/29/2012 10:21:19 AM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
%%1058

Error: (08/28/2012 07:01:31 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
%%1058

Error: (08/28/2012 04:45:25 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
%%1058

Error: (08/28/2012 04:44:46 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:50:13 PM on ?8/?28/?2012 was unexpected.

Error: (08/28/2012 00:50:48 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
%%1058

Error: (08/28/2012 02:57:46 AM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
%%1058

Error: (08/27/2012 11:22:10 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \...\DR1.

Error: (08/27/2012 11:00:30 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
%%1058

Error: (08/27/2012 04:10:10 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
%%1058


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.0.0)
Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Shockwave Player (Version: 11.5.1.601)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
AMD APP SDK Runtime (Version: 2.5.793.1)
AMD Catalyst Install Manager (Version: 3.0.851.0)
AMD Fuel (Version: 2011.1025.2231.38573)
AMD Media Foundation Decoders (Version: 1.0.61025.2207)
AMD USB Filter Driver (Version: 1.0.15.94)
AMD VISION Engine Control Center (Version: 2011.1025.2231.38573)
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 5.0)
avast! Free Antivirus (Version: 7.0.1466.0)
Bing Bar (Version: 7.1.361.0)
Bing Desktop (Version: 1.0.45.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
BitComet 1.30 (Version: 1.30)
Broadband (Version: 16.001.06.00.172)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.1025.2231.38573)
Catalyst Control Center InstallProxy (Version: 2010.0416.541.8279)
Catalyst Control Center InstallProxy (Version: 2011.1025.2231.38573)
Catalyst Control Center Localization All (Version: 2011.1025.2231.38573)
ccc-utility64 (Version: 2011.1025.2231.38573)
CCC Help English (Version: 2011.1025.2230.38573)
CCleaner (Version: 3.18)
Citrix online plug-in - web (Version: 12.1.0.30)
Citrix online plug-in (DV) (Version: 12.1.0.30)
Citrix online plug-in (HDX) (Version: 12.1.0.30)
Citrix online plug-in (USB) (Version: 12.1.0.30)
Citrix online plug-in (Web) (Version: 12.1.0.30)
Coupon Printer for Windows (Version: 5.0.0.0)
CyberLink DVD Suite (Version: 7.0.2527)
D3DX10 (Version: 15.4.2368.0902)
Driver Genius Professional Edition (Version: 11.0)
DVD Menu Pack for HP MediaSmart Video (Version: 4.0.3715)
EndNote X5 (Version: 15.0.0.5478)
ESET Online Scanner v3
ESU for Microsoft Windows 7 (Version: 1.0.0)
EVDO BROADBAND PTCL
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Freemake Video Downloader (Version: 3.0.1)
Google Chrome (Version: 20.0.1132.57)
Google Talk (remove only)
Google Talk Plugin (Version: 3.3.2.8436)
Google Update Helper (Version: 1.3.21.115)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
Hotspot Shield 2.65 (Version: 2.65)
HP 3D DriveGuard (Version: 4.0.3.1)
HP Advisor (Version: 3.4.10262.3295)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Deskjet 1050 J410 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 1050 J410 series Help (Version: 140.0.66.66)
HP Deskjet 1050 J410 series Product Improvement Study (Version: 22.50.231.0)
HP MediaSmart DVD (Version: 4.0.3822)
HP MediaSmart Movies and TV (Version: 1.0.0.10)
HP MediaSmart Music (Version: 4.0.3903)
HP MediaSmart Photo (Version: 4.0.3911)
HP MediaSmart SmartMenu (Version: 3.1.1.12)
HP MediaSmart Video (Version: 4.0.3911)
HP MediaSmart Webcam (Version: 4.0.2511)
HP Photo Creations (Version: 1.0.0.3781)
HP Power Plan Utility (Version: 1.0.6)
HP Quick Launch (Version: 1.0.18)
HP QuickWeb Installer (Version: 1.2.12.0)
HP Software Framework (Version: 3.5.17.1)
HP Support Assistant (Version: 6.1.12.1)
HP Tone Control (Version: 2.0.2)
HP Update (Version: 5.002.006.003)
HP User Guides 0193 (Version: 1.01.0001)
HP Wireless Assistant (Version: 4.0.4.2)
IDT Audio (Version: 1.0.6269.0)
Itibiti RTC (Version: 0.0.1)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 17 (64-bit) (Version: 6.0.170)
Java™ 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 15.4.3502.0922)
LabelPrint (Version: 2.5.2515)
LightScribe System Software (Version: 1.18.11.1)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Works (Version: 9.7.0621)
Movie Theme Pack for HP MediaSmart Video (Version: 4.0.3715)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
MpcStar 5.4 (Version: 5.4)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
PhotoNow! (Version: 1.1.6904)
Power2Go (Version: 6.1.3715)
PowerDirector (Version: 8.0.2514)
QuickTime (Version: 7.71.80.42)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.11.1127.2009)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30113)
Recovery Manager (Version: 5.5.2512)
ResearchSoft Direct Export Helper
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.8 (Version: 5.8.156)
SPSS 16.0 (Version: 16.0.0)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.3.29.0)
Total Video Converter 3.71 100812
TuneUp Utilities 2011 (Version: 10.0.4500.46)
TuneUp Utilities Language Pack (en-US) (Version: 10.0.4500.46)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB Disk Security
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinRAR archiver
WinWrap Basic v9.1 (x86) Utility (Version: 1.0.0)
WOT for Internet Explorer (Version: 11.11.7.0)

