Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

False positive using aswMBR?


  • Please log in to reply
12 replies to this topic

#1 4on4off

4on4off

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 AM

Posted 05 September 2012 - 06:26 PM

Hello,

Just wanted to get an opinion from someone else on this.

Had some things that continually popped up and would be grabbed by MSE only to show up again at a later date. This seemed to happen after an update for adobe named "Install_Flash_Player_AIH.exe" was installed.

After several scans with TDSSkiller, MWB, ESET, and SAS it seems that all is clear. All but TDSSkiller found something.

I then ran aswMBR and this entry popped up:

13:28:21.425 File: C:\Users\Christine\AppData\Local\Eastman Kodak Company\Adobe\akfvy.dll **INFECTED** Win32:Trojan-gen

I am thinking this is a false positive as she uses a Kodak printer but just wanted a second opinion in the event this is something new running around. I have searched but found nothing that would suggest that it is anything to worry about.

Thank you.

4

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 AM

Posted 05 September 2012 - 07:09 PM

It is not a false positive. PC is infected.

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

#3 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 AM

Posted 05 September 2012 - 07:16 PM

Ok,

When I ran ESET before it found 8 items. I did not save the log I just removed them.

When I ran Malwarebytes before it found one item and removed it during a quick scan. I then ran a full scan and it found 1 item again and removed it. I ran another full scan and it came up clean.

I will run the scans again and post the logs when they are finished.

Thank you.

4

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 AM

Posted 05 September 2012 - 07:22 PM

:thumbup2:

#5 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 AM

Posted 06 September 2012 - 07:20 AM

Sorry for the delay, I forgot to plug the laptop in before I left and had to start over.

The ESET scan came up empty once again.

The Malwarebytes came up empty as well on the first run, here is the log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.06.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Christine :: CHRISTINE-PC [administrator]

9/6/2012 2:55:43 AM
mbam-log-2012-09-06 (02-55-43).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 365276
Time elapsed: 59 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 AM

Posted 06 September 2012 - 07:24 AM

Any current issues?

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Create a restore point before trying this

Download

adware cleaner

Launch it click on Delete

post the generated log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#7 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 AM

Posted 06 September 2012 - 07:59 AM

Not really noticing anything as bad as far as runing.

Here is the minitoolbox:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Christine (administrator) on 06-09-2012 at 05:30:37
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® WiFi Link 5100 AGN = Wireless Network Connection (Connected)
Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Christine-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.wa.comcast.net.

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.wa.comcast.net.
Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-21-6B-10-B4-4A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8ff:f0fd:c945:42aa%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.146(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, September 05, 2012 7:33:35 PM
Lease Expires . . . . . . . . . . : Wednesday, September 12, 2012 6:13:34 PM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 301998443
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-2A-67-3D-00-23-8B-78-CE-49
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
Physical Address. . . . . . . . . : 00-23-8B-78-CE-49
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{C30D4AFC-C980-4E95-BE67-ED267D42A84D}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.wa.comcast.net.
Description . . . . . . . . . . . : isatap.hsd1.wa.comcast.net.
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:1cf3:1d6:3f57:fd6d(Preferred)
Link-local IPv6 Address . . . . . : fe80::1cf3:1d6:3f57:fd6d%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 2607:f8b0:400a:801::1005
173.194.33.38
173.194.33.37
173.194.33.39
173.194.33.35
173.194.33.32
173.194.33.34
173.194.33.33
173.194.33.41
173.194.33.46
173.194.33.36
173.194.33.40



Pinging google.com [173.194.33.34] with 32 bytes of data:

Reply from 173.194.33.34: bytes=32 time=14ms TTL=56

Reply from 173.194.33.34: bytes=32 time=14ms TTL=56



Ping statistics for 173.194.33.34:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 14ms, Maximum = 14ms, Average = 14ms

Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=137ms TTL=49

Reply from 98.138.253.109: bytes=32 time=91ms TTL=49



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 91ms, Maximum = 137ms, Average = 114ms

