Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware infection caused by firefox download


  • Please log in to reply
16 replies to this topic

#1 slaboskg

slaboskg

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 12 February 2013 - 09:34 PM

Hey everyone. Last week I downloaded firefox without paying enough attention to the source of the download and now my computer is full up on programs I do not want. 
 
These programs include something called "pc fix speed",
a woman's head with a headset that shows up on the title bar of every internet window I open and I think is called "24x7 help",
 
and a new toolbar when i open internet explorer that includes a blue ball that says "ws" next to a web search box, a "translate" button, and a "get whitesmoke english writing software" button among other things. 
 
If anyone can help me get rid of all this, that would be great. 
 
Thank you

Edited by bloopie, 12 February 2013 - 09:40 PM.
Moved from Windows 7 to the more appropriate forum. ~bloopie


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:35 PM

Posted 12 February 2013 - 09:35 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters




  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now




  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue




  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.



  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.



  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results


 


Edited by narenxp, 12 February 2013 - 09:36 PM.


#3 slaboskg

slaboskg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 12 February 2013 - 10:10 PM

I ran tdsskiller and I found a "report" but i can't find the file you referenced is the report the same thing?



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:35 PM

Posted 13 February 2013 - 02:13 AM

Yes



#5 slaboskg

slaboskg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 13 February 2013 - 07:08 PM

Ok, so I ran all three. Unfortunately, when I came back to my computer after running eset for the first time, the window had closed or something and the results were no longer showing. So i ran it a second time, and it found no threats but it is showing me about twenty five files are quarantined. It won't let me copy and paste the names. 

 

 

Here are the results from TDSS killer:

 