========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 3834.9 MB
Available physical RAM: 2341.16 MB
Total Pagefile: 7668 MB
Available Pagefile: 5950.48 MB
Total Virtual: 4095.88 MB
Available Virtual: 3974.33 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:226.53 GB) (Free:138.91 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:21.51 GB) (Free:3.13 GB) NTFS
4 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
5 Drive g: (My Disc) (Fixed) (Total:217.43 GB) (Free:111.21 GB) NTFS

========================= Users: ========================================

User accounts for \\KAMI-PC

Administrator Guest kami


**** End of log ****





MINI TOOL BOX LOG!!!!




Farbar Service Scanner Version: 06-08-2012
Ran by kami (administrator) on 29-08-2012 at 16:23:42
Running from "C:\Users\kami\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
WAN connected
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




FESS LOG REPORT


# AdwCleaner v1.801 - Logfile created 08/29/2012 at 16:27:00
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : kami - KAMI-PC
# Boot Mode : Normal
# Running from : C:\Users\kami\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\kami\AppData\Local\Linkury
Folder Deleted : C:\Users\kami\AppData\Local\Smartbar
Folder Deleted : C:\Users\kami\AppData\LocalLow\facemoods.com
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Linkury
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\facemoods.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\facemoods.com
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
[x64] Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.facemoods.com/?a=make&f=2 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=make&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Mozilla Firefox v10.0.2 (en-US)

Profile name : default
File : C:\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\ptezjclc.default\prefs.js

C:\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\ptezjclc.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [6615 octets] - [29/08/2012 16:27:00]

########## EOF - C:\AdwCleaner[S1].txt - [6743 octets] ##########



ADWARE CLEANER REPORT !!! i hope i did it right

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:14 AM

Posted 29 August 2012 - 08:41 AM

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

Any current issues?

#9 dockami

dockami
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 29 August 2012 - 04:52 PM

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/30/2012 02:49:12 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (PID: 2228) [AU-HEUR]

1 proccess terminated!

Checking Registry for malware related settings.

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\kami\Desktop\rkill\rkill-08-30-2012-02-49-18.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.
* No issues found.

Checking Windows Service Integrity:

* AppMgmt [Missing Service]
* CscService [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/30/2012 02:49:32 AM
Execution time: 0 hours(s), 0 minute(s), and 19 seconds(s)



thanks alot i dont have any significant issues at present i just wanted to make sure that i didnt still have any bugs in my compiter !!! lastly can i use these softwares again to make sure that i am not infected !!!! coz i think my brothers laptop is also infected its damn slow and gets stuck regularly !!!

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:14 AM

Posted 29 August 2012 - 04:53 PM

Yes you can

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#11 dockami

dockami
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 30 August 2012 - 03:59 AM

thanks a lot bro i owe u one !!! :P :thumbsup:

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:14 AM

Posted 30 August 2012 - 05:36 AM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users