Server: UnKnown
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 21 6b 10 b4 4a ...... Intel® WiFi Link 5100 AGN
10 ...00 23 8b 78 ce 49 ...... Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.{C30D4AFC-C980-4E95-BE67-ED267D42A84D}
14 ...00 00 00 00 00 00 00 e0 isatap.hsd1.wa.comcast.net.
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.146 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.146 281
192.168.2.146 255.255.255.255 On-link 192.168.2.146 281
192.168.2.255 255.255.255.255 On-link 192.168.2.146 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.146 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.146 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 18 ::/0 On-link
1 306 ::1/128 On-link
12 18 2001::/32 On-link
12 266 2001:0:9d38:953c:1cf3:1d6:3f57:fd6d/128
On-link
11 281 fe80::/64 On-link
12 266 fe80::/64 On-link
11 281 fe80::8ff:f0fd:c945:42aa/128
On-link
12 266 fe80::1cf3:1d6:3f57:fd6d/128
On-link
1 306 ff00::/8 On-link
12 266 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/05/2012 07:34:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (09/05/2012 07:34:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (09/05/2012 07:34:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (09/05/2012 07:30:54 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (09/05/2012 07:30:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/05/2012 05:19:16 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (09/05/2012 05:19:09 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (09/05/2012 05:19:09 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (09/05/2012 05:18:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (09/05/2012 05:12:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/05/2012 07:30:48 PM) (Source: Service Control Manager) (User: )
Description: lxdvCATSCustConnectService%%1053

Error: (09/05/2012 07:30:48 PM) (Source: Service Control Manager) (User: )
Description: 30000lxdvCATSCustConnectService

Error: (09/05/2012 07:29:12 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:55:42 PM on 9/5/2012 was unexpected.

Error: (09/05/2012 05:12:06 PM) (Source: Service Control Manager) (User: )
Description: lxdvCATSCustConnectService%%1053

Error: (09/05/2012 05:12:06 PM) (Source: Service Control Manager) (User: )
Description: 30000lxdvCATSCustConnectService

Error: (09/05/2012 10:22:24 AM) (Source: Service Control Manager) (User: )
Description: 1Restart the serviceMicrosoft Antimalware Service%%1056

Error: (09/05/2012 10:22:09 AM) (Source: Service Control Manager) (User: )
Description: Microsoft Antimalware Service1150001Restart the service

Error: (09/05/2012 10:20:03 AM) (Source: Service Control Manager) (User: )
Description: lxdvCATSCustConnectService%%1053

Error: (09/05/2012 10:20:03 AM) (Source: Service Control Manager) (User: )
Description: 30000lxdvCATSCustConnectService

Error: (09/05/2012 09:15:13 AM) (Source: Service Control Manager) (User: )
Description: ctxusbm
MpFilter
SASDIFSV
SASKUTIL
spldr
Wanarpv6


Microsoft Office Sessions:
=========================
Error: (01/27/2012 05:18:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 243 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

CCleaner (Version: 3.20)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.73.00.52)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Kodak AIO Printer (Version: 7.5.0.0)
Lexmark X5400 Series
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Move Media Player
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
SUPERAntiSpyware (Version: 5.5.1012)
Synaptics Pointing Device Driver (Version: 11.1.4.0)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Yontoo Layers Runtime 1.10.01 (Version: 1.10.01)

========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 3995.93 MB
Available physical RAM: 2035.33 MB
Total Pagefile: 8195.15 MB
Available Pagefile: 6327.39 MB
Total Virtual: 4095.88 MB
Available Virtual: 3996.65 MB

========================= Partitions: =====================================

1 Drive c: (ACER) (Fixed) (Total:142.54 GB) (Free:61.06 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:139 GB) (Free:138.9 GB) NTFS
3 Drive e: () (Removable) (Total:3.73 GB) (Free:0.44 GB) FAT32

========================= Users: ========================================

User accounts for \\CHRISTINE-PC

Administrator Christine Guest


**** End of log ****


Here is the FSS log:

Farbar Service Scanner Version: 06-08-2012
Ran by Christine (administrator) on 06-09-2012 at 05:34:44
Running from "C:\Users\Christine\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-12-03 07:52] - [2009-04-11 00:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-15 07:24] - [2012-01-03 07:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 14:09] - [2012-03-30 05:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A

C:\Windows\System32\dnsrslvr.dll
[2011-04-14 19:56] - [2011-03-02 09:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-12-03 07:53] - [2009-04-11 00:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-12-03 07:52] - [2009-04-11 00:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-12-03 07:53] - [2009-04-11 00:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-12-03 07:51] - [2009-04-11 00:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-12-03 07:52] - [2009-04-11 00:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-12-03 07:53] - [2009-04-11 00:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-12-03 07:53] - [2009-04-11 00:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-12 20:45] - [2012-04-23 09:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-12-03 07:53] - [2009-04-11 00:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