19:07:03.0679 2316    TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
19:07:05.0720 2316    ============================================================
19:07:05.0721 2316    Current date / time: 2013/02/13 19:07:05.0720
19:07:05.0721 2316    SystemInfo:
19:07:05.0721 2316    
19:07:05.0721 2316    OS Version: 6.1.7600 ServicePack: 0.0
19:07:05.0721 2316    Product type: Workstation
19:07:05.0721 2316    ComputerName: GABRIEL-PC
19:07:05.0721 2316    UserName: Gabriel
19:07:05.0721 2316    Windows directory: C:\Windows
19:07:05.0721 2316    System windows directory: C:\Windows
19:07:05.0721 2316    Running under WOW64
19:07:05.0721 2316    Processor architecture: Intel x64
19:07:05.0721 2316    Number of processors: 2
19:07:05.0721 2316    Page size: 0x1000
19:07:05.0721 2316    Boot type: Normal boot
19:07:05.0721 2316    ============================================================
19:07:06.0667 2316    Initialize success
19:07:12.0869 4692    ============================================================
19:07:12.0869 4692    Scan started
19:07:12.0869 4692    Mode: Manual; TDLFS; 
19:07:12.0869 4692    ============================================================
19:07:13.0931 4692    1394ohci        (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
19:07:13.0934 4692    1394ohci - ok
19:07:14.0068 4692    ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:07:14.0073 4692    ACPI - ok
19:07:14.0180 4692    AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:07:14.0181 4692    AcpiPmi - ok
19:07:14.0331 4692    adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:07:14.0337 4692    adp94xx - ok
19:07:14.0439 4692    adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:07:14.0443 4692    adpahci - ok
19:07:14.0552 4692    adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:07:14.0555 4692    adpu320 - ok
19:07:14.0690 4692    AFD             (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
19:07:14.0697 4692    AFD - ok
19:07:14.0818 4692    agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:07:14.0819 4692    agp440 - ok
19:07:14.0926 4692    aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:07:14.0927 4692    aliide - ok
19:07:14.0948 4692    amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:07:14.0949 4692    amdide - ok
19:07:15.0057 4692    AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:07:15.0058 4692    AmdK8 - ok
19:07:15.0085 4692    AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:07:15.0085 4692    AmdPPM - ok
19:07:15.0190 4692    amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\DRIVERS\amdsata.sys
19:07:15.0191 4692    amdsata - ok
19:07:15.0285 4692    amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:07:15.0286 4692    amdsbs - ok
19:07:15.0315 4692    amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\DRIVERS\amdxata.sys
19:07:15.0316 4692    amdxata - ok
19:07:15.0459 4692    AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:07:15.0460 4692    AppID - ok
19:07:15.0584 4692    arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:07:15.0586 4692    arc - ok
19:07:15.0699 4692    arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:07:15.0700 4692    arcsas - ok
19:07:15.0834 4692    AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:07:15.0835 4692    AsyncMac - ok
19:07:15.0862 4692    atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:07:15.0863 4692    atapi - ok
19:07:15.0977 4692    avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
19:07:15.0979 4692    avgntflt - ok
19:07:16.0040 4692    avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
19:07:16.0042 4692    avipbb - ok
19:07:16.0102 4692    avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
19:07:16.0103 4692    avkmgr - ok
19:07:16.0231 4692    b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:07:16.0234 4692    b06bdrv - ok
19:07:16.0338 4692    b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:07:16.0341 4692    b57nd60a - ok
19:07:16.0449 4692    BCM42RLY        (5c0f919666954885d7760dffe4b29a25) C:\Windows\system32\drivers\BCM42RLY.sys
19:07:16.0450 4692    BCM42RLY - ok
19:07:16.0601 4692    BCM43XX         (bab887a2b2786310a966881f074f4a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
19:07:16.0619 4692    BCM43XX - ok
19:07:16.0730 4692    Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:07:16.0731 4692    Beep - ok
19:07:16.0852 4692    blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:07:16.0854 4692    blbdrive - ok
19:07:16.0965 4692    bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:07:16.0966 4692    bowser - ok
19:07:17.0043 4692    BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:07:17.0043 4692    BrFiltLo - ok
19:07:17.0070 4692    BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:07:17.0071 4692    BrFiltUp - ok
19:07:17.0176 4692    Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:07:17.0180 4692    Brserid - ok
19:07:17.0250 4692    BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:07:17.0251 4692    BrSerWdm - ok
19:07:17.0338 4692    BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:07:17.0339 4692    BrUsbMdm - ok
19:07:17.0380 4692    BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:07:17.0380 4692    BrUsbSer - ok
19:07:17.0504 4692    BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
19:07:17.0505 4692    BthEnum - ok
19:07:17.0539 4692    BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:07:17.0540 4692    BTHMODEM - ok
19:07:17.0640 4692    BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:07:17.0642 4692    BthPan - ok
19:07:17.0765 4692    BTHPORT         (d59773c7fdd3d795d6fe402eeea8d71e) C:\Windows\system32\Drivers\BTHport.sys
19:07:17.0771 4692    BTHPORT - ok
19:07:17.0889 4692    BTHUSB          (8504842634dd144c075b6b0c982ccec4) C:\Windows\system32\Drivers\BTHUSB.sys
19:07:17.0890 4692    BTHUSB - ok
19:07:17.0947 4692    btwaudio        (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
19:07:17.0948 4692    btwaudio - ok
19:07:18.0063 4692    btwavdt         (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
19:07:18.0065 4692    btwavdt - ok
19:07:18.0182 4692    btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
19:07:18.0183 4692    btwl2cap - ok
19:07:18.0201 4692    btwrchid        (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
19:07:18.0202 4692    btwrchid - ok
19:07:18.0288 4692    cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:07:18.0290 4692    cdfs - ok
19:07:18.0421 4692    cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:07:18.0423 4692    cdrom - ok
19:07:18.0538 4692    circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:07:18.0539 4692    circlass - ok
19:07:18.0709 4692    CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:07:18.0713 4692    CLFS - ok
19:07:18.0871 4692    CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:07:18.0872 4692    CmBatt - ok
19:07:18.0888 4692    cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:07:18.0889 4692    cmdide - ok
19:07:19.0012 4692    CNG             (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
19:07:19.0015 4692    CNG - ok
19:07:19.0127 4692    Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:07:19.0128 4692    Compbatt - ok
19:07:19.0246 4692    CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:07:19.0247 4692    CompositeBus - ok
19:07:19.0347 4692    crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:07:19.0347 4692    crcdisk - ok
19:07:19.0487 4692    DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:07:19.0489 4692    DfsC - ok
19:07:19.0590 4692    discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:07:19.0591 4692    discache - ok
19:07:19.0699 4692    Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:07:19.0700 4692    Disk - ok
19:07:19.0835 4692    drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:07:19.0836 4692    drmkaud - ok
19:07:19.0894 4692    DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:07:19.0900 4692    DXGKrnl - ok
19:07:20.0079 4692    ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:07:20.0099 4692    ebdrv - ok
19:07:20.0216 4692    elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:07:20.0220 4692    elxstor - ok
19:07:20.0315 4692    ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:07:20.0316 4692    ErrDev - ok
19:07:20.0424 4692    exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:07:20.0425 4692    exfat - ok
19:07:20.0450 4692    fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:07:20.0452 4692    fastfat - ok
19:07:20.0565 4692    fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:07:20.0565 4692    fdc - ok
19:07:20.0684 4692    FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:07:20.0686 4692    FileInfo - ok
19:07:20.0783 4692    Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:07:20.0784 4692    Filetrace - ok
19:07:20.0809 4692    flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:07:20.0810 4692    flpydisk - ok
19:07:20.0914 4692    FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:07:20.0916 4692    FltMgr - ok
19:07:20.0953 4692    FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:07:20.0954 4692    FsDepends - ok
19:07:21.0062 4692    Fs_Rec          (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
19:07:21.0063 4692    Fs_Rec - ok
19:07:21.0166 4692    fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:07:21.0170 4692    fvevol - ok
19:07:21.0266 4692    gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:07:21.0268 4692    gagp30kx - ok
19:07:21.0437 4692    hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:07:21.0438 4692    hcw85cir - ok
19:07:21.0542 4692    HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
19:07:21.0546 4692    HdAudAddService - ok
19:07:21.0623 4692    HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:07:21.0624 4692    HDAudBus - ok
19:07:21.0757 4692    HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
