Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Regcure Pro removal


  • Please log in to reply
11 replies to this topic

#1 Tikoxi

Tikoxi

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 02 February 2013 - 10:17 AM

This probably isn't the ideal place to be posting this, but I'm skeptical that this isn't some form of malware. Very recently I have suddenly been inundated with small realtively unintrusive popups in the bottom left corner of my browser stating '(variable number) security issues found.' And offers view more and close as buttons. View more reveals that this is some sort of advertising popup for regcure pro. I wouldn't have thought much of it, but it's more stubborn than influenza, refusing to go away, and pops up when I change pages at seemingly irregular but astonishingly frequent intervals. Other people have had this problem, apparently, but the only advice offered is uninstalling it from the control panel. Probably because I haven't actually installed this program, it isn't showing up in my control panel. Aside from a mild irritant, I don't want this software on my computer *and I have to assume that it is on the computer, because there seems to be no pattern in the sites it 'scans'* due to the invasive nature on it. And frankly, I do not want to purchase a registry cleaner, nor do I want this thing that can muscle it's way into my browser here either.
Is this a known issue, is it an actual popup from various websites, or is there a way to get rid of it for good? God knows hitting 'close' doesnt keep it away for long.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:38 AM

Posted 02 February 2013 - 10:19 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Tikoxi

Tikoxi
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 02 February 2013 - 06:23 PM

I forgot to mention. Very recently, my internet connection has been bogged down massively. At optimum speed it usually runs upwards of 600 sometimes 700 KB/s. Sometimes it continues to run at this speed, but often over the past few days it has been struggling to reach 50 at best, and sometimes can barely get to 20. it also drops the connection constantly, every few seconds, making it very difficult to download large files. May or may not be related.

At any rate, these are the logs I found.
TDSS found nothing.

Avast:
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-02 16:23:07
-----------------------------
16:23:07.499 OS Version: Windows x64 6.1.7601 Service Pack 1
16:23:07.499 Number of processors: 4 586 0x3A09
16:23:07.499 ComputerName: TIKO-PC UserName: Tiko
16:23:08.439 Initialize success
16:28:01.329 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:28:01.329 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 8
16:28:01.344 Disk 0 MBR read successfully
16:28:01.344 Disk 0 MBR scan
16:28:01.344 Disk 0 Windows 7 default MBR code
16:28:01.344 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
16:28:01.360 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10442 MB offset 81920
16:28:01.360 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 466457 MB offset 21467136
16:28:01.375 Disk 0 scanning C:\Windows\system32\drivers
16:28:05.946 Service scanning
16:28:18.005 Modules scanning
16:28:18.005 Disk 0 trace - called modules:
16:28:18.021 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
16:28:18.021 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008dd6060]
16:28:18.036 3 CLASSPNP.SYS[fffff88001cf443f] -> nt!IofCallDriver -> [0xfffffa80069ddcb0]
16:28:18.036 5 stdcfltn.sys[fffff8800188bd12] -> nt!IofCallDriver -> [0xfffffa80065c0550]
16:28:18.036 7 ACPI.sys[fffff88000f7c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80065c4050]
16:28:18.052 Scan finished successfully
16:28:41.512 Disk 0 MBR has been saved successfully to "C:\Users\Tiko\Desktop\MBR.dat"
16:28:41.559 The log file has been saved successfully to "C:\Users\Tiko\Desktop\aswMBR.txt"

Eset is STILL running, but also has found nothing. i'll post that when it finally bothers to finish...maybe sometime tonight?

#4 Tikoxi

Tikoxi
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 02 February 2013 - 06:28 PM

Whoops, the log from TDSS didn't paste, sorry. 16:23:15.0094 5444 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:23:15.0564 5444 ============================================================
16:23:15.0564 5444 Current date / time: 2013/02/02 16:23:15.0564
16:23:15.0564 5444 SystemInfo:
16:23:15.0564 5444
16:23:15.0564 5444 OS Version: 6.1.7601 ServicePack: 1.0
16:23:15.0564 5444 Product type: Workstation
16:23:15.0564 5444 ComputerName: TIKO-PC
16:23:15.0564 5444 UserName: Tiko
16:23:15.0564 5444 Windows directory: C:\Windows
16:23:15.0564 5444 System windows directory: C:\Windows
16:23:15.0564 5444 Running under WOW64
16:23:15.0564 5444 Processor architecture: Intel x64
16:23:15.0564 5444 Number of processors: 4
16:23:15.0564 5444 Page size: 0x1000
16:23:15.0564 5444 Boot type: Normal boot
16:23:15.0564 5444 ============================================================
16:23:16.0284 5444 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:23:16.0284 5444 ============================================================
16:23:16.0284 5444 \Device\Harddisk0\DR0:
16:23:16.0284 5444 MBR partitions:
16:23:16.0284 5444 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1465000
16:23:16.0284 5444 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1479000, BlocksNum 0x38F0C800
16:23:16.0284 5444 ============================================================
16:23:16.0314 5444 C: <-> \Device\Harddisk0\DR0\Partition2
16:23:16.0314 5444 ============================================================
16:23:16.0314 5444 Initialize success
16:23:16.0314 5444 ============================================================
16:23:53.0436 6948 ============================================================
16:23:53.0436 6948 Scan started
16:23:53.0436 6948 Mode: Manual; TDLFS;
16:23:53.0436 6948 ============================================================
16:23:54.0247 6948 ================ Scan system memory ========================
16:23:54.0247 6948 System memory - ok
16:23:54.0247 6948 ================ Scan services =============================
16:23:54.0465 6948 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:23:54.0465 6948 1394ohci - ok
16:23:54.0497 6948 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:23:54.0497 6948 ACPI - ok
16:23:54.0528 6948 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:23:54.0528 6948 AcpiPmi - ok
16:23:54.0559 6948 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:23:54.0559 6948 adp94xx - ok
16:23:54.0606 6948 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:23:54.0606 6948 adpahci - ok
16:23:54.0637 6948 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:23:54.0637 6948 adpu320 - ok
16:23:54.0653 6948 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:23:54.0653 6948 AeLookupSvc - ok
16:23:54.0684 6948 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:23:54.0699 6948 AFD - ok
16:23:54.0731 6948 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:23:54.0731 6948 agp440 - ok
16:23:54.0762 6948 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:23:54.0762 6948 ALG - ok
16:23:54.0855 6948 [ C9E3D784EA59842541860CB2CBE45364 ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe
16:23:54.0855 6948 AlienFusionService - ok
16:23:54.0887 6948 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:23:54.0887 6948 aliide - ok