Here is the adware cleaner log:

# AdwCleaner v2.000 - Logfile created 09/06/2012 at 05:38:39
# Updated 30/08/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Christine - CHRISTINE-PC
# Boot Mode : Normal
# Running from : C:\Users\Christine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGC7V07K\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\Free Offers from Freeze.com
Deleted on reboot : C:\Program Files (x86)\Linkury
Deleted on reboot : C:\Program Files (x86)\vShare
Deleted on reboot : C:\Program Files (x86)\Yontoo Layers Runtime
Deleted on reboot : C:\ProgramData\Linkury
Deleted on reboot : C:\ProgramData\Tarma Installer
Deleted on reboot : C:\ProgramData\WeCareReminder
Deleted on reboot : C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Deleted on reboot : C:\Users\Christine\AppData\Local\Linkury
Deleted on reboot : C:\Users\Christine\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\Christine\AppData\LocalLow\FunWebProducts
Deleted on reboot : C:\Users\Christine\AppData\LocalLow\MyWebSearch
Deleted on reboot : C:\Users\Christine\AppData\LocalLow\vShare

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\SmartbarBackup
Key Deleted : HKCU\Software\vShare
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2418376
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol
Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [8970 octets] - [06/09/2012 05:38:39]

########## EOF - C:\AdwCleaner[S1].txt - [9030 octets] ##########


Here is the rkill log:

Rkill 2.3.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/06/2012 05:42:48 AM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Users\CHRIST~1\AppData\Local\Temp\RtkBtMnt.exe (PID: 4024) [SUP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]
* C:\Users\Christine\AppData\Local\{8b0fae4a-19a3-fae5-2593-c19dd00619c3}\ [ZA Dir]
* C:\Users\Christine\AppData\Local\{8b0fae4a-19a3-fae5-2593-c19dd00619c3}\@ [ZA File]
* C:\Users\Christine\AppData\Local\{8b0fae4a-19a3-fae5-2593-c19dd00619c3}\L\ [ZA Dir]
* C:\Users\Christine\AppData\Local\{8b0fae4a-19a3-fae5-2593-c19dd00619c3}\U\ [ZA Dir]

Checking Windows Service Integrity:

* WinDefend [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/06/2012 05:43:06 AM
Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s)


Here is the autoruns log: not sure i did this one right.