19:07:21.0758 4692    HECIx64 - ok
19:07:21.0844 4692    HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:07:21.0845 4692    HidBatt - ok
19:07:21.0890 4692    HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:07:21.0892 4692    HidBth - ok
19:07:21.0981 4692    HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:07:21.0982 4692    HidIr - ok
19:07:22.0050 4692    HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:07:22.0051 4692    HidUsb - ok
19:07:22.0174 4692    HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:07:22.0175 4692    HpSAMD - ok
19:07:22.0296 4692    HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:07:22.0304 4692    HTTP - ok
19:07:22.0405 4692    hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:07:22.0406 4692    hwpolicy - ok
19:07:22.0534 4692    i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:07:22.0535 4692    i8042prt - ok
19:07:22.0669 4692    iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\DRIVERS\iaStorV.sys
19:07:22.0672 4692    iaStorV - ok
19:07:22.0965 4692    igfx            (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:07:23.0038 4692    igfx - ok
19:07:23.0262 4692    iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:07:23.0263 4692    iirsp - ok
19:07:23.0298 4692    Impcd           (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
19:07:23.0300 4692    Impcd - ok
19:07:23.0420 4692    IntcDAud        (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
19:07:23.0422 4692    IntcDAud - ok
19:07:23.0516 4692    intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:07:23.0516 4692    intelide - ok
19:07:23.0635 4692    intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:07:23.0636 4692    intelppm - ok
19:07:24.0154 4692    IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:07:24.0156 4692    IpFilterDriver - ok
19:07:24.0205 4692    IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:07:24.0206 4692    IPMIDRV - ok
19:07:24.0311 4692    IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:07:24.0312 4692    IPNAT - ok
19:07:24.0411 4692    IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:07:24.0412 4692    IRENUM - ok
19:07:24.0444 4692    is3srv - ok
19:07:24.0538 4692    isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:07:24.0538 4692    isapnp - ok
19:07:24.0562 4692    iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:07:24.0564 4692    iScsiPrt - ok
19:07:24.0644 4692    kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:07:24.0645 4692    kbdclass - ok
19:07:24.0694 4692    kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:07:24.0694 4692    kbdhid - ok
19:07:24.0794 4692    KSecDD          (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
19:07:24.0796 4692    KSecDD - ok
19:07:24.0866 4692    KSecPkg         (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
19:07:24.0867 4692    KSecPkg - ok
19:07:24.0937 4692    ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:07:24.0938 4692    ksthunk - ok
19:07:25.0048 4692    L1C             (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
19:07:25.0049 4692    L1C - ok
19:07:25.0180 4692    lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:07:25.0182 4692    lltdio - ok
19:07:25.0300 4692    LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:07:25.0301 4692    LSI_FC - ok
19:07:25.0375 4692    LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:07:25.0377 4692    LSI_SAS - ok
19:07:25.0436 4692    LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:07:25.0437 4692    LSI_SAS2 - ok
19:07:25.0543 4692    LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:07:25.0544 4692    LSI_SCSI - ok
19:07:25.0639 4692    luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:07:25.0640 4692    luafv - ok
19:07:25.0774 4692    MBAMProtector   (92eb844d90615cb266f84c3202b8786e) C:\Windows\system32\drivers\mbam.sys
19:07:25.0774 4692    MBAMProtector - ok
19:07:25.0922 4692    megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:07:25.0923 4692    megasas - ok
19:07:26.0036 4692    MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:07:26.0040 4692    MegaSR - ok
19:07:26.0161 4692    Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:07:26.0162 4692    Modem - ok
19:07:26.0274 4692    monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:07:26.0275 4692    monitor - ok
19:07:26.0386 4692    mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:07:26.0387 4692    mouclass - ok
19:07:26.0414 4692    mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:07:26.0414 4692    mouhid - ok
19:07:26.0523 4692    mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:07:26.0525 4692    mountmgr - ok
19:07:26.0676 4692    mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:07:26.0678 4692    mpio - ok
19:07:26.0769 4692    mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:07:26.0770 4692    mpsdrv - ok
19:07:26.0845 4692    MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:07:26.0846 4692    MRxDAV - ok
19:07:26.0927 4692    mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:07:26.0928 4692    mrxsmb - ok
19:07:27.0056 4692    mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:07:27.0058 4692    mrxsmb10 - ok
19:07:27.0172 4692    mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:07:27.0174 4692    mrxsmb20 - ok
19:07:27.0266 4692    msahci          (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
19:07:27.0267 4692    msahci - ok
19:07:27.0358 4692    msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:07:27.0360 4692    msdsm - ok
19:07:27.0471 4692    Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:07:27.0472 4692    Msfs - ok
19:07:27.0572 4692    mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:07:27.0573 4692    mshidkmdf - ok
19:07:27.0632 4692    msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:07:27.0632 4692    msisadrv - ok
19:07:27.0703 4692    MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:07:27.0704 4692    MSKSSRV - ok
19:07:27.0774 4692    MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:07:27.0775 4692    MSPCLOCK - ok
19:07:27.0842 4692    MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:07:27.0842 4692    MSPQM - ok
19:07:27.0918 4692    MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:07:27.0920 4692    MsRPC - ok
19:07:27.0991 4692    mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:07:27.0992 4692    mssmbios - ok
19:07:28.0088 4692    MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:07:28.0089 4692    MSTEE - ok
19:07:28.0122 4692    MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:07:28.0123 4692    MTConfig - ok
19:07:28.0199 4692    Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:07:28.0200 4692    Mup - ok
19:07:28.0331 4692    NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:07:28.0334 4692    NativeWifiP - ok
19:07:28.0466 4692    NDIS            (a3151b3463eea7e47f618f115d0d142e) C:\Windows\system32\drivers\ndis.sys
19:07:28.0474 4692    NDIS - ok
19:07:28.0598 4692    NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:07:28.0600 4692    NdisCap - ok
19:07:28.0701 4692    NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:07:28.0701 4692    NdisTapi - ok
19:07:28.0781 4692    Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:07:28.0782 4692    Ndisuio - ok
19:07:28.0857 4692    NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:07:28.0859 4692    NdisWan - ok
19:07:28.0891 4692    NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:07:28.0892 4692    NDProxy - ok
19:07:28.0985 4692    NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:07:28.0987 4692    NetBIOS - ok
19:07:29.0020 4692    NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:07:29.0024 4692    NetBT - ok
19:07:29.0152 4692    nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:07:29.0153 4692    nfrd960 - ok
19:07:29.0254 4692    Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:07:29.0255 4692    Npfs - ok
19:07:29.0272 4692    nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:07:29.0273 4692    nsiproxy - ok
19:07:29.0419 4692    Ntfs            (184c189d4fc416978550fc599bb4edda) C:\Windows\system32\drivers\Ntfs.sys
19:07:29.0430 4692    Ntfs - ok
19:07:29.0529 4692    Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:07:29.0529 4692    Null - ok
19:07:29.0630 4692    nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\DRIVERS\nvraid.sys
19:07:29.0631 4692    nvraid - ok
19:07:29.0729 4692    nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\DRIVERS\nvstor.sys
19:07:29.0731 4692    nvstor - ok
19:07:29.0784 4692    nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:07:29.0785 4692    nv_agp - ok
19:07:29.0888 4692    ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:07:29.0889 4692    ohci1394 - ok
19:07:29.0923 4692    Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:07:29.0924 4692    Parport - ok
19:07:30.0016 4692    partmgr         (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
19:07:30.0017 4692    partmgr - ok
19:07:30.0077 4692    pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:07:30.0079 4692    pci - ok
19:07:30.0301 4692    pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:07:30.0302 4692    pciide - ok
19:07:30.0482 4692    pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:07:30.0484 4692    pcmcia - ok
19:07:30.0592 4692    pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:07:30.0593 4692    pcw - ok
19:07:30.0681 4692    PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:07:30.0686 4692    PEAUTH - ok
19:07:30.0835 4692    PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:07:30.0836 4692    PptpMiniport - ok
19:07:30.0853 4692    Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:07:30.0854 4692    Processor - ok
19:07:30.0978 4692    Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:07:30.0979 4692    Psched - ok
19:07:31.0018 4692    PSI             (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
