Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think I have Google redirect virus.....


  • Please log in to reply
13 replies to this topic

#1 frankenmusic

frankenmusic

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 16 September 2012 - 06:40 PM

When I use yahoo search, google, or bing, I get redirected when I click on links to other sites. Let's say I search for a movie title, and then click on wikipedia to read about the movie, I get redirected to things like "searchmany.com". I was getting redirected to something called "bts.scour.com". I've been avoiding the redirection by copy and pasting the link and going to sites that way. I appreciate any help. I've tried MBAM, AVG (paid version I bought 6 months ago), superantispyware, windows security essentials, and I think that is all. I tried watching tutorials, but I'm afraid to mess something up. Any info or help is much appreciated. I'm hoping to get rid of this completely. I promise to be patient with the process and won't expect miracles right away. Thank you so much for having this site!!!!

I have an ASUS touchscreen, core i3, Windows 7

Edited by frankenmusic, 16 September 2012 - 06:42 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:27 AM

Posted 16 September 2012 - 06:43 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 frankenmusic

frankenmusic
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 16 September 2012 - 07:40 PM

Wow. That was fast! Here is the TDSS LOG-

19:45:27.0427 6020 TDPIPE - ok
19:45:27.0456 6020 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:45:27.0456 6020 TDTCP - ok
19:45:27.0472 6020 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:45:27.0473 6020 tdx - ok
19:45:27.0483 6020 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:45:27.0484 6020 TermDD - ok
19:45:27.0506 6020 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:45:27.0513 6020 TermService - ok
19:45:27.0527 6020 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:45:27.0529 6020 Themes - ok
19:45:27.0542 6020 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:45:27.0543 6020 THREADORDER - ok
19:45:27.0557 6020 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:45:27.0560 6020 TrkWks - ok
19:45:27.0597 6020 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:45:27.0599 6020 TrustedInstaller - ok
19:45:27.0613 6020 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:45:27.0614 6020 tssecsrv - ok
19:45:27.0619 6020 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:45:27.0620 6020 TsUsbFlt - ok
19:45:27.0624 6020 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:45:27.0625 6020 TsUsbGD - ok
19:45:27.0638 6020 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:45:27.0639 6020 tunnel - ok
19:45:27.0645 6020 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:45:27.0646 6020 uagp35 - ok
19:45:27.0657 6020 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:45:27.0659 6020 udfs - ok
19:45:27.0670 6020 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:45:27.0672 6020 UI0Detect - ok
19:45:27.0689 6020 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:45:27.0689 6020 uliagpkx - ok
19:45:27.0700 6020 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:45:27.0700 6020 umbus - ok
19:45:27.0708 6020 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:45:27.0708 6020 UmPass - ok
19:45:27.0744 6020 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
19:45:27.0746 6020 UMVPFSrv - ok
19:45:27.0814 6020 [ 374EBDA379A8F38E0CFC2211611E7167 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:45:27.0827 6020 UNS - ok
19:45:27.0841 6020 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:45:27.0844 6020 upnphost - ok
19:45:27.0862 6020 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:45:27.0863 6020 usbaudio - ok
19:45:27.0885 6020 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:45:27.0886 6020 usbccgp - ok
19:45:27.0890 6020 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:45:27.0891 6020 usbcir - ok
19:45:27.0897 6020 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:45:27.0898 6020 usbehci - ok
19:45:27.0911 6020 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
19:45:27.0913 6020 usbhub - ok
19:45:27.0927 6020 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:45:27.0928 6020 usbohci - ok
19:45:27.0932 6020 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
19:45:27.0932 6020 usbprint - ok
19:45:27.0936 6020 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:45:27.0937 6020 USBSTOR - ok
19:45:27.0940 6020 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:45:27.0941 6020 usbuhci - ok
19:45:27.0965 6020 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:45:27.0966 6020 usbvideo - ok
19:45:27.0975 6020 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:45:27.0976 6020 UxSms - ok
19:45:27.0982 6020 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:45:27.0983 6020 VaultSvc - ok
19:45:27.0996 6020 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:45:27.0996 6020 vdrvroot - ok
19:45:28.0016 6020 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:45:28.0020 6020 vds - ok
19:45:28.0033 6020 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:45:28.0033 6020 vga - ok
19:45:28.0051 6020 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:45:28.0051 6020 VgaSave - ok
19:45:28.0068 6020 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:45:28.0070 6020 vhdmp - ok
19:45:28.0079 6020 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:45:28.0080 6020 viaide - ok
19:45:28.0092 6020 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:45:28.0093 6020 volmgr - ok
19:45:28.0107 6020 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:45:28.0109 6020 volmgrx - ok
19:45:28.0125 6020 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:45:28.0127 6020 volsnap - ok
19:45:28.0141 6020 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:45:28.0142 6020 vsmraid - ok
19:45:28.0181 6020 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:45:28.0190 6020 VSS - ok
19:45:28.0194 6020 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:45:28.0194 6020 vwifibus - ok
19:45:28.0209 6020 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:45:28.0211 6020 W32Time - ok
19:45:28.0215 6020 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:45:28.0216 6020 WacomPen - ok
19:45:28.0229 6020 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:45:28.0229 6020 WANARP - ok
19:45:28.0232 6020 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:45:28.0233 6020 Wanarpv6 - ok
19:45:28.0277 6020 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:45:28.0282 6020 WatAdminSvc - ok
19:45:28.0310 6020 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:45:28.0317 6020 wbengine - ok
19:45:28.0329 6020 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:45:28.0331 6020 WbioSrvc - ok
19:45:28.0347 6020 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:45:28.0349 6020 wcncsvc - ok
19:45:28.0357 6020 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:45:28.0358 6020 WcsPlugInService - ok
19:45:28.0361 6020 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:45:28.0362 6020 Wd - ok
19:45:28.0383 6020 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:45:28.0385 6020 Wdf01000 - ok
19:45:28.0391 6020 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:45:28.0393 6020 WdiServiceHost - ok
19:45:28.0396 6020 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:45:28.0397 6020 WdiSystemHost - ok
19:45:28.0416 6020 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:45:28.0418 6020 WebClient - ok
19:45:28.0426 6020 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:45:28.0428 6020 Wecsvc - ok
19:45:28.0441 6020 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:45:28.0443 6020 wercplsupport - ok
19:45:28.0446 6020 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:45:28.0447 6020 WerSvc - ok
19:45:28.0460 6020 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:45:28.0460 6020 WfpLwf - ok
19:45:28.0474 6020 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:45:28.0474 6020 WIMMount - ok
19:45:28.0489 6020 WinDefend - ok
19:45:28.0492 6020 WinHttpAutoProxySvc - ok
19:45:28.0539 6020 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:45:28.0541 6020 Winmgmt - ok
19:45:28.0590 6020 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:45:28.0606 6020 WinRM - ok
19:45:28.0631 6020 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:45:28.0632 6020 WinUsb - ok
19:45:28.0659 6020 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:45:28.0664 6020 Wlansvc - ok
19:45:28.0688 6020 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:45:28.0689 6020 wlcrasvc - ok
19:45:28.0738 6020 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:45:28.0748 6020 wlidsvc - ok
19:45:28.0752 6020 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:45:28.0752 6020 WmiAcpi - ok
19:45:28.0768 6020 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:45:28.0769 6020 wmiApSrv - ok
19:45:28.0782 6020 WMPNetworkSvc - ok
19:45:28.0796 6020 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:45:28.0798 6020 WPCSvc - ok
19:45:28.0803 6020 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:45:28.0805 6020 WPDBusEnum - ok
19:45:28.0817 6020 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:45:28.0817 6020 ws2ifsl - ok
19:45:28.0840 6020 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:45:28.0842 6020 wscsvc - ok
19:45:28.0844 6020 WSearch - ok
19:45:28.0917 6020 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:45:28.0937 6020 wuauserv - ok
19:45:28.0953 6020 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:45:28.0954 6020 WudfPf - ok
19:45:28.0962 6020 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:45:28.0963 6020 WUDFRd - ok
19:45:28.0972 6020 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:45:28.0973 6020 wudfsvc - ok
19:45:28.0985 6020 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:45:28.0987 6020 WwanSvc - ok
19:45:28.0992 6020 ================ Scan global ===============================
19:45:29.0009 6020 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:45:29.0025 6020 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:45:29.0030 6020 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:45:29.0050 6020 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:45:29.0060 6020 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:45:29.0062 6020 [Global] - ok
19:45:29.0062 6020 ================ Scan MBR ==================================
19:45:29.0078 6020 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:45:29.0209 6020 \Device\Harddisk0\DR0 - ok
19:45:29.0218 6020 [ 1AD6FF28AB71A023DF712D40C4F54DFA ] \Device\Harddisk1\DR1
19:45:30.0958 6020 \Device\Harddisk1\DR1 - ok
19:45:30.0958 6020 ================ Scan VBR ==================================
19:45:30.0969 6020 [ 8AF6F4B9DF6DB39F4AEB0621521ADA73 ] \Device\Harddisk0\DR0\Partition1
19:45:30.0971 6020 \Device\Harddisk0\DR0\Partition1 - ok
19:45:30.0972 6020 ============================================================
19:45:30.0972 6020 Scan finished
19:45:30.0972 6020 ============================================================
19:45:30.0981 5224 Detected object count: 0
19:45:30.0981 5224 Actual detected object count: 0