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IAAnotif" "Event Monitor User Notification Tool" "Intel Corporation" "c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "RtHDVCpl" "HD Audio Control Panel" "Realtek Semiconductor" "c:\windows\ravcpl64.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics, Inc." "c:\program files\synaptics\syntp\syntpenh.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "EDSshellExt" "Acer eDataSecurity Management Explorer Shell Extension" "Egis Incorporated." "c:\program files (x86)\acer\empowering technology\edatasecurity\x64\edsshellext.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "EDSshellExt" "Acer eDataSecurity Management Explorer Shell Extension" "Egis Incorporated." "c:\program files (x86)\acer\empowering technology\edatasecurity\x86\edsshellext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EDSshellExt" "Acer eDataSecurity Management Explorer Shell Extension" "Egis Incorporated." "c:\program files (x86)\acer\empowering technology\edatasecurity\x64\edsshellext.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EDSshellExt" "Acer eDataSecurity Management Explorer Shell Extension" "Egis Incorporated." "c:\program files (x86)\acer\empowering technology\edatasecurity\x86\edsshellext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "OpenOffice.org" "c:\program files (x86)\openoffice.org 3\basis\program\shlxthdl\shlxthdl_x64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "OpenOffice.org" "c:\program files (x86)\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "egisPSDP" "Egis Inc. PSD DragDrop Protection" "Egis Inc." "c:\program files (x86)\acer\empowering technology\edatasecurity\x64\psdprotect.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "egisPSDP" "Egis Inc. PSD DragDrop Protection" "Egis Inc." "c:\program files (x86)\acer\empowering technology\edatasecurity\x86\psdprotect.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg64.dll"
+ "ShowBarObj Class" "ActiveToolBand Module" "Egis" "c:\program files (x86)\acer\empowering technology\edatasecurity\x64\activetoolband.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Bing Bar Helper" "Bing Client Extensions" "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\bingext.dll"
+ "Fantapper" "Fantapper Player for Internet Explorer" "Brand Affinity Technologies" "c:\program files (x86)\brand affinity technologies\fantapper player\ieinstaller.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\5.4.4525.1752\swg.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Lexmark Toolbar" "" "" "c:\program files\lexmark toolbar\toolband.dll"
+ "Skype Browser Helper" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Acer eDataSecurity Management" "Acer eDataSecurity Management Explorer Toolbar" "Egis Incorporated." "c:\program files (x86)\acer\empowering technology\edatasecurity\x64\edstoolbar.dll"
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Acer eDataSecurity Management" "Acer eDataSecurity Management Explorer Toolbar" "Egis Incorporated." "c:\program files (x86)\acer\empowering technology\edatasecurity\x86\edstoolbar.dll"
+ "Bing" "Bing Client Extensions" "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\bingext.dll"
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Lexmark Toolbar" "" "" "c:\program files\lexmark toolbar\toolband.dll"
"Task Scheduler" "" "" ""
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs"
+ "\PC Optimizer Pro64 startups" "" "" "File not found: C:\Program Files\PC Optimizer Pro\StartApps.exe"
+ "\{EDF32D92-75E4-4A58-819D-692A5FD4E517}" "Skype " "Skype Technologies S.A." "c:\program files (x86)\skype\phone\skype.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore64.exe"
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "BBSvc" "Keeps Bing Bar up-to-date. Disabling this service might prevent updates and expose your computer to security vulnerabilities or functional flaws in Bing Bar." "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\bbsvc.exe"
+ "BUNAgentSvc" "NTI Backup Now 5 Agent Service" "NewTech Infosystems, Inc." "c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe"
+ "CLHNService" "CLHNService" "" "c:\program files (x86)\acer arcade deluxe\homemedia\kernel\dmp\clhnservice.exe"
+ "eDataSecurity Service" "eDataSecurity Service" "Egis Incorporated" "c:\program files (x86)\acer\empowering technology\edatasecurity\x86\edsservice.exe"
+ "ETService" "Acer Empowering Technology Service" "" "c:\program files\acer\empowering technology\service\etservice.exe"
+ "FTSvc" "Keeps Fantapper Player up-to-date. Disabling this service might prevent updates and expose your computer to security vulnerabilities or functional flaws in Fantapper Player" "Brand Affinity Technologies" "c:\program files (x86)\brand affinity technologies\fantapper player\fantapperupdateservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "IAANTMON" "RAID Monitor" "Intel Corporation" "c:\program files (x86)\intel\intel matrix storage manager\iaantmon.exe"
+ "Kodak AiO Network Discovery Service" "Kodak mDNS Network Discovery Service" "Eastman Kodak Company" "c:\program files (x86)\kodak\aio\center\ekaiohostservice.exe"
+ "Kodak AiO Status Monitor Service" "Kodak Status Monitor SDK Service" "Eastman Kodak Company" "c:\program files (x86)\kodak\aio\statusmonitor\ekprintersdk.exe"
+ "LightScribeService" "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work." "Hewlett-Packard Company" "c:\program files (x86)\common files\lightscribe\lssrvc.exe"
+ "lxdv_device" "Printer Communication System" " " "c:\windows\system32\lxdvcoms.exe"