19:07:31.0018 4692    PSI - ok
19:07:31.0155 4692    ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:07:31.0165 4692    ql2300 - ok
19:07:31.0261 4692    ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:07:31.0262 4692    ql40xx - ok
19:07:31.0324 4692    QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:07:31.0325 4692    QWAVEdrv - ok
19:07:31.0377 4692    RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:07:31.0378 4692    RasAcd - ok
19:07:31.0480 4692    RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:07:31.0481 4692    RasAgileVpn - ok
19:07:31.0589 4692    Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:07:31.0590 4692    Rasl2tp - ok
19:07:31.0663 4692    RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:07:31.0664 4692    RasPppoe - ok
19:07:31.0733 4692    RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:07:31.0735 4692    RasSstp - ok
19:07:31.0839 4692    rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:07:31.0841 4692    rdbss - ok
19:07:31.0937 4692    rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:07:31.0938 4692    rdpbus - ok
19:07:32.0056 4692    RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:07:32.0057 4692    RDPCDD - ok
19:07:32.0176 4692    RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:07:32.0177 4692    RDPENCDD - ok
19:07:32.0289 4692    RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:07:32.0289 4692    RDPREFMP - ok
19:07:32.0389 4692    RDPWD           (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
19:07:32.0391 4692    RDPWD - ok
19:07:32.0507 4692    rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:07:32.0509 4692    rdyboost - ok
19:07:32.0618 4692    RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:07:32.0620 4692    RFCOMM - ok
19:07:32.0740 4692    rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:07:32.0741 4692    rspndr - ok
19:07:32.0772 4692    sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:07:32.0773 4692    sbp2port - ok
19:07:32.0906 4692    scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:07:32.0907 4692    scfilter - ok
19:07:33.0020 4692    secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:07:33.0020 4692    secdrv - ok
19:07:33.0136 4692    Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:07:33.0136 4692    Serenum - ok
19:07:33.0179 4692    Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:07:33.0180 4692    Serial - ok
19:07:33.0258 4692    sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:07:33.0259 4692    sermouse - ok
19:07:33.0315 4692    sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:07:33.0315 4692    sffdisk - ok
19:07:33.0403 4692    sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:07:33.0404 4692    sffp_mmc - ok
19:07:33.0462 4692    sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:07:33.0463 4692    sffp_sd - ok
19:07:33.0500 4692    sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:07:33.0501 4692    sfloppy - ok
19:07:33.0590 4692    SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:07:33.0591 4692    SiSRaid2 - ok
19:07:33.0636 4692    SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:07:33.0637 4692    SiSRaid4 - ok
19:07:33.0750 4692    Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:07:33.0751 4692    Smb - ok
19:07:33.0833 4692    spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:07:33.0834 4692    spldr - ok
19:07:33.0910 4692    srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:07:33.0913 4692    srv - ok
19:07:33.0978 4692    srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:07:33.0981 4692    srv2 - ok
19:07:34.0075 4692    srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:07:34.0077 4692    srvnet - ok
19:07:34.0176 4692    stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:07:34.0176 4692    stexstor - ok
19:07:34.0219 4692    swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:07:34.0220 4692    swenum - ok
19:07:34.0279 4692    szkg5 - ok
19:07:34.0405 4692    Tcpip           (5cfb7ab8f9524d1a1e14369de63b83cc) C:\Windows\system32\drivers\tcpip.sys
19:07:34.0417 4692    Tcpip - ok
19:07:34.0561 4692    TCPIP6          (5cfb7ab8f9524d1a1e14369de63b83cc) C:\Windows\system32\DRIVERS\tcpip.sys
19:07:34.0574 4692    TCPIP6 - ok
19:07:34.0673 4692    tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:07:34.0675 4692    tcpipreg - ok
19:07:34.0791 4692    TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:07:34.0792 4692    TDPIPE - ok
19:07:34.0827 4692    TDTCP           (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
19:07:34.0828 4692    TDTCP - ok
19:07:34.0927 4692    tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:07:34.0928 4692    tdx - ok
19:07:35.0025 4692    TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:07:35.0026 4692    TermDD - ok
19:07:35.0145 4692    tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:07:35.0146 4692    tssecsrv - ok
19:07:35.0267 4692    tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:07:35.0269 4692    tunnel - ok
19:07:35.0326 4692    uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:07:35.0326 4692    uagp35 - ok
19:07:35.0383 4692    udfs            (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
19:07:35.0386 4692    udfs - ok
19:07:35.0495 4692    uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:07:35.0496 4692    uliagpkx - ok
19:07:35.0602 4692    umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:07:35.0603 4692    umbus - ok
19:07:35.0618 4692    UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:07:35.0619 4692    UmPass - ok
19:07:35.0716 4692    usbccgp         (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
19:07:35.0717 4692    usbccgp - ok
19:07:35.0829 4692    usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:07:35.0830 4692    usbcir - ok
19:07:35.0931 4692    usbehci         (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
19:07:35.0932 4692    usbehci - ok
19:07:36.0050 4692    usbhub          (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
19:07:36.0052 4692    usbhub - ok
19:07:36.0085 4692    usbohci         (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys
19:07:36.0086 4692    usbohci - ok
19:07:36.0200 4692    usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:07:36.0201 4692    usbprint - ok
19:07:36.0223 4692    USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:07:36.0224 4692    USBSTOR - ok
19:07:36.0322 4692    usbuhci         (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
19:07:36.0323 4692    usbuhci - ok
19:07:36.0431 4692    usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
19:07:36.0432 4692    usbvideo - ok
19:07:36.0646 4692    vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:07:36.0646 4692    vdrvroot - ok
19:07:36.0764 4692    vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:07:36.0765 4692    vga - ok
19:07:36.0863 4692    VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:07:36.0864 4692    VgaSave - ok
19:07:36.0968 4692    vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:07:36.0970 4692    vhdmp - ok
19:07:37.0010 4692    viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:07:37.0011 4692    viaide - ok
19:07:37.0092 4692    volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:07:37.0093 4692    volmgr - ok
19:07:37.0119 4692    volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:07:37.0121 4692    volmgrx - ok
19:07:37.0217 4692    volsnap         (9e425ac5c9a5a973273d169f43b4f5e1) C:\Windows\system32\drivers\volsnap.sys
19:07:37.0219 4692    volsnap - ok
19:07:37.0325 4692    vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:07:37.0326 4692    vsmraid - ok
19:07:37.0431 4692    vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:07:37.0432 4692    vwifibus - ok
19:07:37.0528 4692    vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:07:37.0529 4692    vwififlt - ok
19:07:37.0620 4692    WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:07:37.0621 4692    WacomPen - ok
19:07:37.0745 4692    WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:07:37.0746 4692    WANARP - ok
19:07:37.0768 4692    Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:07:37.0770 4692    Wanarpv6 - ok
19:07:37.0906 4692    Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:07:37.0906 4692    Wd - ok
19:07:37.0960 4692    Wdf01000        (442783e2cb0da19873b7a63833ff4cb4) C:\Windows\system32\drivers\Wdf01000.sys
19:07:37.0965 4692    Wdf01000 - ok
19:07:38.0110 4692    WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:07:38.0111 4692    WfpLwf - ok
19:07:38.0170 4692    WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:07:38.0171 4692    WIMMount - ok
19:07:38.0298 4692    WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:07:38.0298 4692    WmiAcpi - ok
19:07:38.0398 4692    ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:07:38.0399 4692    ws2ifsl - ok
19:07:38.0465 4692    WudfPf          (ab886378eeb55c6c75b4f2d14b6c869f) C:\Windows\system32\drivers\WudfPf.sys
19:07:38.0467 4692    WudfPf - ok
19:07:38.0588 4692    WUDFRd          (dda4caf29d8c0a297f886bfe561e6659) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:07:38.0590 4692    WUDFRd - ok
19:07:38.0627 4692    MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:07:39.0764 4692    \Device\Harddisk0\DR0 - ok
19:07:39.0799 4692    Boot (0x1200)   (7e460d68a8f7b6f5995973295ff96807) \Device\Harddisk0\DR0\Partition0
19:07:39.0800 4692    \Device\Harddisk0\DR0\Partition0 - ok
19:07:39.0817 4692    Boot (0x1200)   (fffe634ae9b913b3e272742c70615683) \Device\Harddisk0\DR0\Partition1
19:07:39.0817 4692    \Device\Harddisk0\DR0\Partition1 - ok
19:07:39.0820 4692    ============================================================
19:07:39.0820 4692    Scan finished
19:07:39.0820 4692    ============================================================
19:07:39.0833 3592    Detected object count: 0
19:07:39.0833 3592    Actual detected object count: 0
 