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:38 AM

Posted 02 February 2013 - 06:31 PM

After finishing ESET

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#6 Tikoxi

Tikoxi
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 02 February 2013 - 06:37 PM

Also no threats found to list :/

#7 Tikoxi

Tikoxi
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 12 February 2013 - 06:30 PM

Sorry for taking so long tor espond, we had our internet cable get chewed off the roof by a squirrel, and it was only just repaired

In order of run/completion:
Mini toolbox:
MiniToolBox by Farbar  Version:10-01-2013
Ran by Tiko (administrator) on 12-02-2013 at 16:47:45
Running from "C:\Users\Tiko\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


::1  localhost

127.0.0.1  localhost
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  aconti.net
127.0.0.1  secure.aconti.net
127.0.0.1  www.aconti.net 127.0.0.1  csh.actiondesk.com

There are 12902 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 2230 = Wireless Network Connection (Connected)
Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Tiko-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.invalid

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 68-5D-43-7B-CE-FC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 68-5D-43-7B-CE-FC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 68-5D-43-7B-CE-FF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : domain.invalid
   Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 2230
   Physical Address. . . . . . . . . : 68-5D-43-7B-CE-FB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::2997:8fc4:1611:e7a3%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.253(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, February 05, 2013 4:24:25 PM
   Lease Expires . . . . . . . . . . : Wednesday, February 13, 2013 4:34:03 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 375938371
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-7D-EE-23-D4-BE-D9-41-FA-D1
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : domain.invalid
   Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : D4-BE-D9-41-FA-D1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:1c44:146c:47f6:99cc(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1c44:146c:47f6:99cc%18(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6TO4 Adapter:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{88E51A61-EAA7-4747-A013-2CC7333E5DF3}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{5131D25E-E0C6-4A1C-9C4D-F38FC2AEDE13}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.domain.invalid:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : domain.invalid
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{ACD60846-7189-4B63-9F15-36A6025ED570}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.0.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Addresses:  2607:f8b0:4009:803::1008
      74.125.225.136
      74.125.225.137
      74.125.225.142
      74.125.225.128
      74.125.225.129
      74.125.225.130
      74.125.225.131
      74.125.225.132
      74.125.225.133
      74.125.225.134
      74.125.225.135


Pinging google.com [74.125.225.129] with 32 bytes of data:
Reply from 74.125.225.129: bytes=32 time=22ms TTL=54
Reply from 74.125.225.129: bytes=32 time=23ms TTL=54

Ping statistics for 74.125.225.129:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 22ms, Maximum = 23ms, Average = 22ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.0.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=812ms TTL=49
Reply from 98.139.183.24: bytes=32 time=796ms TTL=49

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 796ms, Maximum = 812ms, Average = 804ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...68 5d 43 7b ce fc ......Microsoft Virtual WiFi Miniport Adapter #2
 15...68 5d 43 7b ce fc ......Microsoft Virtual WiFi Miniport Adapter
 12...68 5d 43 7b ce ff ......Bluetooth Device (Personal Area Network)
 11...68 5d 43 7b ce fb ......Intel® Centrino® Wireless-N 2230
 10...d4 be d9 41 fa d1 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
  1...........................Software Loopback Interface 1
 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.253     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.253    281
    192.168.0.253  255.255.255.255         On-link     192.168.0.253    281
    192.168.0.255  255.255.255.255         On-link     192.168.0.253    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.253    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.253    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 18     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 18     58 2001::/32                On-link
 18    306 2001:0:9d38:953c:1c44:146c:47f6:99cc/128
                                    On-link
 11    281 fe80::/64                On-link
 18    306 fe80::/64                On-link
 18    306 fe80::1c44:146c:47f6:99cc/128
                                    On-link
 11    281 fe80::2997:8fc4:1611:e7a3/128
                                    On-link
  1    306 ff00::/8                 On-link
 18    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/11/2013 06:46:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: LolClient.exe, version: 2.0.2.12610, time stamp: 0x4c00573a
Faulting module name: Air.dll, version: 0.0.0.0, time stamp: 0x5117c8ed
Exception code: 0xc0000417
Fault offset: 0x0000f66b
Faulting process id: 0x1a20
Faulting application start time: 0xLolClient.exe0
Faulting application path: LolClient.exe1
Faulting module path: LolClient.exe2
Report Id: LolClient.exe3

Error: (02/10/2013 09:48:22 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/10/2013 09:48:22 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/10/2013 09:46:44 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (02/08/2013 07:51:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (02/08/2013 01:21:21 PM) (Source: Application Hang) (User: )
Description: The program rads_user_kernel.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a74

Start Time: 01ce063174462fd0

Termination Time: 2

Application Path: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

Report Id: b7ce828f-7224-11e2-8896-685d437bceff

Error: (02/08/2013 09:30:57 AM) (Source: Application Hang) (User: )
Description: The program rads_user_kernel.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 148c