+ "lxdvCATSCustConnectService" "Lexmark Connect Service Executable" "Lexmark International, Inc." "c:\windows\system32\spool\drivers\x64\3\lxdvserv.exe"
+ "MobilityService" "app" "" "c:\acer\mobility center\mobilityservice.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "NTIBackupSvc" "NTI Backup Now 5 Backup service for backup(restore). " "NewTech InfoSystems, Inc." "c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe"
+ "NTISchedulerSvc" "NTI Backup Now 5 Manage BackupNow backup jobs and etc..." "" "c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "RichVideo" "RichVideo Module" "" "c:\program files (x86)\cyberlink\shared files\richvideo.exe"
+ "SeaPort" "Enables the detection, download and installation of up-to-date configuration files for Bing Bar. Also provides server communication for the customer experience improvement program. Stopping or disabling this service may prevent you from getting the latest updates for Bing Bar, which may expose your computer to security vulnerabilities or functional flaws in the Bing Bar." "Microsoft Corporation" "c:\program files (x86)\microsoft\bingbar\seaport.exe"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "XAudioService" "User-mode gate for Modem Speakerphone" "Conexant Systems, Inc." "c:\windows\system32\drivers\xaudio64.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "CAXHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\caxhwazl.sys"
+ "cpuz132" "" "" "File not found: C:\Users\CHRIST~1\AppData\Local\Temp\cpuz132\cpuz132_x64.sys"
+ "ctxusbm" "Citrix USB Filter Driver" "Citrix Systems, Inc." "c:\windows\system32\drivers\ctxusbm.sys"
+ "DKbFltr" "Dritek 64-bit PS/2 Keyboard Filter Driver" "Dritek System Inc." "c:\windows\syswow64\drivers\dkbfltr.sys"
+ "E1G60" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g6032e.sys"
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\cax_dpv.sys"
+ "HSFHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl6.sys"
+ "iaStor" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "int15" "Acer int15 service" "Acer, Inc." "c:\windows\syswow64\drivers\int15_64.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "IntcHdmiAddService" "Intel® High Definition Audio HDMI" "Intel® Corporation" "c:\windows\system32\drivers\intchdmi.sys"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys"
+ "L1E" "Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller" "Atheros Communications, Inc." "c:\windows\system32\drivers\l1e60x64.sys"
+ "mdmxsdk" "Diagnostic Interface x64 Driver" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "NETw5v64" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw5v64.sys"
+ "NTIDrvr" "NTI CD-ROM Filter Driver" "NewTech Infosystems, Inc." "c:\windows\system32\drivers\ntidrvr.sys"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "PSDFilter" "PSDFilter Filter Driver" "Egis Incorporated" "c:\windows\system32\drivers\psdfilter.sys"
+ "PSDNServ" "PSDNServ Driver" "Egis Incorporated" "c:\windows\system32\drivers\psdnserv.sys"
+ "psdvdisk" "PSDVdisk Driver" "Egis Incorporated" "c:\windows\system32\drivers\psdvdisk.sys"
+ "RTSTOR" "Realtek USB Mass Storage Driver for Vista x64" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtstor64.sys"
+ "SASDIFSV" "SASDIFSV64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv64.sys"
+ "SASKUTIL" "SASKUTIL64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil64.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "sscdbus" "SAMSUNG USB Composite Device Driver" "MCCI Corporation" "c:\windows\system32\drivers\sscdbus.sys"
+ "sscdmdfl" "SAMSUNG Mobile Modem Filter" "MCCI Corporation" "c:\windows\system32\drivers\sscdmdfl.sys"
+ "sscdmdm" "SAMSUNG Mobile Modem Drivers" "MCCI Corporation" "c:\windows\system32\drivers\sscdmdm.sys"
+ "sscdserd" "SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)" "MCCI Corporation" "c:\windows\system32\drivers\sscdserd.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics, Inc." "c:\windows\system32\drivers\syntp.sys"
+ "TcUsb" "TouchChip USB Kernel Driver" "UPEK Inc." "c:\windows\system32\drivers\tcusb.sys"
+ "UBHelper" "NTI CDROM Filter Driver" "NewTech Infosystems Corporation" "c:\windows\system32\drivers\ubhelper.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\cax_cnxt.sys"
+ "winbondcir" "Winbond MCE CIR Port Driver" "Winbond Electronics Corporation" "c:\windows\system32\drivers\winbondcir.sys"
+ "XAudio" "Modem Audio Device Driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\xaudio64.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "CL_EVRWindow" "CLEvr" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\homemedia\kernel\dmp\clevr.dll"
+ "CyberLink AudAna Filter" "CLAudAna" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdaudana.dll"
+ "CyberLink Audio Commercial Cut Analyzer" "CLAudCM" "Cyberlink Corp." "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\video\claudcm.ax"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\clml\claud.ax"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\homemedia\kernel\dmp\claud61.ax"
+ "CyberLink Audio Decoder (PCM45)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\video\claud.ax"
+ "CyberLink Audio Decoder (PLAYMV)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\playmovie\audiofilter\claud.ax"
+ "CyberLink Audio Effect (PCM45)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\video\claudfx.ax"
+ "CyberLink Audio Effect (PLAYMV)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files (x86)\acer arcade deluxe\playmovie\audiofilter\claudfx.ax"
+ "CyberLink Audio Resampler" "CLAuRsmpl.ax" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\clml\claursmpl.ax"