 

 
 
here is aswmbr:
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-12 22:10:39
-----------------------------
22:10:39.760    OS Version: Windows x64 6.1.7600 
22:10:39.761    Number of processors: 2 586 0x2505
22:10:39.761    ComputerName: GABRIEL-PC  UserName: Gabriel
22:10:41.576    Initialize success
22:11:46.263    AVAST engine defs: 13021201
22:11:48.016    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:11:48.021    Disk 0 Vendor: TOSHIBA_MK3276GSX GS002D Size: 305245MB BusType: 11
22:11:48.169    Disk 0 MBR read successfully
22:11:48.175    Disk 0 MBR scan
22:11:48.185    Disk 0 Windows VISTA default MBR code
22:11:48.191    Disk 0 Partition 1 00     DE Dell Utility DELL 4.1       39 MB offset 63
22:11:48.229    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15166 MB offset 81920
22:11:48.246    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       290038 MB offset 31141888
22:11:48.284    Disk 0 scanning C:\Windows\system32\drivers
22:12:01.563    Service scanning
22:12:34.239    Modules scanning
22:12:34.256    Disk 0 trace - called modules:
22:12:34.279    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
22:12:34.611    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80032da400]
22:12:34.621    3 CLASSPNP.SYS[fffff8800148b43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002c71680]
22:12:35.688    AVAST engine scan C:\Windows
22:12:37.577    AVAST engine scan C:\Windows\system32
22:16:41.157    AVAST engine scan C:\Windows\system32\drivers
22:16:53.501    AVAST engine scan C:\Users\Gabriel
22:17:51.529    Disk 0 MBR has been saved successfully to "C:\Users\Gabriel\Desktop\MBR.dat"
22:17:51.540    The log file has been saved successfully to "C:\Users\Gabriel\Desktop\aswMBR.txt"
 


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:35 PM

Posted 13 February 2013 - 09:41 PM

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.  You can also right click on the link and select Save Link As

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log



#7 slaboskg

slaboskg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 13 February 2013 - 10:57 PM

MAlware bytes:

 

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.02.14.02
 
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Gabriel :: GABRIEL-PC [administrator]
 
2/13/2013 10:06:14 PM
mbam-log-2013-02-13 (22-06-14).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236816
Time elapsed: 5 minute(s), 52 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
MiniToolBox by Farbar  Version:10-01-2013
Ran by Gabriel (administrator) on 13-02-2013 at 22:08:33
Running from "C:\Users\Gabriel\Downloads"
Windows 7 Home Premium  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.type", 0
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
::1 localhost
 
 
127.0.0.1 localhost
 
========================= IP Configuration: ================================
 
DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Atheros AR8152 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Gabriel-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.mi.comcast.net.
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR8152 PCI-E Fast Ethernet Controller
   Physical Address. . . . . . . . . : F0-4D-A2-57-86-B4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 88-9F-FA-B1-C5-E7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : hsd1.mi.comcast.net.
   Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card
   Physical Address. . . . . . . . . : 1C-65-9D-E8-EA-48
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::98cf:2943:29b7:e4cb%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.0.17(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, February 13, 2013 10:02:15 PM
   Lease Expires . . . . . . . . . . : Wednesday, February 20, 2013 10:02:14 PM
   Default Gateway . . . . . . . . . : 10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 186410397
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-13-B0-2D-1C-65-9D-E8-EA-48
   DNS Servers . . . . . . . . . . . : 75.75.76.76
                                       75.75.75.75
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:833:26d8:f5ff:ffee(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::833:26d8:f5ff:ffee%15(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.hsd1.mi.comcast.net.:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.mi.comcast.net.
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{6B67CC9F-B8C4-41AD-B772-90949F15E028}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{23E24862-F5DE-4CD2-9F7B-05FBB14A4479}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  cdns02.comcast.net
Address:  75.75.76.76
 