Here is the aswmbr log-


C:\Boot\BCD Locked file. Not tested.
C:\Boot\BCD.LOG Locked file. Not tested.
C:\Documents and Settings\ Locked file. Not tested.
C:\hiberfil.sys Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\ProgramData\Desktop\ Locked file. Not tested.
C:\ProgramData\Documents\ Locked file. Not tested.
C:\ProgramData\Favorites\ Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\06c0ae54399415f15fae8453d626b43e_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\09f0e093ce6b3c396564d6cba6158e65_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0aef119173ad8d69fab680a66034abd2_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0eeb978587b36c2aae882da72cc18e84_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\15f78b84d97a77f484a08064fd3314d0_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1bfed20b2277d6562ba274b438f4d0bf_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1ccf99fe35e9b7a0d305d26cd6445ce8_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1dc25a3e7c29e90dbf79694a40843325_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\23cc226b68d2afb9fbe94fc36ec1fc5b_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2708710c7c4d85524ef68507ef063722_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\28fa0c57155b9e540a0d94d0149d0ce3_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2c8c478efea5d739db15f464cf2f41af_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2e40bf471b294b2214cb429764c92798_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2e4ab0e3449fe526c5ae12c643ee4521_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\302e25149575800edf02ec785e683806_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\30744fba9d453bbf75bcad094a7546a5_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\331f08326b047c0c5a2d3c299cf048ca_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\33a9e15958679e6a1f94318f333d7025_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\34c61a312fe737f01afa2e0c64e337ab_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3b133419aca4b0c11006072717aa436f_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3f5d899b770b4d785a40db33526c7e06_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\40c57b2894e3941e8d4ad380b55ffcb0_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\41a4277562c832612d8108fca19c2f48_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\44aa5e86524b96f6ca4382c0f1702a99_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4977c108dde7933686a033730f1b57f8_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4a8a0188e024d447b2e55a04f7e22a61_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4e67a74f36e5bacaa69597e6b61a83e3_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\51bd89a3f1f9843cb6e84fe5f1d3a46d_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\55a0fbe75b2460f9234c236c8f3dc501_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\57800b1b5a77c52b671e7998890567fe_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\596bfcc27cf4e17676f86a6ca59ec6df_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\62328825e9a7259bed6e55ddc9308357_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\66a8354508afcf69e6338eaaa3019f8f_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6812984152a11786ef75480959879e69_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\699ad6bc65dc421d4ac0393617bb0000_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6ce0d0b0e9cfab9932684e337164c893_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6f0840f4417ad59c2bd4744939c7346f_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\753af6b2631493155fee9b110dcb870a_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\75667b26178f248d181cd6b1e9adbba7_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\76194d74391a8f486bcc897959f2fd95_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7cefb4e749bf17c52b8735f036866892_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7f95e21682930f9bfdbb37a5a74fa7cb_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\81764347c9d773bfac11d03ae55de913_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8b49258a53cc114d9ed6a5c50c6a281b_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\923a414d56dd228aef425f778c6825f7_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9a4e0ffbf0ebf5d652b1d5ed3c5e86b9_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9df1c46b2cb3db8b5aeccff0ab365318_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a3b185d5b04f5a0dd1736a078b64274d_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a59c85c7780d8b11e65a6ac70c4a5928_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a5ea705238a5504eb07aec532d2c848f_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ac2ff955bb8229ff2400744bef67fd2d_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae70beac9d64f731c9a726c43b1a200e_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae794371db12cf23b359968d8e33a8a2_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b8fa7e691bdac29b43b4d15a54b0bdfc_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bad956e2c4a297bdeffc4a44ed629120_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bb53cea8053ee3c129e99198d139f6c8_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bf44cf7b6403e6c84efefdb26a2f17cc_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c08fb952b48d3c607a12edb5d287d74b_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c192ad428ac7bfeeb38cf7e9a3700a14_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cc3a5c792d0be8e1680b77dd9b0cb343_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d15ab0b32adcbc803a0edad63b832d99_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d17e55c32fa0deca296b69a716588828_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d9c51e780ffe3d0df5498d5c55fdfb1b_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dd330f1a6a02507ce46b4742c728e3a2_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e414281cbb45c6e577cfc969fa8cd62d_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e6c142e4cc2f36a76dda9f410223eb1e_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f01b3dc7079102cbc62569912f79a560_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f4f0c479ef5eb26300d0334510d5d59d_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f581ef791c43aaedf243cf4d767ab658_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f6e2968cb06bd284325a57042ac12a92_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fbef6cb5de44a490adc7b394a8992a83_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fcf8c3ec5e4cb7e37d0f26720e1e9364_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fd4e629d347ca393fd2b2492ec5ea743_f82dad17-091b-460c-90d7-c7112736fed0 Locked file. Not tested.
C:\ProgramData\Microsoft\Microsoft Antimalware\IMpServiceEDB4FA23-53B8-4AFA-8C5D-99752CCA7094.lock Locked file. Not tested.
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-0.bin Locked file. Not tested.
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin Locked file. Not tested.
C:\ProgramData\Templates\ Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\Users\Default\AppData\Local\History\ Locked file. Not tested.
C:\Users\Default\AppData\Local\Temporary Internet Files\ Locked file. Not tested.
C:\Users\Default\Cookies\ Locked file. Not tested.
C:\Users\Default\Documents\My Music\ Locked file. Not tested.
C:\Users\Default\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Default\Documents\My Videos\ Locked file. Not tested.
C:\Users\Default\NetHood\ Locked file. Not tested.
C:\Users\Default\PrintHood\ Locked file. Not tested.
C:\Users\Default\Recent\ Locked file. Not tested.
C:\Users\Default\Templates\ Locked file. Not tested.
C:\Users\kenny\AppData\Local\History\ Locked file. Not tested.
C:\Users\kenny\AppData\Local\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Users\kenny\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Locked file. Not tested.
C:\Users\kenny\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Locked file. Not tested.
C:\Users\kenny\AppData\Roaming\Mozilla\Firefox\Profiles\dqv5658z.default\parent.lock Locked file. Not tested.
C:\Users\kenny\Documents\My Music\ Locked file. Not tested.
C:\Users\kenny\Documents\My Pictures\ Locked file. Not tested.
C:\Users\kenny\Documents\My Videos\ Locked file. Not tested.
C:\Users\kenny\NetHood\ Locked file. Not tested.
C:\Users\kenny\ntuser.dat Locked file. Not tested.
C:\Users\kenny\ntuser.dat.LOG1 Locked file. Not tested.
C:\Users\kenny\ntuser.dat.LOG2 Locked file. Not tested.
C:\Users\kenny\PrintHood\ Locked file. Not tested.
C:\Users\kenny\Templates\ Locked file. Not tested.
C:\Users\kids\AppData\Local\History\ Locked file. Not tested.
C:\Users\kids\AppData\Local\Temp\~DF1E831B5BE65B5B86.TMP Locked file. Not tested.
C:\Users\kids\AppData\Local\Temp\~DF39F86159E140B9B0.TMP Locked file. Not tested.
C:\Users\kids\AppData\Local\Temp\~DF4D50F2B3A0ECA253.TMP Locked file. Not tested.
C:\Users\kids\AppData\Local\Temp\~DFF9040CB6A435367D.TMP Locked file. Not tested.
C:\Users\kids\Documents\My Music\ Locked file. Not tested.
C:\Users\kids\Documents\My Pictures\ Locked file. Not tested.
C:\Users\kids\Documents\My Videos\ Locked file. Not tested.
C:\Users\kids\NetHood\ Locked file. Not tested.
C:\Users\kids\PrintHood\ Locked file. Not tested.
C:\Users\kids\Templates\ Locked file. Not tested.
C:\Users\Public\Documents\My Music\ Locked file. Not tested.
C:\Users\Public\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Public\Documents\My Videos\ Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 Locked file. Not tested.
C:\Windows\System32\catroot2\edb.log Locked file. Not tested.
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\config\default Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG1 Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG2 Locked file. Not tested.
C:\Windows\System32\config\RegBack\DEFAULT Locked file. Not tested.
C:\Windows\System32\config\RegBack\SAM Locked file. Not tested.
C:\Windows\System32\config\RegBack\SECURITY Locked file. Not tested.
C:\Windows\System32\config\RegBack\SOFTWARE Locked file. Not tested.
C:\Windows\System32\config\RegBack\SYSTEM Locked file. Not tested.
C:\Windows\System32\config\sam Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG2 Locked file. Not tested.
C:\Windows\System32\config\security Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG2 Locked file. Not tested.
C:\Windows\System32\config\software Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG2 Locked file. Not tested.
C:\Windows\System32\config\system Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG2 Locked file. Not tested.
C:\Windows\System32\LogFiles\WMI\RtBackup\ Locked file. Not tested.

------------------------------------------------------------
Test started: 11.9.2012 18:31:29
Duration of test: 11 minute(s) 47 second(s)
------------------------------------------------------------
Objects scanned : 1263182
Found infections : 0
Found PUPs : 0
Healed infections : 0
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------

Here is the ESET log-


C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\kenny\AppData\Local\Temp\YontooSetup-Silent.exe Win32/Adware.Yontoo application cleaned by deleting - quarantined
C:\Users\kenny\AppData\Local\Temp\AccuInstall8628\InstallHelper.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\kenny\AppData\Local\Temp\AccuInstall9028\PageRageInstall.exe probably a variant of Win32/Adware.DMXPQVJ application cleaned by deleting - quarantined
C:\Users\kenny\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\kenny\Downloads\fTalkV3.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:27 AM

Posted 16 September 2012 - 07:50 PM

Run ASWMBR again and post the new log


Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.