+ "CyberLink Audio Resampler" "CLAuRsmpl.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdaursmpl.ax"
+ "CyberLink Audio Spectrum Analyzer" "CLAudSpa.ax" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\video\claudspa.ax"
+ "CyberLink Audio Spectrum Analyzer (HomeNetwork)" "CLAudSpa.ax" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\homemedia\kernel\dmp\claudspa.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdaudiocd.ax"
+ "CyberLink AudioCD Filter (PCM45)" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\video\claudiocd.ax"
+ "Cyberlink Byte Counter Filter" "Cyberlink Byte Counter Filter" "CyberLink Corporation" "c:\program files (x86)\cyberlink\powerdirector\pdbytecounter.ax"
+ "CyberLink DDR" "CyberLink DDR" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdrender.ax"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\clml\cldemuxer.ax"
+ "CyberLink Demultiplexer (PCM45)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\video\cldemuxer.ax"
+ "CyberLink Demultiplexer(Scramble)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\homemedia\kernel\dmp\cldemuxer.ax"
+ "CyberLink Double Pin Tee" "Cyberlink Double Tee Filter" "CtberLink Corporation" "c:\program files (x86)\cyberlink\powerdirector\pddoubletee.ax"
+ "CyberLink DV Buffer" "CLDVBuffer Filter" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pddvbuffer.ax"
+ "CyberLink DV Dump Filter" "DV dump Filter" "CyberLink Corporation" "c:\program files (x86)\cyberlink\powerdirector\pddvdump.ax"
+ "CyberLink DV Filter" "DVTCR" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pddvtcr.ax"
+ "CyberLink DV Reader Filter" "DVMultReader Filter" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pddvmrd.ax"
+ "Cyberlink DV Scene Detect Filter" "CLDVScnDt" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pddvscndt.ax"
+ "CyberLink DVD Navigator (PCM45)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\video\clnavx.ax"
+ "CyberLink DVD Navigator (PLAYMV)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\playmovie\navfilter\clnavx.ax"
+ "CyberLink Editing Service 4.0 (Source)" "CES Kernel (LT15)" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\cledtkrn.dll"
+ "Cyberlink Gate Filter" "CLGate" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdgate.ax"
+ "CyberLink HDV Source Filter" "CLImage" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdhdvsrc.ax"
+ "CyberLink Line21 Decoder (PLAYMV)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\playmovie\videofilter\clline21.ax"
+ "CyberLink Line21 Decoder Filter (PCM45)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\video\clline21.ax"
+ "CyberLink Load Image Filter" "CLImage (LT15)" "CyberLink" "c:\program files (x86)\cyberlink\shared files\climage.ax"
+ "CyberLink MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\video\clsplter.ax"
+ "CyberLink MPEG Splitter(Scramble)" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\homemedia\kernel\dmp\clsplter.ax"
+ "CyberLink MPEGV Analyzer" "CLMPEGAnalysis" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdh264frameparser.ax"
+ "CyberLink Push-Mode CLStream" "CLStream" "CyberLink" "c:\program files (x86)\acer arcade deluxe\homemedia\kernel\dmp\clstream(pushmode).ax"
+ "CyberLink Push-Mode CLStream (cURL)" "CLStream" "CyberLink" "c:\program files (x86)\acer arcade deluxe\homemedia\kernel\dmp\clstream(multilib).ax"
+ "CyberLink SAC Video Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\homemedia\kernel\dmp\clvsd.ax"
+ "Cyberlink Scene Detect Filter" "CLScnDt" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdscndt.ax"
+ "CyberLink Scene Detect Filter 2" "CLScnDt2" "訊連科技" "c:\program files (x86)\cyberlink\powerdirector\pdscndt2.dll"
+ "CyberLink Scene Detect Filter 2" "CLScnDt2" "訊連科技" "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\clml\clscndt2.dll"
+ "CyberLink SnapShot Filter" "CLSnapShot Filter" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdsnapshot.ax"
+ "CyberLink Stamp Effect" "" "CyberLink corporate" "c:\program files (x86)\cyberlink\powerdirector\pdstampeffect.ax"
+ "Cyberlink Streamming Filter" "Cyberlink Streaming Source Filter(Scramble)" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\homemedia\kernel\dmp\clstream.ax"
+ "Cyberlink Sub-Picture Filter" "Cyberlink Sub-Picture Filter" "Cyberlink" "c:\program files (x86)\cyberlink\powerdirector\pdsubpic.ax"
+ "Cyberlink SubTitle (PMV)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\playmovie\videofilter\clsubtitle.ax"
+ "Cyberlink SubTitle Importor (PCM45)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\video\clsubtitle.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\video\clauts.ax"
+ "CyberLink TimeStretch Filter (PLAYMV)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\playmovie\audiofilter\clauts.ax"
+ "CyberLink TimeStretch Filter(HomeNetwork)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\homemedia\kernel\dmp\clauts.ax"
+ "CyberLink TL MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\clml\cltlmsplter.ax"
+ "CyberLink Transform Tee" "CyberLink Transform Tee" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdtee.ax"
+ "CyberLink Tzan Filter (PLAYMV)" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\playmovie\videofilter\cltzan.ax"
+ "CyberLink VAudAna Filter" "CLVAudAna" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdvaudana.dll"
+ "CyberLink VidAna Filter" "CLVidAna" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdvidana.dll"
+ "CyberLink Video Effect (PCM45)" "CLVidFx" "CyberLink" "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\video\clvidfx.ax"
+ "CyberLink Video Regulator" "CLRGL" "Cyberlink" "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\clml\clrgl.ax"