Name:    google.com
Addresses:  2607:f8b0:4009:803::1009
      74.125.225.7
      74.125.225.0
      74.125.225.14
      74.125.225.1
      74.125.225.8
      74.125.225.6
      74.125.225.3
      74.125.225.4
      74.125.225.9
      74.125.225.2
      74.125.225.5
 
 
Pinging google.com [74.125.225.72] with 32 bytes of data:
Reply from 74.125.225.72: bytes=32 time=20ms TTL=55
Reply from 74.125.225.72: bytes=32 time=21ms TTL=55
 
Ping statistics for 74.125.225.72:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 20ms, Maximum = 21ms, Average = 20ms
Server:  cdns02.comcast.net
Address:  75.75.76.76
 
Name:    yahoo.com
Addresses:  206.190.36.45
      98.138.253.109
      98.139.183.24
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=71ms TTL=51
Reply from 98.138.253.109: bytes=32 time=78ms TTL=51
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 71ms, Maximum = 78ms, Average = 74ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...f0 4d a2 57 86 b4 ......Atheros AR8152 PCI-E Fast Ethernet Controller
 12...88 9f fa b1 c5 e7 ......Bluetooth Device (Personal Area Network)
 11...1c 65 9d e8 ea 48 ......DW1501 Wireless-N WLAN Half-Mini Card
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1        10.0.0.17     25
         10.0.0.0    255.255.255.0         On-link         10.0.0.17    281
        10.0.0.17  255.255.255.255         On-link         10.0.0.17    281
       10.0.0.255  255.255.255.255         On-link         10.0.0.17    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         10.0.0.17    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         10.0.0.17    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 15     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 15     58 2001::/32                On-link
 15    306 2001:0:9d38:953c:833:26d8:f5ff:ffee/128
                                    On-link
 11    281 fe80::/64                On-link
 15    306 fe80::/64                On-link
 15    306 fe80::833:26d8:f5ff:ffee/128
                                    On-link
 11    281 fe80::98cf:2943:29b7:e4cb/128
                                    On-link
  1    306 ff00::/8                 On-link
 15    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [35840] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [46592] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (02/13/2013 07:09:44 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error: (02/13/2013 07:09:40 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error: (02/13/2013 00:46:06 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error: (02/13/2013 00:45:51 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (02/13/2013 00:45:28 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error: (02/12/2013 10:19:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error: (02/12/2013 10:19:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error: (02/12/2013 08:50:18 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}wltrynt SENS Logon Spy Subscription
 
Error: (02/12/2013 01:57:41 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (02/11/2013 00:06:45 AM) (Source: Application Error) (User: )
Description: Faulting application name: qbw32.exe, version: 22.0.4005.2206, time stamp: 0x4ede3917
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x059ac760
Faulting process id: 0x1e00
Faulting application start time: 0xqbw32.exe0
Faulting application path: qbw32.exe1
Faulting module path: qbw32.exe2
Report Id: qbw32.exe3
 
 
System errors:
=============
Error: (02/13/2013 10:02:31 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
is3srv
 
Error: (02/13/2013 10:02:20 PM) (Source: Service Control Manager) (User: )
Description: The WajamUpdater service failed to start due to the following error: 
%%2
 
Error: (02/13/2013 08:17:39 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (02/13/2013 04:55:54 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (02/13/2013 03:31:12 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
is3srv
 
Error: (02/13/2013 03:31:03 AM) (Source: Service Control Manager) (User: )
Description: The WajamUpdater service failed to start due to the following error: 
%%2
 
Error: (02/12/2013 09:50:48 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
is3srv
 
Error: (02/12/2013 09:50:38 PM) (Source: Service Control Manager) (User: )
Description: The WajamUpdater service failed to start due to the following error: 
%%2
 
Error: (02/12/2013 07:11:35 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
is3srv
 
Error: (02/12/2013 07:11:26 PM) (Source: Service Control Manager) (User: )
Description: The WajamUpdater service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (02/13/2013 07:09:44 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Gabriel\Downloads\esetsmartinstaller_enu (1).exe
 
Error: (02/13/2013 07:09:40 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Gabriel\Downloads\esetsmartinstaller_enu (1).exe
 
Error: (02/13/2013 00:46:06 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestc:\Users\Gabriel\downloads\esetsmartinstaller_enu.exe
 
Error: (02/13/2013 00:45:51 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
 
Error: (02/13/2013 00:45:28 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (02/12/2013 10:19:38 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Gabriel\Downloads\esetsmartinstaller_enu.exe
 
Error: (02/12/2013 10:19:31 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Gabriel\Downloads\esetsmartinstaller_enu.exe
 
Error: (02/12/2013 08:50:18 AM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}wltrynt SENS Logon Spy Subscription
 
Error: (02/12/2013 01:57:41 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
 
Error: (02/11/2013 00:06:45 AM) (Source: Application Error)(User: )
Description: qbw32.exe22.0.4005.22064ede3917unknown0.0.0.000000000c0000005059ac7601e0001ce07e9ec6b5ddaC:\Program Files (x86)\Intuit\QuickBooks 2012\qbw32.exeunknownd47736ce-7408-11e2-8a3c-f04da25786b4
 