Download

adware cleaner

Launch it click on Delete

post the generated log

#5 frankenmusic

frankenmusic
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 16 September 2012 - 08:34 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-16 19:53:07
-----------------------------
19:53:07.461 OS Version: Windows x64 6.1.7601 Service Pack 1
19:53:07.461 Number of processors: 4 586 0x2A07
19:53:07.462 ComputerName: KENNY-PC UserName: kenny
19:53:10.613 Initialize success
19:53:51.148 AVAST engine defs: 12091400
19:54:00.481 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:54:00.484 Disk 0 Vendor: ST310005 JC45 Size: 953869MB BusType: 3
19:54:00.487 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000087
19:54:00.489 Disk 1 Vendor: Size: 953869MB BusType: 0
19:54:00.506 Disk 0 MBR read successfully
19:54:00.510 Disk 0 MBR scan
19:54:00.515 Disk 0 Windows 7 default MBR code
19:54:00.520 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 10240 MB offset 2048
19:54:00.557 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 943587 MB offset 20973568
19:54:00.604 Disk 0 Partition 3 00 EF EFI FAT 39 MB offset 1953441536
19:54:00.671 Disk 0 scanning C:\Windows\system32\drivers
19:54:13.359 Service scanning
19:54:33.790 Modules scanning
19:54:33.800 Disk 0 trace - called modules:
19:54:33.822 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:54:33.829 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006619060]
19:54:33.834 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800471d050]
19:54:38.883 AVAST engine scan C:\Windows
19:54:43.711 AVAST engine scan C:\Windows\system32
19:57:20.589 AVAST engine scan C:\Windows\system32\drivers
19:57:32.135 AVAST engine scan C:\Users\kenny
19:59:52.023 AVAST engine scan C:\ProgramData
20:00:49.969 Scan finished successfully
20:01:47.421 Disk 0 MBR has been saved successfully to "C:\Users\kenny\Documents\MBR.dat"
20:01:47.459 The log file has been saved successfully to "C:\Users\kenny\Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-16 20:54:38
-----------------------------
20:54:38.406 OS Version: Windows x64 6.1.7601 Service Pack 1
20:54:38.406 Number of processors: 4 586 0x2A07
20:54:38.406 ComputerName: KENNY-PC UserName: kenny
20:54:42.774 Initialze error C000010E - driver not loaded
20:54:43.028 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
20:55:54.694 AVAST engine defs: 12091400
20:56:46.928 Service scanning
20:57:07.303 Modules scanning
20:57:07.308 Disk 0 trace - called modules:
20:57:07.311
20:57:10.137 AVAST engine scan C:\Windows
20:57:13.075 AVAST engine scan C:\Windows\system32
20:59:37.616 AVAST engine scan C:\Windows\system32\drivers
20:59:52.876 AVAST engine scan C:\Users\kenny
21:01:17.700 AVAST engine scan C:\ProgramData
21:01:52.628 Scan finished successfully
21:03:04.196 The log file has been saved successfully to "C:\Users\kenny\Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-16 21:05:28
-----------------------------
21:05:28.862 OS Version: Windows x64 6.1.7601 Service Pack 1
21:05:28.862 Number of processors: 4 586 0x2A07
21:05:28.863 ComputerName: KENNY-PC UserName: kenny
21:05:31.642 Initialize success
21:07:09.802 AVAST engine defs: 12091400
21:08:05.646 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:08:05.648 Disk 0 Vendor: ST310005 JC45 Size: 953869MB BusType: 3
21:08:05.685 Disk 0 MBR read successfully
21:08:05.687 Disk 0 MBR scan
21:08:05.724 Disk 0 Windows 7 default MBR code
21:08:05.730 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 10240 MB offset 2048
21:08:05.758 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 943587 MB offset 20973568
21:08:05.806 Disk 0 Partition 3 00 EF EFI FAT 39 MB offset 1953441536
21:08:05.861 Disk 0 scanning C:\Windows\system32\drivers
21:08:18.631 Service scanning
21:08:37.916 Modules scanning
21:08:37.925 Disk 0 trace - called modules:
21:08:37.941 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:08:38.273 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006619060]
21:08:38.279 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800471d050]
21:08:40.938 AVAST engine scan C:\Windows
21:09:02.868 AVAST engine scan C:\Windows\system32
21:12:08.922 AVAST engine scan C:\Windows\system32\drivers
21:12:21.018 AVAST engine scan C:\Users\kenny
21:14:00.770 AVAST engine scan C:\ProgramData
21:14:43.470 Scan finished successfully
21:14:59.250 Disk 0 MBR has been saved successfully to "C:\Users\kenny\Documents\MBR.dat"
21:14:59.254 The log file has been saved successfully to "C:\Users\kenny\Documents\aswMBR.txt"


Mini Toolbox Log-


MiniToolBox by Farbar Version: 23-07-2012
Ran by kenny (administrator) on 16-09-2012 at 21:29:56
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

# ::1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : kenny-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 1C-75-08-6D-15-8C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ec40:d946:9a92:e61%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.36(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, September 16, 2012 9:22:21 PM
Lease Expires . . . . . . . . . . : Sunday, September 23, 2012 9:22:21 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 236745992
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-C8-41-6F-1C-75-08-6D-15-8C
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{410207A3-2356-45AA-A5A9-14439E525D54}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:4c0:21d5:b446:cac2(Preferred)
Link-local IPv6 Address . . . . . : fe80::4c0:21d5:b446:cac2%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: www
Address: 192.168.0.1

Name: google.com
Addresses: 2607:f8b0:4009:800::1003
74.125.225.97
74.125.225.98
74.125.225.99
74.125.225.100
74.125.225.101
74.125.225.102
74.125.225.103
74.125.225.104
74.125.225.105
74.125.225.110
74.125.225.96


Pinging google.com [74.125.225.100] with 32 bytes of data:
Reply from 74.125.225.100: bytes=32 time=20ms TTL=56
Reply from 74.125.225.100: bytes=32 time=18ms TTL=56

Ping statistics for 74.125.225.100:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 20ms, Average = 19ms
Server: www
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=115ms TTL=49
Reply from 98.138.253.109: bytes=32 time=103ms TTL=50

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 103ms, Maximum = 115ms, Average = 109ms
Server: www
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...1c 75 08 6d 15 8c ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.36 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.36 276
192.168.0.36 255.255.255.255 On-link 192.168.0.36 276
192.168.0.255 255.255.255.255 On-link 192.168.0.36 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.36 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.36 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:9d38:953c:4c0:21d5:b446:cac2/128
On-link
11 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::4c0:21d5:b446:cac2/128
On-link
11 276 fe80::ec40:d946:9a92:e61/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/16/2012 09:24:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2012 08:39:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/16/2012 08:03:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/16/2012 06:51:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2012 06:00:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2012 00:17:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2012 11:51:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2012 03:07:43 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2012 00:54:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2012 00:53:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: TabTip.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcae7
Faulting module name: InkObj.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdf4d
Exception code: 0xc0000005
Fault offset: 0x00000000000433fd
Faulting process id: 0x10c4
Faulting application start time: 0xTabTip.exe0
Faulting application path: TabTip.exe1
Faulting module path: TabTip.exe2
Report Id: TabTip.exe3


System errors:
=============
Error: (09/16/2012 09:23:04 PM) (Source: DCOM) (User: )
Description: C:\Windows\System32\wisptis.exe -Embedding740{A5B020FD-E04B-4E67-B65A-E7DEED25B2CF}

Error: (09/16/2012 09:22:22 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends the following service: AVGIDSDriver. This service might not be installed.