Start Time: 01ce061144758882

Termination Time: 6

Application Path: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

Report Id: 87c11f7e-7204-11e2-8896-685d437bceff

Error: (02/07/2013 02:30:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: LoLLauncher.exe, version: 0.0.0.0, time stamp: 0x4f15f44a
Faulting module name: launcher.maestro.dll, version: 1.0.0.29, time stamp: 0x4e32067a
Exception code: 0xc0000005
Fault offset: 0x00002348
Faulting process id: 0x119c
Faulting application start time: 0xLoLLauncher.exe0
Faulting application path: LoLLauncher.exe1
Faulting module path: LoLLauncher.exe2
Report Id: LoLLauncher.exe3

Error: (02/06/2013 04:52:04 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (02/05/2013 06:13:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: mb_warband.exe, version: 1.0.0.0, time stamp: 0x4fba4acc
Faulting module name: igdumd32.dll, version: 8.15.10.2653, time stamp: 0x4f3aab9f
Exception code: 0xc0000005
Fault offset: 0x0027d0d8
Faulting process id: 0x1054
Faulting application start time: 0xmb_warband.exe0
Faulting application path: mb_warband.exe1
Faulting module path: mb_warband.exe2
Report Id: mb_warband.exe3


System errors:
=============
Error: (02/12/2013 10:00:23 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (02/12/2013 07:20:31 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (02/11/2013 10:00:20 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (02/11/2013 06:43:21 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (02/11/2013 06:43:20 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (02/10/2013 10:00:19 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (02/09/2013 11:13:12 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (02/09/2013 10:00:52 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (02/09/2013 07:02:06 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (02/09/2013 07:02:05 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


Microsoft Office Sessions:
=========================
Error: (02/11/2013 06:46:18 PM) (Source: Application Error)(User: )
Description: LolClient.exe2.0.2.126104c00573aAir.dll0.0.0.05117c8edc00004170000f66b1a2001ce08abbece84ffC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.239\deploy\LolClient.exeC:\Program Files (x86)\LOLReplay\Air.dll9c0bf8f5-74ad-11e2-8896-685d437bceff

Error: (02/10/2013 09:48:22 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Tiko\downloads\esetsmartinstaller_enu.exe

Error: (02/10/2013 09:48:22 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Tiko\downloads\esetsmartinstaller_enu(1).exe

Error: (02/10/2013 09:46:44 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/08/2013 07:51:19 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/08/2013 01:21:21 PM) (Source: Application Hang)(User: )
Description: rads_user_kernel.exe0.0.0.0a7401ce063174462fd02C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeb7ce828f-7224-11e2-8896-685d437bceff

Error: (02/08/2013 09:30:57 AM) (Source: Application Hang)(User: )
Description: rads_user_kernel.exe0.0.0.0148c01ce0611447588826C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe87c11f7e-7204-11e2-8896-685d437bceff

Error: (02/07/2013 02:30:26 PM) (Source: Application Error)(User: )
Description: LoLLauncher.exe0.0.0.04f15f44alauncher.maestro.dll1.0.0.294e32067ac000000500002348119c01ce05703f1c1319C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.108\deploy\LoLLauncher.exeC:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.108\deploy\launcher.maestro.dll34048c74-7165-11e2-8896-685d437bceff

Error: (02/06/2013 04:52:04 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/05/2013 06:13:05 PM) (Source: Application Error)(User: )
Description: mb_warband.exe1.0.0.04fba4accigdumd32.dll8.15.10.26534f3aab9fc00000050027d0d8105401ce03ef8b778865C:\Program Files (x86)\Mount&Blade Warband\mb_warband.exeC:\Windows\system32\igdumd32.dllf9f88bcc-6ff1-11e2-8896-685d437bceff


CodeIntegrity Errors:
===================================
  Date: 2012-07-20 10:48:10.997
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-20 10:48:10.981
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.228)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Reader X MUI (Version: 10.0.0)
Advanced Audio FX Engine (Version: 1.12.05)
AlienAutopsy (Version: 3.1.5907.39)
AlienRespawn - Support Software (Version: 9.4.67)
AlienRespawn (Version: 9.4.67)
Alienware Command Center (Version: 2.7.28.0)
Alienware On-Screen Display (Version: 0.32.1.1)
Antichamber
applicationupdater
Coupon Companion Plugin (Version: 1.24.151.151)
DAEMON Tools Lite (Version: 4.45.4.0315)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell System Detect (Version: 3.3.2.1)
Dota 2
EMSC (Version: 0.0.0.22C)
ESET Online Scanner v3
EVE Online (remove only)
EVEMon (Version: 1.7.2.3882)
gamelauncher-ps2-live
GIMP 2.8.0 (Version: 2.8.0)
Integrated Webcam Live! Central (Version: 2.00.44)
Intel PROSet Wireless
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 8.0.1.1399)
Intel® Processor Graphics (Version: 8.15.10.2653)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.1.0.0096)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.1.0.0140)
Intel® Rapid Storage Technology (Version: 11.0.0.1032)
Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.3.214)
Intel® WiDi (Version: 3.0.12.0)
Intel® Wireless Display
Intel® PROSet/Wireless WiFi Software (Version: 15.01.0000.0830)
Intel® Trusted Connect Service Client (Version: 1.23.219.2)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
League of Legends (Version: 1.3)
LOLReplay (Version: 0.8.1)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mount&Blade Warband
Mount&Blade With Fire and Sword
Mozilla Firefox 18.0.2 (x86 en-US) (Version: 18.0.2)
Mozilla Maintenance Service (Version: 18.0.2)
MSVCRT (Version: 14.0.1468.721)
Mumble 1.2.3 (Version: 1.2.3)
My Game Long Name
NVIDIA 3D Vision Driver 296.16 (Version: 296.16)
NVIDIA Control Panel 296.16 (Version: 296.16)
NVIDIA Graphics Driver 296.16 (Version: 296.16)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA Optimus 1.7.12 (Version: 1.7.12)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.9616)
NVIDIA Update 1.7.12 (Version: 1.7.12)
NVIDIA Update Components (Version: 1.7.12)
PlanetSide 2 (Version: 1.0.3.183)
PlanetSide 2 Beta
Portal
QualxServ Service Agreement (Version: 2.0.0)
RaiderZ (Version: 1.00.0000)
SelectionLinks (Version: 1.0)
Skype™ 6.1 (Version: 6.1.129)
Sound Blaster Recon3Di (Version: 1.00.08)
Sound Blaster Recon3Di Extras (Version: 1.0)
ST Microelectronics 3 Axis Digital Accelerometer Solution (Version: 4.12.0018)
Steam (Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 16.0.4.0)
TeamSpeak 3 Client (Version: 3.0.9.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Vid-Saver (Version: 1.18.149.149)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Wizardry 8