+ "Cyberlink Video Regulator" "CyberLink Video Regulator" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdresample.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\clml\clvsd.ax"
+ "CyberLink Video/SP Decoder (PCM45)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\video\clvsd.ax"
+ "CyberLink Video/SP Decoder (PLAYMV)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\acer arcade deluxe\playmovie\videofilter\clvsd.ax"
+ "CyberLink WMV/WMA Demultiplexer" "WMV/WMA Demux" "CyberLink" "c:\program files (x86)\acer arcade deluxe\homemedia\kernel\dmp\clwmfdemux.ax"
+ "CyberLink YUY2 DeInterlace" "DitlYuY2" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdditlyuy2.ax"
+ "CyberLink YUY2 Sub-Sampling" "SubYUY2 Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdsubyuy2.ax"
+ "Frame Drop Filter" "TODO: <File description>" "TODO: <Company name>" "c:\program files (x86)\cyberlink\powerdirector\pdframedrop.ax"
+ "IDM Filter" "idmf" "Cyberlink" "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\clml\idmf.ax"
+ "IDM Filter" "idmf" "Cyberlink" "c:\program files (x86)\cyberlink\powerdirector\pdidmf.ax"
+ "IDM Filter" "idmf" "Cyberlink" "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\video\idmf.ax"
+ "PDR Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdaud.ax"
+ "PDR Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files (x86)\cyberlink\powerdirector\pdaudfx.ax"
+ "PDR Audio Encoder" "CyberLink Audio Encoder Filter" "Cyberlink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdaudenc.ax"
+ "PDR Audio Noise Reduction" "CLAuNR" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\claunrwrapper.ax"
+ "PDR Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pddemuxer.ax"
+ "PDR Dump Dispatch Filter" "Cyberlink File Dump Dispatch Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pddumpdispatch.ax"
+ "PDR Dump Filter" "Cyberlink File Dump Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pddump.ax"
+ "PDR DVSD Modifier" "Cyberlink DVSD Modifier" "Cyberlink Corp." "c:\program files (x86)\cyberlink\powerdirector\dvsdmodifier.ax"
+ "PDR File Reader (Async)" "Cyberlink MPEG File Reader" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdreader.ax"
+ "PDR H.264/AVC Decoder" "CyberLink 264 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pd264dec.ax"
+ "PDR M2V Writer" "CLM2VWriter" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdm2vwriter.ax"
+ "PDR MPEG Muxer" "MpgMux" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdmpgmux.ax"
+ "PDR MPEG Video Encoder" "CyberLink MPEG Video Encoder " "CyberLink Corp. " "c:\program files (x86)\cyberlink\powerdirector\pdvidenc.ax"
+ "PDR MPEG-1 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdm1splter.ax"
+ "PDR MPEG-2 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdm2splter.ax"
+ "PDR MPEG-4 Muxer" "PDR MPEG-4 Muxer" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdm4muxer.ax"
+ "PDR MPEG-4 Splitter" "PDR MPEG-4 Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdm4splt.ax"
+ "PDR MPEG1/2 Video Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdvsd.ax"
+ "PDR SnapShotTIP Filter" "CLSShot" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdsshot.ax"
+ "PDR TimeStretch Filter(CES)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\clauts.ax"
+ "PDR TL MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdtlmsplter.ax"
+ "PDR TS Information" "CLTSInfo" "Cyberlink" "c:\program files (x86)\cyberlink\powerdirector\pdtsinfo.ax"
+ "PDR Video Effect" "CLVidFx" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\clvidfx.ax"
+ "PDR Video Regulator" "Video Regulator" "Cyberlink" "c:\program files (x86)\cyberlink\powerdirector\clrgl.ax"
+ "PDR Video Stabilizer" "CLVideoDeShaking" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\clvideostabilizer.ax"
+ "PDR WAV Dest" "CLWavDest" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdwavdest.ax"
+ "QTSrc" "QuickTime Source Filter" "CyberLink Corp" "c:\program files (x86)\cyberlink\shared files\clqtsrc.ax"
+ "QTWriter" "CLQTFileWriter" "Cyberlink" "c:\program files (x86)\cyberlink\powerdirector\pdqtfilewriter.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "RMWriter" "CLRMFileWriter" "Cyberlink" "c:\program files (x86)\cyberlink\powerdirector\pdrmfilewriter.ax"
+ "SlideShow" "" "" "c:\program files (x86)\newtech infosystems\nti media maker 8\photo maker\slideshow.ax"
+ "Time Regulator" "TimeRegulator" "cyberlink" "c:\program files (x86)\cyberlink\powerdirector\pdavi_audtr.ax"
+ "WAV Dest" "" "" "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\clml\wavdest.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKCU\Control Panel\Desktop\Scrnsave.exe" "" "" ""
+ "C:\Windows\System32\acer.scr" "" "" "c:\windows\system32\acer.scr"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Fax Lexmark X5400 Series Port" "" "" "c:\windows\system32\lxdvpmon.dll"
+ "KODAK All-in-One Printer" "" "" "File not found: EKAiO2MON.dll"
+ "X5400 Series Port" "Printer Communication System" " " "c:\windows\system32\lxdvlmpm.dll"
"C:\Users\Christine\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Calendar" "Browse the days of the calendar." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\gadgets\Calendar.Gadget\en-US\Gadget.xml"
+ "Clock" "Watch the clock in your own time zone or any city in the world." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\Clock.Gadget\en-US\Gadget.xml"
+ "Slide Show" "Show a continuous slide show of your pictures." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\gadgets\SlideShow.gadget\en-US\Gadget.xml"