 
=========================== Installed Programs ============================
 
µTorrent (Version: 3.3.0.29082)
24x7 Help (Version: 1.0.0.20)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.149)
Adobe Flash Player 11 Plugin (Version: 11.5.502.149)
Adobe Reader X (10.1.3) (Version: 10.1.3)
ARO 2011 (Version: 7.0)
Ask Toolbar (Version: 1.13.1.0)
Avira Free Antivirus (Version: 12.1.9.1236)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Dell Edoc Viewer (Version: 1.0.0)
DW WLAN Card Utility (Version: 5.60.48.18)
EPSON Artisan 730 Series Printer Uninstall
ESET Online Scanner v3
Google Chrome (Version: 64.228.63)
Google Drive (Version: 1.7.4018.3496)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.123)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2104)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 29 (64-bit) (Version: 6.0.290)
Java™ 6 Update 30 (Version: 6.0.300)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office XP Small Business (Version: 10.0.2627.01)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 18.0 (x86 en-US) (Version: 18.0)
Mozilla Maintenance Service (Version: 18.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
PC Fix Speed 1.2.0.24 (Version: 1.2.0.24)
QuickBooks (Version: 22.0.4005.2206)
QuickBooks 2012 Company Files
QuickBooks Premier: Accountant Edition 2012 (Version: 22.0.4005.2206)
Search Protect by conduit (Version: 1.3.0.184)
Secunia PSI (2.0.0.4003) (Version: 2.0.0.4003)
Skype Click to Call (Version: 5.8.8855)
Skype™ 5.8 (Version: 5.8.154)
Spybot - Search & Destroy (Version: 1.6.2)
STOPzilla (Version: 5.0.97.33)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
WhiteSmoke B Toolbar (Version: 6.10.3.804)
WIDCOMM Bluetooth Software (Version: 6.2.0.9600)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 61%
Total physical RAM: 2932.52 MB
Available physical RAM: 1143.38 MB
Total Pagefile: 5863.15 MB
Available Pagefile: 3621.79 MB
Total Virtual: 4095.88 MB
Available Virtual: 3960.41 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:283.24 GB) (Free:235.7 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\GABRIEL-PC
 
Administrator            Gabriel                  Guest                    
Jane                     
 
 
**** End of log ****
 
 
Farbar Service Scanner Version: 10-02-2013
Ran by Gabriel (administrator) on 13-02-2013 at 22:11:07
Running from "C:\Users\Gabriel\Downloads"
Windows 7 Home Premium  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-02-12 19:28] - [2013-01-04 00:41] - 1893224 ____A (Microsoft Corporation) 5CFB7AB8F9524D1A1E14369DE63B83CC
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
# AdwCleaner v2.112 - Logfile created 02/13/2013 at 22:14:22
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium  (64 bits)
# User : Gabriel - GABRIEL-PC
# Boot Mode : Normal
# Running from : C:\Users\Gabriel\Downloads\AdwCleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
Found : 24x7HelpSvc
Found : CltMngSvc
Found : WajamUpdater
 
***** [Files / Folders] *****
 
File Found : C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\ep2agqvt.default\searchplugins\Conduit.xml
File Found : C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\ep2agqvt.default\searchplugins\funmoods.xml
File Found : C:\Users\Public\Desktop\24x7 Help.lnk
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\Wajam
Folder Found : C:\Program Files (x86)\WhiteSmoke_B
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help
Folder Found : C:\Users\Gabriel\AppData\Local\Conduit
Folder Found : C:\Users\Gabriel\AppData\Local\SwvUpdater
Folder Found : C:\Users\Gabriel\AppData\Local\Temp\CT3279141
Folder Found : C:\Users\Gabriel\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Gabriel\AppData\LocalLow\Conduit
Folder Found : C:\Users\Gabriel\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Gabriel\AppData\LocalLow\WhiteSmoke_B
Folder Found : C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\ep2agqvt.default\CT3279141
Folder Found : C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\ep2agqvt.default\extensions\{f0e59437-6148-4a98-b0a6-60d557ef57f4}
Folder Found : C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\ep2agqvt.default\extensions\ffxtlbr@funmoods.com
Folder Found : C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\ep2agqvt.default\Smartbar
Folder Found : C:\Users\Gabriel\AppData\Roaming\SearchProtect
Folder Found : C:\Users\Jane\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Jane\AppData\LocalLow\Conduit
Folder Found : C:\Users\Jane\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Jane\AppData\LocalLow\WhiteSmoke_B
Folder Found : C:\Users\Jane\AppData\Roaming\SearchProtect
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
 
***** [Registry] *****
 
Key Found : HKCU\Software\24x7HELP
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\WhiteSmoke_B
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181102}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181102}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97A5591D-4C09-4E06-9228-AC433B73650C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\24x7HELP
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021802.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021802.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3279141
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181102}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{97A5591D-4C09-4E06-9228-AC433B73650C}
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\WhiteSmoke_B
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97A5591D-4C09-4E06-9228-AC433B73650C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{09B1E734-F2E9-49ED-916A-8ECED944EB8D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181102}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7C6BAD7-BA87-4905-AE2A-8705F8B2CBE1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181102}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_B Toolbar
Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F0E59437-6148-4A98-B0A6-60D557EF57F4}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F0E59437-6148-4A98-B0A6-60D557EF57F4}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F0E59437-6148-4A98-B0A6-60D557EF57F4}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F0E59437-6148-4A98-B0A6-60D557EF57F4}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16464
 
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3279141&octid=CT3279141&SearchSource=61&CUI=UN91476669387492667&UM=UM_ID&UP=SP1ECB8BB0-9C78-4534-B46A-B6D2AC85B46A&SSPV=SP_IEWSP06
 
-\\ Mozilla Firefox v18.0 (en-US)
 
File : C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\ep2agqvt.default\prefs.js
 