========================= Memory info: ===================================

Percentage of memory in use: 58%
Total physical RAM: 6046.31 MB
Available physical RAM: 2529.79 MB
Total Pagefile: 12090.81 MB
Available Pagefile: 7743.16 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.49 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:455.52 GB) (Free:300.39 GB) NTFS
3 Drive e: (WIZ8_3) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\TIKO-PC

Administrator            ASPNET                   Guest                    
Tiko                     UpdatusUser              

========================= Restore Points ==================================

05-02-2013 01:15:42 Windows Update
08-02-2013 20:47:42 Windows Update
12-02-2013 13:33:39 Windows Update

**** End of log ****

Malware bytes:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.12.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tiko :: TIKO-PC [administrator]

2/12/2013 4:35:40 PM
mbam-log-2013-02-12 (16-35-40).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 447686
Time elapsed: 53 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 12
HKCR\AppID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\Typelib\{A3F56272-CDB4-4310-9BB1-9A0D0757A3B3} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\Interface\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\CLSID\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\SelectionLinks.SelectionLinksBHO.1 (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\SelectionLinks.SelectionLinksBHO (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vid-Saver (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Program Files (x86)\OApps\SelectionLinks.dll (PUP.FaceThemes) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Vid-Saver\Uninstall.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

(end)

Have to restard, so I'll finish the others after I return.
 


Edited by Tikoxi, 12 February 2013 - 06:31 PM.


#8 Tikoxi

Tikoxi
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 12 February 2013 - 06:51 PM

just FYI, I have suddenly noticed the apprence of a folder in my C-Drive by the name of sh4ldr, with the contents of shldr.mbr, which I am reasonably certain is malware.

 

I had the log from FSS pasted, but forgot to send it before I told adw cleaner to restard. I have to track that log down again, but here's ADW:
# AdwCleaner v2.112 - Logfile created 02/12/2013 at 17:46:12
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tiko - TIKO-PC
# Boot Mode : Normal
# Running from : C:\Users\Tiko\Downloads\adwcleaner0.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Coupon Companion Plugin
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Users\Tiko\AppData\Local\Coupon Companion Plugin
Folder Deleted : C:\Users\Tiko\AppData\Local\Wajam
Folder Deleted : C:\Users\Tiko\AppData\Roaming\Mozilla\Firefox\Profiles\v172grsq.default\extensions\plugin@selectionlinks.com

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\Tiko\AppData\Roaming\Mozilla\Firefox\Profiles\v172grsq.default\prefs.js

C:\Users\Tiko\AppData\Roaming\Mozilla\Firefox\Profiles\v172grsq.default\user.js ... Deleted !

Deleted : user_pref("extensions.crossriderapp21804.adsOldValue", -1);

*************************

AdwCleaner[R1].txt - [1496 octets] - [04/08/2012 07:42:51]
AdwCleaner[R2].txt - [1360 octets] - [04/08/2012 11:11:19]
AdwCleaner[S1].txt - [1286 octets] - [04/08/2012 11:11:35]
AdwCleaner[S2].txt - [2943 octets] - [12/02/2013 17:46:12]

########## EOF - C:\AdwCleaner[S2].txt - [3003 octets] ##########
 



#9 Tikoxi

Tikoxi
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 12 February 2013 - 07:11 PM