Error: (09/16/2012 06:49:43 PM) (Source: DCOM) (User: )
Description: C:\Windows\System32\wisptis.exe -Embedding740{A5B020FD-E04B-4E67-B65A-E7DEED25B2CF}

Error: (09/16/2012 06:49:30 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends the following service: AVGIDSDriver. This service might not be installed.

Error: (09/16/2012 05:59:14 PM) (Source: DCOM) (User: )
Description: C:\Windows\System32\wisptis.exe -Embedding740{A5B020FD-E04B-4E67-B65A-E7DEED25B2CF}

Error: (09/16/2012 05:59:03 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends the following service: AVGIDSDriver. This service might not be installed.

Error: (09/14/2012 00:51:00 PM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (09/14/2012 00:15:53 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends the following service: AVGIDSDriver. This service might not be installed.

Error: (09/14/2012 00:14:03 AM) (Source: DCOM) (User: )
Description: C:\Windows\System32\wisptis.exe -Embedding740{A5B020FD-E04B-4E67-B65A-E7DEED25B2CF}

Error: (09/14/2012 00:13:53 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends the following service: AVGIDSDriver. This service might not be installed.


Microsoft Office Sessions:
=========================
Error: (09/16/2012 09:24:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2012 08:39:50 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\kenny\Downloads\esetsmartinstaller_enu.exe

Error: (09/16/2012 08:03:48 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\kenny\Downloads\esetsmartinstaller_enu.exe

Error: (09/16/2012 06:51:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2012 06:00:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2012 00:17:33 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2012 11:51:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2012 03:07:43 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2012 00:54:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2012 00:53:44 PM) (Source: Application Error)(User: )
Description: TabTip.exe6.1.7600.163854a5bcae7InkObj.dll6.1.7600.163854a5bdf4dc000000500000000000433fd10c401cd91072a325556C:\Program Files\Common Files\microsoft shared\ink\TabTip.exeC:\Program Files\Common Files\Microsoft Shared\Ink\InkObj.dll69759d61-fcfa-11e1-b73a-1c75086d158c


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 1.2.0)
7-Zip 9.20
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Reader X (10.1.4) MUI (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
AI Suite II (Version: 1.01.30)
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.12.9.0)
ASUS Ai Charger (Version: 1.00.09)
ASUS Cam (Version: 3.1.4022)
ASUS Cinema (Version: 7.1.5417)
ASUS Docking (Version: 3.11.0)
ASUS Easy Update (Version: 2.00.18)
ASUS Manager Suite (Version: 3.00.02)
ASUS Memo (Version: 1.19.12)
ASUS Paint (Version: 1.2.3013)
ASUS Touch Tech (Version: 1.0.6)
AsusVibe2.0 (Version: 2.0.9.157)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 2012.0.2221)
AVG PC Tuneup (Version: 10.0.0.27)
Best Buy pc app (Version: 3.2.2.0)
Bing Bar (Version: 7.0.610.0)
CyberLink PowerCinema Movie (Version: 9.0.7515)
D3DX10 (Version: 15.4.2368.0902)
ENE CIR Receiver Driver (Version: 2.7.4.3)
Epson Connect
Epson Customer Participation (Version: 1.0.0.0)
Epson Download Navigator (Version: 1.0.1)
Epson Event Manager (Version: 2.50.0000)
EPSON NX430 Series Printer Uninstall
EPSON Scan
EpsonNet Print (Version: 2.4j)
ESET Online Scanner v3
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Google Chrome (Version: 21.0.1180.89)
Google Update Helper (Version: 1.3.21.123)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2372)
Intel® Rapid Storage Technology (Version: 10.1.5.1001)
Java 7 Update 7 (64-bit) (Version: 7.0.70)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
JMicron Flash Media Controller Driver (Version: 1.0.59.2)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (Version: 3.5.30730.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Touch Pack for Windows 7 (Version: 1.0.40517.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft XNA Framework Redistributable 3.0 (Version: 3.0.11010.0)
Mozilla Firefox 15.0 (x86 en-US) (Version: 15.0)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
NextWindow DesktopTouch Driver Package (Version: 1.1.010)
OOBERegBackup
Realtek Ethernet Controller Driver (Version: 7.40.126.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6438)
Serious Sam: The Second Encounter
SUPERAntiSpyware (Version: 5.5.1016)
swMSM (Version: 12.0.0.1)
TWC Customer Controls (Version: 11)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Windows Driver Package - ASUS Tek. Corporation hidfilter HIDClass (05/26/2011 1.0.0.27) (Version: 05/26/2011 1.0.0.27)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 4007.34 MB
Available physical RAM: 2211.68 MB
Total Pagefile: 8012.86 MB
Available Pagefile: 5625.58 MB
Total Virtual: 4095.88 MB
Available Virtual: 3954.78 MB

========================= Partitions: =====================================

1 Drive c: (WIN7) (Fixed) (Total:921.47 GB) (Free:880.98 GB) NTFS
3 Drive e: () (Removable) (Total:0.94 GB) (Free:0.91 GB) FAT

========================= Users: ========================================

User accounts for \\KENNY-PC

Administrator Guest kenny
kids


**** End of log ****

FARBAR Log-

Farbar Service Scanner Version: 06-08-2012
Ran by kenny (administrator) on 16-09-2012 at 21:31:57
Running from "C:\Users\kenny\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-09-12 05:26] - [2012-08-22 14:12] - 1913200 ____A (Microsoft Corporation) F782CAD3CEDBB3F9FFE3BF2775D92DDC

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Will post adware cleaner log next because it might reset the browser........