Looks like the rkill detected zeroaccess rootkit activity! Glad I asked for an opinion, didn't think about running it before.

Heading out to work will be back after 7 tonight.

4

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 AM

Posted 06 September 2012 - 08:04 AM

Press Windows+R key and type

notepad and click ok

Copy this script
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
  65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

Click on FILE-SAVE AS

Filename:fix.reg
Save as :All files

Launch the FIX.REG

Click YES when you receive a prompt

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Users\Christine\AppData\Local\{8b0fae4a-19a3-fae5-2593-c19dd00619c3}

delete the folder

Run RKILL again and post the new log

#9 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 AM

Posted 06 September 2012 - 09:37 PM

ok deleted the designated folder and here is the new rkill log:

Rkill 2.3.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/06/2012 07:34:20 PM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Users\CHRIST~1\AppData\Local\Temp\RtkBtMnt.exe (PID: 3912) [SUP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* WinDefend [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/06/2012 07:34:31 PM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 AM

Posted 06 September 2012 - 09:39 PM

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows-vista/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

Edited by narenxp, 06 September 2012 - 09:42 PM.


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 AM

Posted 06 September 2012 - 09:48 PM

Forgot this one,you're missing a registry key

Download

windefend

Launch it,click YES

good luck

#12 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 AM

Posted 06 September 2012 - 10:14 PM

All steps have been completed and I thank you for your assistance.

I find it amazing that all the scans I ran and all the items I removed but yet it was merely a surface cleaning and further tools were needed to get to the root of it.

I noticed after all this was completed there are two "desktop.ini" icons that are grayed out on the desktop and they dated as modified in 2009.

Ok to delete these?

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 AM

Posted 06 September 2012 - 10:21 PM

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Dont show hidden files
Checkmark Hide operating system files


Click ok

Edited by narenxp, 06 September 2012 - 10:21 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users