couldn't figure how to run JRT in admin mode, there wasn't anything that even came close to that as an option, so I just ran it as is, and hope that's good enough :/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.3 (02.12.2013:1)
OS: Windows 7 Home Premium x64
Ran by Tiko on Tue 02/12/2013 at 17:53:23.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Tiko\appdata\local\vid-saver"
Successfully deleted: [Folder] "C:\Program Files (x86)\vid-saver"



~~~ FireFox

Successfully deleted the following from C:\Users\Tiko\AppData\Roaming\mozilla\firefox\profiles\v172grsq.default\prefs.js

user_pref("browser.newtabpage.blocked", "{\"11J3zf/vmVpGrlm9rvHbhg==\":1,\"7y/jCpAGTD4QwYmAXJ6dAw==\":1,\"CD2P7+E61BSxgAtUlGEFfA==\":1,\"FtUHMMqxUzBfv3sR5zawKw==\":1,\"4gPpjkx
Emptied folder: C:\Users\Tiko\AppData\Roaming\mozilla\firefox\profiles\v172grsq.default\minidumps [46 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/12/2013 at 17:58:39.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#10 Tikoxi

Tikoxi
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 12 February 2013 - 07:13 PM

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/12/2013 06:12:40 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1  localhost
  ::1  localhost #[IPv6]
  127.0.0.1  fr.a2dfp.net
  127.0.0.1  m.fr.a2dfp.net
  127.0.0.1  ad.a8.net
  127.0.0.1  asy.a8ww.net
  127.0.0.1  abcstats.com
  127.0.0.1  a.abv.bg
  127.0.0.1  adserver.abv.bg
  127.0.0.1  adv.abv.bg
  127.0.0.1  bimg.abv.bg
  127.0.0.1  ca.abv.bg
  127.0.0.1  www2.a-counter.kiev.ua
  127.0.0.1  track.acclaimnetwork.com
  127.0.0.1  accuserveadsystem.com
  127.0.0.1  www.accuserveadsystem.com
  127.0.0.1  achmedia.com
  127.0.0.1  aconti.net
  127.0.0.1  secure.aconti.net
  127.0.0.1  www.aconti.net #[Dialer.Aconti]

  20 out of 14464 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 02/12/2013 06:13:01 PM
Execution time: 0 hours(s), 0 minute(s), and 21 seconds(s)
 



#11 Tikoxi

Tikoxi
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 12 February 2013 - 07:18 PM

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms"    ""    ""    ""
+ "rdpclip"    ""    ""    "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "BLEServicesCtrl"    "Bluetooth LE Services Control Program"    "Intel Corporation"    "c:\program files (x86)\intel\bluetooth\bleservicesctrl.exe"
+ "BTMTrayAgent"    "Bluetooth Shell Extension"    "Intel Corporation"    "c:\program files (x86)\intel\bluetooth\btmshell.dll"
+ "Command Center Controllers"    "RequiredApplicationsLauncher"    "Alienware"    "c:\program files\alienware\command center\awccstartuporchestrator.exe"
+ "HotKeysCmds"    "hkcmd Module"    "Intel Corporation"    "c:\windows\system32\hkcmd.exe"
+ "IgfxTray"    "igfxTray Module"    "Intel Corporation"    "c:\windows\system32\igfxtray.exe"
+ "IntelPROSet"    "Intel® PROSet/Wireless Framework"    "Intel® Corporation"    "c:\program files\common files\intel\wirelesscommon\ifrmewrk.exe"
+ "MSC"    "Microsoft Security Client User Interface"    "Microsoft Corporation"    "c:\program files\microsoft security client\msseces.exe"
+ "Persistence"    "persistence Module"    "Intel Corporation"    "c:\windows\system32\igfxpers.exe"
+ "SynTPEnh"    "Synaptics TouchPad Enhancements"    "Synaptics Incorporated"    "c:\program files\synaptics\syntp\syntpenh.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "Adobe ARM"    "Adobe Reader and Acrobat Manager"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher"    "Adobe Acrobat SpeedLauncher"    "Adobe Systems Incorporated"    "c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe"
+ "AlienwareOn-ScreenDisplay"    "Alienware On-Screen Display"    ""    "c:\program files (x86)\alienware on-screen display\alienwareon-screendisplay.exe"
+ "IAStorIcon"    "IAStorIcon"    "Intel Corporation"    "c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe"
+ "Integrated Webcam Live! Central"    "Webcam Central"    "Creative Technology Ltd"    "c:\program files (x86)\integrated webcam\live! central\webcamint.exe"
+ "Sound Blaster Recon3Di Control Panel"    "Sound Blaster Control Panel"    "Creative Technology Ltd"    "c:\program files (x86)\creative\sound blaster recon3di\sound blaster recon3di control panel\sbrcni.exe"
+ "SunJavaUpdateSched"    "Java™ Update Scheduler"    "Sun Microsystems, Inc."    "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "UpdReg"    "Creative UpdReg"    "Creative Technology Ltd."    "c:\windows\updreg.exe"
+ "USB3MON"    "Intel® USB 3.0 Monitor"    "Intel Corporation"    "c:\program files (x86)\intel\intel® usb 3.0 extensible host controller driver\application\iusb3mon.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"    ""    ""    ""
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components"    ""    ""    ""
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "DAEMON Tools Lite"    "DAEMON Tools Lite"    "DT Soft Ltd"    "c:\program files (x86)\daemon tools lite\dtlite.exe"
+ "msnmsgr"    "Windows Live Messenger"    "Microsoft Corporation"    "c:\program files (x86)\windows live\messenger\msnmsgr.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter"    ""    ""    ""
+ "text/xml"    "Microsoft Office XML MIME Filter"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "EPP"    "Microsoft Security Client Shell Extension"    "Microsoft Corporation"    "c:\program files\microsoft security client\shellext.dll"
+ "WinRAR"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "WinRAR32"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "EPP"    "Microsoft Security Client Shell Extension"    "Microsoft Corporation"    "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui"    "igfxpph Module"    "Intel Corporation"    "c:\windows\system32\igfxpph.dll"
+ "NvCplDesktopContext"    ""    "NVIDIA Corporation"    "c:\windows\system32\nvshext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers"    ""    ""    ""
+ "PDF Shell Extension"    "PDF Shell Extension"    "Adobe Systems, Inc."    "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "WinRAR32"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers"    ""    ""    ""
+ "WinRAR"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers"    ""    ""    ""
+ "WinRAR32"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""