#6 frankenmusic

frankenmusic
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 16 September 2012 - 08:38 PM

Adware Cleaner log-


# AdwCleaner v2.002 - Logfile created 09/16/2012 at 21:35:16
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : kenny - KENNY-PC
# Boot Mode : Normal
# Running from : C:\Users\kenny\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\user.js
File Deleted : C:\Users\kenny\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Users\kenny\AppData\Local\Temp\Searchqu.ini
File Deleted : C:\Users\kenny\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Deleted : C:\Users\kenny\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
File Deleted : C:\Users\kenny\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\kenny\AppData\Roaming\Mozilla\Firefox\Profiles\dqv5658z.default\searchplugins\search.xml
File Deleted : C:\Users\kenny\AppData\Roaming\Mozilla\Firefox\Profiles\dqv5658z.default\searchplugins\Search_Results.xml
Folder Deleted : C:\Program Files (x86)\Ilivid
Folder Deleted : C:\Program Files (x86)\Searchqu Toolbar
Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Deleted : C:\Users\kenny\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\kenny\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\kenny\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\kenny\AppData\Roaming\Babylon
Folder Deleted : C:\Users\kenny\AppData\Roaming\Mozilla\Firefox\Profiles\dqv5658z.default\extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\kenny\AppData\Roaming\Mozilla\Firefox\Profiles\dqv5658z.default\mediabarim

***** [Registry] *****

Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=112414&tt=010712_1&babsrc=HP_ss&mntrId=bade7cce0000000000001c75086d158c --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\kenny\AppData\Roaming\Mozilla\Firefox\Profiles\dqv5658z.default\prefs.js

C:\Users\kenny\AppData\Roaming\Mozilla\Firefox\Profiles\dqv5658z.default\user.js ... Deleted !

Deleted : user_pref("backup.old.browser.search.defaultenginename", "Search Results");
Deleted : user_pref("browser.search.order.1", "Search Results");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=112414&tt=010712_1");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 16);
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "bade7cce0000000000001c75086d158c");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15381");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 16);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1717:31:18");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "15.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 86396755);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1717:31:18");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112414&tt=010712_1");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "bade7cce0000000000001c75086d158c");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "bade7cce0000000000001c75086d158c");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15531");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1717:31:18");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.enabledAddons", "ffxtlbr@babylon.com:1.1.9,{D9A7CBEC-DE1A-444f-A092-844461596C[...]
Deleted : user_pref("extensions.funmoods.aflt", "adbrlnt1");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Deleted : user_pref("extensions.funmoods.cntry", "US");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dfltlng", "en");
Deleted : user_pref("extensions.funmoods.dfltsrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "B0B48B550E16501D3996D3DA4F880ACF");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=adbrlnt1&chnl=adbrlnt1&cd[...]
Deleted : user_pref("extensions.funmoods.hrdid", "1C75086D158C7CCE");
Deleted : user_pref("extensions.funmoods.id", "1C75086D158C7CCE");
Deleted : user_pref("extensions.funmoods.instlDay", "15531");
Deleted : user_pref("extensions.funmoods.instlRef", "adbrlnt1");
Deleted : user_pref("extensions.funmoods.instlday", "15531");
Deleted : user_pref("extensions.funmoods.instlref", "adbrlnt1");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.keywordurl", "");
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2217:31:42");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=adbrlnt1&chnl=adbrlnt1&[...]
Deleted : user_pref("extensions.funmoods.newtab", true);
Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=adbrlnt1&chnl=adbrlnt1&[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");
Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.smplgrp", "none");
Deleted : user_pref("extensions.funmoods.srch", "");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=adbrlnt1&chnl=adbrlnt[...]
Deleted : user_pref("extensions.funmoods.tlbrid", "base");
Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=adbrlnt1&chnl=adbrlnt[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2217:31:42");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.23.2217:31:42");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2217:31:42");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B9cf7be2b-3e61-47be-b13c-fc9b3867d8d9%[...]

Profile name : default
File : C:\Users\kids\AppData\Roaming\Mozilla\Firefox\Profiles\yk7pg003.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\kenny\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [16397 octets] - [16/09/2012 21:35:16]

########## EOF - C:\AdwCleaner[S2].txt - [16458 octets] ##########

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:27 AM

Posted 16 September 2012 - 08:49 PM

Malwarebytes log?

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#8 frankenmusic

frankenmusic
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 16 September 2012 - 08:56 PM

So sorry....here is the MBAM log-


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.17.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
kenny :: KENNY-PC [administrator]

9/16/2012 9:53:27 PM
mbam-log-2012-09-16 (21-53-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218974
Time elapsed: 1 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


I'll do the others right now......

#9 frankenmusic

frankenmusic
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 16 September 2012 - 09:09 PM

RKill log-


Rkill 2.3.15 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/16/2012 09:57:55 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\spool\DRIVERS\x64\3\EBAPIx32.EXE (PID: 5804) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\kenny\Desktop\rkill\rkill-09-16-2012-09-58-00.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/16/2012 09:58:09 PM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)