+ "Office Document Cache Handler"    "Microsoft Office Document Cache Handler"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\urlredir.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""
+ "Adobe PDF Link Helper"    "Adobe PDF Helper for Internet Explorer"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "Office Document Cache Handler"    "Microsoft Office Document Cache Handler"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office14\urlredir.dll"
+ "Windows Live Sign-in Helper"    "WindowsLiveLogin.dll"    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions"    ""    ""    ""
+ "OneNote Lin&ked Notes"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\onbttnie.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions"    ""    ""    ""
+ "OneNote Lin&ked Notes"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office14\onbttnie.dll"
"Task Scheduler"    ""    ""    ""
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan"    "Microsoft Malware Protection Command Line Utility"    "Microsoft Corporation"    "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Microsoft Antimalware\MpIdleTask"    "Microsoft Malware Protection Command Line Utility"    "Microsoft Corporation"    "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan"    ""    ""    "File not found: d:\program files\windows defender\MpCmdRun.exe"
+ "\Microsoft\Windows Defender\MpIdleTask"    ""    ""    "File not found: d:\program files\windows defender\MpCmdRun.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo"    ""    ""    "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary"    "Windows Media Player Network Sharing Service Configuration Application"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnscfg.exe"
+ "\PCDEventLauncher"    "PC-Doctor Module"    "PC-Doctor, Inc."    "c:\program files\alienautopsy\sessionchecker.exe"
+ "\PCDoctorBackgroundMonitorTask"    "PC-Doctor Module"    "PC-Doctor, Inc."    "c:\program files\alienautopsy\uaclauncher.exe"
+ "\PCDoctorBackgroundMonitorTask-Delay"    "PC-Doctor Module"    "PC-Doctor, Inc."    "c:\program files\alienautopsy\uaclauncher.exe"
+ "\RealUpgradeLogonTaskS-1-5-21-3898065736-3535862279-3254293932-1001"    ""    ""    "File not found: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe"
+ "\RealUpgradeScheduledTaskS-1-5-21-3898065736-3535862279-3254293932-1001"    ""    ""    "File not found: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe"
+ "\SystemToolsDailyTest"    "PC-Doctor Module"    "PC-Doctor, Inc."    "c:\program files\alienautopsy\uaclauncher.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "AlienFusionService"    "Allows to control Alienware custom power settings"    "Alienware"    "c:\program files\alienware\command center\alienfusionservice.exe"
+ "AMPPALR3"    "Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter"    "Intel Corporation"    "c:\program files\intel\bluetoothhs\bthsamppalservice.exe"
+ "Bluetooth Device Monitor"    "A process to monitor Bluetooth radio state and configure Bluetooth remote folders."    "Intel Corporation"    "c:\program files (x86)\intel\bluetooth\devmonsrv.exe"
+ "Bluetooth Media Service"    "Provides Bluetooth Media Profiles support"    "Intel Corporation"    "c:\program files (x86)\intel\bluetooth\mediasrv.exe"
+ "Bluetooth OBEX Service"    "Provides Bluetooth File Transfer Protocol support."    "Intel Corporation"    "c:\program files (x86)\intel\bluetooth\obexsrv.exe"
+ "BTHSSecurityMgr"    "Manages the 802.1x security between two Bluetooth® High Speed connections."    "Intel® Corporation"    "c:\program files\intel\bluetoothhs\bthssecuritymgr.exe"
+ "cphs"    "Intel® Content Protection HECI Service - enables communication with the Content Protection FW"    "Intel Corporation"    "c:\windows\syswow64\intelcphecisvc.exe"
+ "Creative ALchemy AL6 Licensing Service"    "Provides licensing services for Creative ALchemy."    "Creative Labs"    "c:\program files (x86)\common files\creative labs shared\service\al6licensing.exe"
+ "Creative Audio Engine Licensing Service"    "Provides licensing services for Creative Audio Engine."    "Creative Labs"    "c:\program files (x86)\common files\creative labs shared\service\ctaelicensing.exe"
+ "CTAudSvcService"    "Creative Audio Service"    "Creative Technology Ltd"    "c:\program files (x86)\creative\shared files\ctaudsvc.exe"
+ "CtHdaSvc"    "Creative High Definition Audio Service"    "Creative Technology Ltd"    "c:\windows\syswow64\cthdasvc.exe"
+ "EvtEng"    "Manages the event trace messages for all the Intel® PROSet/Wireless Software components."    "Intel® Corporation"    "c:\program files\intel\wifi\bin\evteng.exe"
+ "IAStorDataMgrSvc"    "Provides storage event notification and manages communication between the storage driver and user space applications."    "Intel Corporation"    "c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe"
+ "IDriverT"    "Provides support for the Running Object Table for InstallShield Drivers"    "Macrovision Corporation"    "c:\program files (x86)\common files\installshield\driver\1050\intel 32\idrivert.exe"
+ "Intel® Capability Licensing Service Interface"    "Version: 1.23.219.2"    "Intel® Corporation"    "c:\program files\intel\icls client\heciserver.exe"
+ "jhi_service"    "Intel® Dynamic Application Loader Host Interface Service - Allows applications to access the local Intel ® DAL"    "Intel Corporation"    "c:\program files (x86)\intel\intel® management engine components\dal\jhi_service.exe"
+ "LMS"    "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces."    "Intel Corporation"    "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "MBAMScheduler"    "Malwarebytes Anti-Malware scheduler"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService"    "Malwarebytes Anti-Malware service"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "MozillaMaintenance"    "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled."    "Mozilla Foundation"    "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "MsMpSvc"    "Helps protect users from malware and other potentially unwanted software"    "Microsoft Corporation"    "c:\program files\microsoft security client\msmpeng.exe"
+ "MyWiFiDHCPDNS"    "Wireless PAN DHCP and DNS Server"    ""    "c:\program files\intel\wifi\bin\pandhcpdns.exe"
+ "NisSrv"    "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols"    "Microsoft Corporation"    "c:\program files\microsoft security client\nissrv.exe"
+ "npggsvc"    "nProtect GameGuard Service"    "INCA Internet Co., Ltd."    "c:\windows\syswow64\gamemon.des"
+ "nvsvc"    "Provides system and desktop level support to the NVIDIA display driver"    "NVIDIA Corporation"    "c:\windows\system32\nvvsvc.exe"
+ "nvUpdatusService"    "NVIDIA Settings Update Manager service, used to check new updates from NVIDIA server."    "NVIDIA Corporation"    "c:\program files (x86)\nvidia corporation\nvidia update core\daemonu.exe"
+ "ose"    "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc"    "Office Software Protection Platform Service (unlocalized description)"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "RegSrvc"    "Provides registry access to all Intel® PROSet/Wireless Software components"    "Intel® Corporation"    "c:\program files\common files\intel\wirelesscommon\regsrvc.exe"
+ "SftService"    "SoftThinks Agent Service"    "SoftThinks SAS"    "c:\program files (x86)\alienrespawn\sftservice.exe"
+ "SkypeUpdate"    "Enables the detection, download and installation of updates for Skype."    "Skype Technologies"    "c:\program files (x86)\skype\updater\updater.exe"
+ "Steam Client Service"    "Steam Client Service monitors and updates Steam content"    "Valve Corporation"    "c:\program files (x86)\common files\steam\steamservice.exe"
+ "Stereo Service"    "Provides system support for NVIDIA Stereoscopic 3D driver"    "NVIDIA Corporation"    "c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe"
+ "UNS"    "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device."    "Intel Corporation"    "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "WinDefend"    "Protection against spyware and potentially unwanted software"    "Microsoft Corporation"    "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc"    "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnetwk.exe"
+ "ZeroConfigService"    "Manages the zero configuration service for all the Intel® PROSet/Wireless Software components."    "Intel® Corporation"    "c:\program files\intel\wifi\bin\zeroconfigservice.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "adp94xx"    "Adaptec Windows SAS/SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci"    "Adaptec Windows SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320"    "Adaptec StorPort Ultra320 SCSI Driver (X64)"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpu320.sys"
+ "aliide"    "ALi mini IDE Driver"    "Acer Laboratories Inc."    "c:\windows\system32\drivers\aliide.sys"
+ "amdsata"    "AHCI 1.2 Device Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs"    "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform"    "AMD Technologies Inc."    "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata"    "Storage Filter Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdxata.sys"
+ "arc"    "Adaptec RAID Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arc.sys"
+ "arcsas"    "Adaptec SAS RAID WS03 Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arcsas.sys"
+ "b06bdrv"    "Broadcom NetXtreme II GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a"    "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver."    "Broadcom Corporation"    "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo"    "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp"    "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid"    "Brotehr Serial I/F Driver (WDM)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm"    "Brother Serial driver (WDM version)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm"    "Brother USB MDM Driver "    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer"    "Brother USB Serial Driver"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbser.sys"
+ "btmhsf"    "Bluetooth HighSpeed Filter Driver"    "Intel Corporation"    "c:\windows\system32\drivers\btmhsf.sys"
+ "catchme"    ""    ""    "File not found: C:\ComboFix\catchme.sys"
+ "cmdide"    "CMD PCI IDE Bus Driver"    "CMD Technology, Inc."    "c:\windows\system32\drivers\cmdide.sys"
+ "CtClsFlt"    "Video Class Upper Filter Driver (64-bit)"    "Creative Technology Ltd."    "c:\windows\system32\drivers\ctclsflt.sys"
+ "cthda"    "Creative High Definition Audio Device Driver"    "Creative Technology Ltd"    "c:\windows\system32\drivers\cthda.sys"
+ "dtsoftbus01"    "DAEMON Tools Virtual Bus Driver"    "DT Soft Ltd"    "c:\windows\system32\drivers\dtsoftbus01.sys"
+ "ebdrv"    "Broadcom NetXtreme II 10 GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\evbda.sys"
+ "elxstor"    "Storport Miniport Driver for LightPulse HBAs"    "Emulex"    "c:\windows\system32\drivers\elxstor.sys"
+ "EMSC"    "Embedded System Control"    "Windows ® Win 7 DDK provider"    "c:\windows\system32\drivers\emsc.sys"
+ "hcw85cir"    "Hauppauge WinTV 885 Consumer IR Driver for eHome"    "Hauppauge Computer Works, Inc."    "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD"    "Smart Array SAS/SATA Controller Media Driver"    "Hewlett-Packard Company"    "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor"    "Intel Rapid Storage Technology driver - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV"    "Intel Matrix Storage Manager driver - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastorv.sys"
+ "iBtFltCoex"    "Intel® Centrino® Wireless (Bluetooth Adapter) Driver"    "Intel Corporation"    "c:\windows\system32\drivers\ibtfltcoex.sys"
+ "igfx"    "Intel Graphics Kernel Mode Driver"    "Intel Corporation"    "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp"    "Intel/ICP Raid Storport Driver"    "Intel Corp./ICP vortex GmbH"    "c:\windows\system32\drivers\iirsp.sys"
+ "IntcDAud"    "Intel® Display Audio Driver"    "Intel® Corporation"    "c:\windows\system32\drivers\intcdaud.sys"
+ "iusb3hcs"    "Intel® USB 3.0 Host Controller Switch Driver"    "Intel Corporation"    "c:\windows\system32\drivers\iusb3hcs.sys"
+ "iusb3hub"    "Intel® USB 3.0 Hub Driver"    "Intel Corporation"    "c:\windows\system32\drivers\iusb3hub.sys"
+ "iusb3xhc"    "Intel® USB 3.0 eXtensible Host Controller Driver"    "Intel Corporation"    "c:\windows\system32\drivers\iusb3xhc.sys"