Autorun Log-


"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "ASUS Docking" "ASUS Docking Application" "ASUSTek Computer Inc." "c:\program files\asus\asus docking\asus docking.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "RtHDVBg_DTS" "HD Audio Background Process" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravbg64.exe"
+ "RTHDVCPL" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravcpl64.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe"
+ "AsShellApplication" "Helper AP for Windows ShellExec for NT" "ASUSTeK Computer Inc." "c:\program files (x86)\asus\asus manager suite\asshellapplication.exe"
+ "ASUS Ai Charger" "AiChargerAP MFC Application" "ASUSTek Computer Inc." "c:\program files (x86)\asus\asus ai charger\aichargerap.exe"
+ "ASUS Easy Update" "ALU MFC Application" "ASUSTeK Computer Inc." "c:\program files (x86)\asus\asus easy update\alu.exe"
+ "AVG_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgtray.exe"
+ "EEventManager" "EEventManager Application" "SEIKO EPSON CORPORATION" "c:\program files (x86)\epson software\event manager\eeventmanager.exe"
+ "HF_G_Jul" "" "" "File not found: C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe"
+ "IAStorIcon" "IAStorIcon" "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe"
+ "OOBESetup" "OOBERegBackup Application" "ASUSTeK Computer Inc." "c:\program files (x86)\asus\ooberegbackup\ooberegbackup.exe"
+ "ROC_ROC_NT" "" "" "File not found: C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe"
+ "SunJavaUpdateSched" "" "" "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "YouCam Mirage" "YouCam Mirage" "CyberLink" "c:\program files (x86)\asus\asus cam\ycmmirage.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "AsusVibeLauncher.lnk" "AsusVibe Application" "ASUSTeK Computer Inc." "c:\program files (x86)\asus\asusvibe\asusvibelauncher.exe"
"C:\Users\kenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Epson all-in-one Registration.lnk" "Product Registration" "Leader Technologies/Epson" "c:\users\kenny\appdata\roaming\leadertech\powerregister\epson all-in-one registration.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Epson Stylus NX430(Network)" "EPSON Status Monitor 3" "SEIKO EPSON CORPORATION" "c:\windows\system32\spool\drivers\x64\3\e_iatihba.exe"
+ "Facebook Update" "Facebook Installer" "Facebook Inc." "c:\users\kenny\appdata\local\facebook\update\facebookupdate.exe"
+ "SUPERAntiSpyware" "SUPERAntiSpyware Application" "SUPERAntiSpyware.com" "c:\program files\superantispyware\superantispyware.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgppa.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgsea.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files (x86)\7-zip\7-zip.dll"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgse.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files (x86)\7-zip\7-zip.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files (x86)\7-zip\7-zip.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgsea.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgse.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgdtiea.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgssiea.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgssie.dll"
+ "Bing Bar Helper" "Bing Client Extensions" "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\bingext.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\oracle\javafx 2.1 runtime\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\oracle\javafx 2.1 runtime\bin\ssv.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Bing" "Bing Client Extensions" "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\bingext.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgdtiea.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
"Task Scheduler" "" "" ""
+ "\ASUS Magnifier" "Asus Touch Magnifier Executable" "AsusTek" "c:\program files (x86)\asus\asus touch tech\asusmagnifier3d.exe"
+ "\ASUS\AsMessageController" "Message Controller" "ASUSTeK Computer Inc." "c:\program files (x86)\asus\message controller\asmessagecontroller.exe"
+ "\ASUS\ASUS AI Suite II Execute" "ASUS Routine Controller" "ASUSTeK Computer Inc." "c:\program files (x86)\asus\ai suite ii\asroutinecontroller.exe"
+ "\ASUS\ASUSManagerSuiteHelper" "Helper tool to run ASUS Manager Suite component" "ASUSTeK Computer Inc." "c:\program files (x86)\asus\asus manager suite\asemrunhelper.exe"
+ "\FacebookUpdateTaskUserS-1-5-21-434180217-3844813477-2824861716-1000Core" "Facebook Installer" "Facebook Inc." "c:\users\kenny\appdata\local\facebook\update\facebookupdate.exe"
+ "\FacebookUpdateTaskUserS-1-5-21-434180217-3844813477-2824861716-1000UA" "Facebook Installer" "Facebook Inc." "c:\users\kenny\appdata\local\facebook\update\facebookupdate.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\TabletPC\InputPersonalization" "" "" "File not found: C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore64.exe"
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AsSysCtrlService" "" "" "c:\program files (x86)\asus\assysctrlservice\1.00.11\assysctrlservice.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgwdsvc.exe"
+ "BBSvc" "Keeps Bing Bar up-to-date. Disabling this service might prevent updates and expose your computer to security vulnerabilities or functional flaws in Bing Bar." "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\bbsvc.exe"
+ "cphs" "Intel® Content Protection HECI Service - enables communication with the Content Protection FW" "Intel Corporation" "c:\windows\syswow64\intelcphecisvc.exe"
+ "cvhsvc" "Client Virtualization Handler Service (unlocalized description)" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe"
+ "DTSAudioService" "DTS Audio Service" "DTS" "c:\program files\realtek\audio\hda\dtsaudioservice64.exe"
+ "EpsonBidirectionalService" "eEBAPI Core Process module" "SEIKO EPSON CORPORATION" "c:\program files (x86)\common files\epson\ebapi\eebsvc.exe"
+ "EpsonCustomerParticipation" "Epson Customer Participation" "SEIKO EPSON CORPORATION" "c:\program files\epson\epsoncustomerparticipation\epcp.exe"
+ "fsssvc" "This service enables Family Safety on the computer. If this service is not running, Family Safety will not work." "Microsoft Corporation" "c:\program files (x86)\windows live\family safety\fsssvc.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "SeaPort" "Enables the detection, download and installation of up-to-date configuration files for Bing Bar. Also provides server communication for the customer experience improvement program. Stopping or disabling this service may prevent you from getting the latest updates for Bing Bar, which may expose your computer to security vulnerabilities or functional flaws in the Bing Bar." "Microsoft Corporation" "c:\program files (x86)\microsoft\bingbar\seaport.exe"
+ "sftlist" "Streams and manages applications." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftlist.exe"
+ "sftvsa" "Monitors global service events and launches virtual services." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftvsa.exe"
+ "SupportSoft RemoteAssist" "ssrc Module" "SupportSoft, Inc." "c:\program files (x86)\common files\supportsoft\bin\ssrc.exe"
+ "UMVPFSrv" "UMVPF is a user mode Logitech driver" "Logitech Inc." "c:\program files (x86)\common files\logishrd\lvmvfm\umvpfsrv.exe"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "AiCharger" "ASUS Charger driver" "ASUSTek Computer Inc." "c:\windows\system32\drivers\aicharger.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "AsIO" "" "" "c:\windows\syswow64\drivers\asio.sys"
+ "asmthub3" "ASMedia USB3 Hub Driver" "ASMedia Technology Inc" "c:\windows\system32\drivers\asmthub3.sys"
+ "asmtxhci" "ASMEDIA XHCI Host Controller Driver" "ASMedia Technology Inc" "c:\windows\system32\drivers\asmtxhci.sys"
+ "AsUpIO" "" "" "c:\windows\syswow64\drivers\asupio.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "clwvd" "CyberLink WebCam Virtual Driver" "CyberLink Corporation" "c:\windows\system32\drivers\clwvd.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "enecir" "ENE CIR Driver for eHome(64)" "ENE TECHNOLOGY INC." "c:\windows\system32\drivers\enecir.sys"
+ "enecirhid" "ENE CIR HID Driver(64)" "ENE TECHNOLOGY INC." "c:\windows\system32\drivers\enecirhid.sys"
+ "enecirhidma" "ENE CIR HID Mapper Driver(64)" "ENE TECHNOLOGY INC." "c:\windows\system32\drivers\enecirhidma.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "hidfilter" "Asus HID Filter Driver" "ASUS Corporation" "c:\windows\system32\drivers\hidfilter.sys"
+ "hidkmdf" "Filter Driver for HID-KMDF Interface" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\hidkmdf.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys"
+ "JMCR" "JMicron PCIe Flash Media Controller Driver" "JMicron Technology Corporation" "c:\windows\system32\drivers\jmcr.sys"
+ "lmybonfs" "" "" "File not found: C:\Windows\system32\drivers\lmybonfs.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "LVRS64" "Logitech Kernel Audio Improvement Filter Driver" "Logitech Inc." "c:\windows\system32\drivers\lvrs64.sys"
+ "LVUVC64" "Logitech USB Video Class Driver" "Logitech Inc." "c:\windows\system32\drivers\lvuvc64.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "MEIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "NWVoltron" "NWHIDFil" "" "c:\windows\system32\drivers\nwvoltron.sys"
+ "NWWakeFilterV" "Remote Wake Driver" "n/a" "c:\windows\system32\drivers\nwwakefilterv.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "SASDIFSV" "SASDIFSV64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv64.sys"
+ "SASKUTIL" "SASKUTIL64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil64.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.i420" "Video Codec" "Logitech Inc." "c:\windows\system32\lvcod64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "vidc.i420" "Video Codec" "Logitech Inc." "c:\windows\syswow64\lvcodec2.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "CyberLink LPCM Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\asus cinema\cllpcmaud64.ax"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "CyberLink Audio Commercial Cut Analyzer" "CLAudCM" "Cyberlink Corp." "c:\program files (x86)\asus\asus cinema\asus cinema\kernel\video\claudcm.ax"
+ "CyberLink Audio Decoder (PCM45)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\asus cinema\kernel\video\claud.ax"
+ "CyberLink Audio Decoder (PCMMovie)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\powercinema movie\audiofilter\claud.ax"
+ "CyberLink Audio Effect (PCM45)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files (x86)\asus\asus cinema\asus cinema\kernel\video\claudfx.ax"
+ "CyberLink Audio Effect (PCMMovie)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files (x86)\asus\asus cinema\powercinema movie\audiofilter\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer (PCM45)" "CLAudSpa.ax" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\asus cinema\kernel\video\claudspa.ax"
+ "CyberLink Audio Spectrum Analyzer (PCMMovie)" "CLAudSpa.ax" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\powercinema movie\audiofilter\claudspa.ax"
+ "CyberLink Audio Wizard (PCMMovie)" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\powercinema movie\audiofilter\claudwizard.ax"
+ "CyberLink AudioCD Filter (PCM45)" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\asus cinema\kernel\video\claudiocd.ax"
+ "CyberLink Demultiplexer (PCM45)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\asus cinema\kernel\video\cldemuxer.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\powercinema movie\navfilter\clnavx.ax"
+ "CyberLink DVD Navigator (PCM45)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\asus cinema\kernel\video\clnavx.ax"
+ "CyberLink FLV Splitter(PCM7)" "CyberLink FLV Splitter" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\asus cinema\kernel\video\clflvsplitter.ax"
+ "CyberLink Line21 Decoder (PCMMovie)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\powercinema movie\videofilter\clline21.ax"
+ "CyberLink Line21 Decoder Filter (PCM45)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\asus cinema\kernel\video\clline21.ax"
+ "CyberLink Matroska Splitter(PCM7)" "CyberLink Matroska Splitter" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\asus cinema\kernel\video\clmkvsplter.ax"
+ "CyberLink MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\asus cinema\kernel\video\clsplter.ax"
+ "CyberLink MPEG-4 Splitter (PCM45)" "CyberLink MPEG-4 Splitter" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\asus cinema\kernel\video\clm4splt.ax"
+ "CyberLink RealAudio Decoder(PCM7)" "CyberLink RealMedia Audio Decoder" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\asus cinema\kernel\video\clrmaud.ax"
+ "CyberLink RealMedia Splitter(PCM7)" "CyberLink RealMedia Splitter" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\asus cinema\kernel\video\clrmsplitter.ax"
+ "CyberLink RealVideo Decoder(PCM7)" "CyberLink RealMedia Video Decoder" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\asus cinema\kernel\video\clrmvd.ax"
+ "Cyberlink SubTitle Importor (PCM7)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\asus cinema\kernel\video\clsubtitle.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\asus cinema\kernel\video\clauts.ax"
+ "CyberLink TimeStretch Filter (PCMMovie)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\powercinema movie\audiofilter\clauts.ax"
+ "CyberLink TL MPEG Splitter (PCM45)" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\asus cinema\kernel\video\cltlmsplter.ax"
+ "CyberLink Tzan Filter" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\asus cinema\kernel\video\cltzan.ax"
+ "CyberLink Tzan Filter (PCMMovie)" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\powercinema movie\videofilter\cltzan.ax"
+ "CyberLink Video Effect (PCM45)" "CLVidFx" "CyberLink" "c:\program files (x86)\asus\asus cinema\asus cinema\kernel\video\clvidfx.ax"
+ "CyberLink Video Regulator" "Video Regulator" "Cyberlink" "c:\program files (x86)\asus\asus cinema\asus cinema\kernel\video\clrgl.ax"
+ "CyberLink Video/SP Decoder (PCM45)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\asus cinema\kernel\video\clvsd.ax"
+ "CyberLink Video/SP Decoder (PCMMovie)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\asus\asus cinema\powercinema movie\videofilter\clvsd.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKCU\Control Panel\Desktop\Scrnsave.exe" "" "" ""
+ "C:\Windows\SysWOW64\ASUSETOP.scr" "Screen Saver" "Axialis Software" "c:\windows\syswow64\asusetop.scr"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "EPSON NX430 Series 64MonitorBA" "EPSON Bi-directional Monitor AMD64" "SEIKO EPSON CORPORATION" "c:\windows\system32\e_ilmhba.dll"
+ "EpsonNet Print Port" "EpsonNet Print Port Monitor DLL" "SEIKO EPSON CORPORATION" "c:\windows\system32\enppmon.dll"