+ "L1C"    "Atheros Ar81xx series PCI-E Gigabit Ethernet Controller"    "Atheros Communications, Inc."    "c:\windows\system32\drivers\l1c62x64.sys"
+ "LSI_FC"    "LSI Fusion-MPT FC Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS"    "LSI Fusion-MPT SAS Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2"    "LSI SAS Gen2 Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI"    "LSI Fusion-MPT SCSI Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\windows\system32\drivers\mbam.sys"
+ "megasas"    "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64"    "LSI Corporation"    "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR"    "LSI MegaRAID Software RAID Driver"    "LSI Corporation, Inc."    "c:\windows\system32\drivers\megasr.sys"
+ "MEIx64"    "Intel® Management Engine Interface"    "Intel Corporation"    "c:\windows\system32\drivers\hecix64.sys"
+ "NETwNs64"    "Intel® Wireless WiFi Link Driver"    "Intel Corporation"    "c:\windows\system32\drivers\netwsw00.sys"
+ "nfrd960"    "IBM ServeRAID Controller Driver"    "IBM Corporation"    "c:\windows\system32\drivers\nfrd960.sys"
+ "NVHDA"    "NVIDIA HDMI Audio Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvhda64v.sys"
+ "nvkflt"    "NVIDIA Windows Kernel Mode Driver, Version 296.16 "    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvkflt.sys"
+ "nvlddmkm"    "NVIDIA Windows Kernel Mode Driver, Version 296.16 "    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvlddmkm.sys"
+ "nvpciflt"    "NVIDIA Windows Kernel Mode Driver, Version 296.16 "    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvpciflt.sys"
+ "nvraid"    "NVIDIA® nForce™ RAID Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor"    "NVIDIA® nForce™ Sata Performance Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvstor.sys"
+ "NvStUSB"    "Stereoscopic 3D USB controller driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvstusb.sys"
+ "ql2300"    "QLogic Fibre Channel Stor Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx"    "QLogic iSCSI Storport Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql40xx.sys"
+ "RSPCIESTOR"    "Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7"    "Realtek Semiconductor Corp."    "c:\windows\system32\drivers\rtspstor.sys"
+ "secdrv"    "Macrovision SECURITY Driver"    "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."    "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2"    "SiS RAID Stor Miniport Driver"    "Silicon Integrated Systems Corp."    "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4"    "SiS AHCI Stor-Miniport Driver"    "Silicon Integrated Systems"    "c:\windows\system32\drivers\sisraid4.sys"
+ "ST_ACCEL"    "STM Accelerometer Device Driver"    "STMicroelectronics"    "c:\windows\system32\drivers\st_accel.sys"
+ "stdcfltn"    "Disk Class Filter Driver for Accelerometer"    "ST Microelectronics"    "c:\windows\system32\drivers\stdcfltn.sys"
+ "stexstor"    "Promise  SuperTrak EX Series Driver for Windows "    "Promise Technology"    "c:\windows\system32\drivers\stexstor.sys"
+ "SynTP"    "Synaptics Touchpad Driver"    "Synaptics Incorporated"    "c:\windows\system32\drivers\syntp.sys"
+ "viaide"    "VIA Generic PCI IDE Bus Driver"    "VIA Technologies, Inc."    "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid"    "VIA RAID DRIVER FOR AMD-X86-64"    "VIA Technologies Inc.,Ltd"    "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid"    "Cinepak® Codec"    "Radius Inc."    "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""
+ "Creative Correct TimeStamp Filter"    "Creative Correct TimeStamp Filter"    "Creative Technology Ltd."    "c:\program files (x86)\creative\shared files\ctfrfix.ax"
+ "Creative H264 No Quality Control Filter"    "Creative No Quality Control  Filter"    "Creative Technology Ltd."    "c:\program files (x86)\integrated webcam\live! central\cth264noqc.ax"
+ "Creative MJPEG Decoder 2"    "Decoder"    "Creative Technology Ltd."    "c:\program files (x86)\creative\shared files\ctmjpgdec2.ax"
+ "Creative Video Processing Filter"    "Creative Video Processing Filter"    "Creative Technology Ltd."    "c:\program files (x86)\creative\shared files\vidprocu.ax"
+ "DS Video Buffer Filter"    "WiDiAgent.dll COM object."    "Intel Corporation"    "c:\program files (x86)\common files\intel corporation\widiagent\dsbuffer_video.ax"
+ "Intel® Mux Renderer"    "Intel® TS Mux / Network Renderer"    "Intel Corporation"    "c:\program files (x86)\common files\intel corporation\widiagent\intelmux.dll"
+ "Intel®WiDi H264 encoder"    ""    ""    "c:\program files (x86)\common files\intel corporation\widiagent\h264_enc_filter.dll"
+ "MainConcept AAC Encoder"    "AAC audio encoder filter"    "MainConcept GmbH"    "c:\program files (x86)\common files\intel corporation\mainconcept filters\mc_enc_aac_ds.ax"
+ "QIC1802 Demux"    "QIC1802 Demux"    "Quanta Computer Inc."    "c:\program files (x86)\integrated webcam\live! central\qicdemux.ax"
+ "WD Audio Filter"    "WiDi Audio Source Filter."    "Intel Corporation"    "c:\program files (x86)\common files\intel corporation\widiagent\wdaudiofilter.dll"
+ "WD Secure Source Filter"    "Intel® WiDi Secure Video Source Filter."    "Intel Corporation"    "c:\program files (x86)\common files\intel corporation\widiagent\wdsecuresourcefilter.dll"
+ "WDSource Filter"    "WiDi Video Source Filter."    "Intel Corporation"    "c:\program files (x86)\common files\intel corporation\widiagent\wdsourcefilter.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls"    ""    ""    ""
+ "C:\Windows\System32\nvinitx.dll"    "NVIDIA shim initialization dll, Version 296.16 "    "NVIDIA Corporation"    "c:\windows\system32\nvinitx.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"    ""    ""    ""
+ "igfxcui"    "igfxdev Module"    "Intel Corporation"    "c:\windows\system32\igfxdev.dll"
 



#12 Tikoxi

Tikoxi
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 12 February 2013 - 07:30 PM

Sadly, I could not find the FFS log, so I'm running it again and maybe this is sufficient?

Farbar Service Scanner Version: 10-02-2013
Ran by Tiko (administrator) on 12-02-2013 at 18:29:26
Running from "C:\Users\Tiko\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users