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:27 AM

Posted 16 September 2012 - 09:11 PM

Do you still have redirects?

#11 frankenmusic

frankenmusic
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 16 September 2012 - 09:19 PM

Do you still have redirects?


Unfortunately, yes. However, it's not as often and the computer is running much faster! For example, I typed in Barack Obama in Yahoo search using Firefox. Clicked on the wikipedia article and the link directed me to this- http://buy-static.norton.com/norton/ps/3up_us_en_navnis360_nbfr.html?om_sem_cid=hho_sem_sy:us:adm:en:e|kw0000008196|_admp10486_1419249934

Hmmmmmmm.....this is a tough one!

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:27 AM

Posted 16 September 2012 - 09:24 PM

Try this

Export your bookmarks from firefox

http://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

After exporting it

Uninstall firefox

Makesure to checkmark Remove my personal data option

Reinstall firefox and import your bookmarks

Let me know how it goes

#13 frankenmusic

frankenmusic
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 16 September 2012 - 09:48 PM

Try this

Export your bookmarks from firefox

http://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

After exporting it

Uninstall firefox

Makesure to checkmark Remove my personal data option

Reinstall firefox and import your bookmarks

Let me know how it goes


I just used Yahoo search AND Google search after re-installing Firefox and had no re-directing!!!!!! Thank you so much! That was so quick. I'm bookmarking this site so I can learn more. Again, thank you.

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:27 AM

Posted 16 September 2012 - 09:49 PM

Grt :thumbsup:

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users