Found : user_pref("CT3279141.1000082.isPlayDisplay", "true");
Found : user_pref("CT3279141.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description[...]
Found : user_pref("CT3279141.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3279141.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3279141.FirstTime", "true");
Found : user_pref("CT3279141.FirstTimeFF3", "true");
Found : user_pref("CT3279141.LoginRevertSettingsEnabled", true);
Found : user_pref("CT3279141.PG_ENABLE", "dHJ1ZQ==");
Found : user_pref("CT3279141.PG_ENABLE.enc", "dHJ1ZQ==");
Found : user_pref("CT3279141.RevertSettingsEnabled", true);
Found : user_pref("CT3279141.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT327[...]
Found : user_pref("CT3279141.UserID", "UN37550646713729234");
Found : user_pref("CT3279141.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3279141.autoDisableScopes", -1);
Found : user_pref("CT3279141.browser.search.defaultthis.engineName", "true");
Found : user_pref("CT3279141.cbfirsttime.enc", "VHVlIEZlYiAwNSAyMDEzIDA5OjQ3OjE5IEdNVC0wNTAwIChFYXN0ZXJuIFN0[...]
Found : user_pref("CT3279141.defaultSearch", "true");
Found : user_pref("CT3279141.embeddedsData", "[{\"appId\":\"130028020976478709\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3279141.enableAlerts", "always");
Found : user_pref("CT3279141.enableFix404ByUser", "TRUE");
Found : user_pref("CT3279141.enableSearchFromAddressBar", "true");
Found : user_pref("CT3279141.firstTimeDialogOpened", "true");
Found : user_pref("CT3279141.fixPageNotFoundError", "true");
Found : user_pref("CT3279141.fixPageNotFoundErrorByUser", "true");
Found : user_pref("CT3279141.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3279141.fixUrls", true);
Found : user_pref("CT3279141.hxxp___api21_starwebnet_com.pid2.enc", "OTYyMGQzZjMzNzY5NzVkNw==");
Found : user_pref("CT3279141.hxxp___api22_starwebnet_com.pid2.enc", "OTYyMGQzZjMzNzY5NzVkNw==");
Found : user_pref("CT3279141.hxxp___api31_starwebnet_com.pid2.enc", "OTYyMGQzZjMzNzY5NzVkNw==");
Found : user_pref("CT3279141.installDate", "5/2/2013 9:43:29");
Found : user_pref("CT3279141.installId", "9818");
Found : user_pref("CT3279141.installType", "conduitnsisintegration");
Found : user_pref("CT3279141.isCheckedStartAsHidden", true);
Found : user_pref("CT3279141.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3279141.isFirstTimeToolbarLoading", "false");
Found : user_pref("CT3279141.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3279141.keyword", "true");
Found : user_pref("CT3279141.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Found : user_pref("CT3279141.lastVersion", "10.14.42.9");
Found : user_pref("CT3279141.mam_gk_CouponBuddy_appState.enc", "b24=");
Found : user_pref("CT3279141.mam_gk_PriceGong_appState.enc", "b24=");
Found : user_pref("CT3279141.mam_gk_appStateReportTime.enc", "MTM2MDcyMjAyMTAzOQ==");
Found : user_pref("CT3279141.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Found : user_pref("CT3279141.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Found : user_pref("CT3279141.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]
Found : user_pref("CT3279141.mam_gk_currentVersion.enc", "MS40LjAuNA==");
Found : user_pref("CT3279141.mam_gk_eventsCache.enc", "eyJmNGIyYzI0OC1iOTE0LTQwNDktODIwYS1jZTlhZmM3MjI1OTciO[...]
Found : user_pref("CT3279141.mam_gk_first_time.enc", "MQ==");
Found : user_pref("CT3279141.mam_gk_gadgetOpen.enc", "MA==");
Found : user_pref("CT3279141.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Found : user_pref("CT3279141.mam_gk_lastLoginTime.enc", "MTM2MDcyMjAxNjk2Mw==");
Found : user_pref("CT3279141.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Found : user_pref("CT3279141.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Found : user_pref("CT3279141.mam_gk_settings1.2.0.12.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVy[...]
Found : user_pref("CT3279141.mam_gk_settings1.4.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Found : user_pref("CT3279141.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Found : user_pref("CT3279141.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Found : user_pref("CT3279141.mam_gk_userId.enc", "NDdjOTNiNGYtOWNjYy00NTk0LWIzMWYtMWI1NTg4ZWUxNTg4");
Found : user_pref("CT3279141.mam_gk_user_apps_selection.enc", "");
Found : user_pref("CT3279141.migrateAppsAndComponents", true);
Found : user_pref("CT3279141.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Found : user_pref("CT3279141.openThankYouPage", "false");
Found : user_pref("CT3279141.openUninstallPage", "true");
Found : user_pref("CT3279141.price-gong.isManagedApp", "true");
Found : user_pref("CT3279141.revertSettingsEnabled", "true");
Found : user_pref("CT3279141.search.searchAppId", "130028020976478709");
Found : user_pref("CT3279141.search.searchCount", "0");
Found : user_pref("CT3279141.searchInNewTabEnabledByUser", "true");
Found : user_pref("CT3279141.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3279141.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3279141.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3279141.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3279141.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1360075634961");
Found : user_pref("CT3279141.serviceLayer_services_appsMetadata_lastUpdate", "1360722130063");
Found : user_pref("CT3279141.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1360075634819");
Found : user_pref("CT3279141.serviceLayer_services_login_10.14.42.9_lastUpdate", "1360722130359");
Found : user_pref("CT3279141.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1360075634878");
Found : user_pref("CT3279141.serviceLayer_services_searchAPI_lastUpdate", "1360722129368");
Found : user_pref("CT3279141.serviceLayer_services_serviceMap_lastUpdate", "1360722126340");
Found : user_pref("CT3279141.serviceLayer_services_toolbarContextMenu_lastUpdate", "1360075634411");
Found : user_pref("CT3279141.serviceLayer_services_toolbarSettings_lastUpdate", "1360722130069");
Found : user_pref("CT3279141.serviceLayer_services_translation_lastUpdate", "1360722130101");
Found : user_pref("CT3279141.settingsINI", true);
Found : user_pref("CT3279141.shouldFirstTimeDialog", "false");
Found : user_pref("CT3279141.smartbar.CTID", "CT3279141");
Found : user_pref("CT3279141.smartbar.Uninstall", "0");
Found : user_pref("CT3279141.smartbar.homepage", true);
Found : user_pref("CT3279141.smartbar.toolbarName", "WhiteSmoke B ");
Found : user_pref("CT3279141.startPage", "true");
Found : user_pref("CT3279141.toolbarBornServerTime", "5-2-2013");
Found : user_pref("CT3279141.toolbarCurrentServerTime", "13-2-2013");
Found : user_pref("CT3279141_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "");
Found : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke B Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3279141");
Found : user_pref("browser.search.defaultenginename", "Funmoods");
Found : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke B Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&Sea[...]
Found : user_pref("browser.search.selectedEngine", "WhiteSmoke B Customized Web Search");
Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3279141&octid=CT3279141&Sea[...]
Found : user_pref("ct3279141.UserID", "UN37550646713729234");
Found : user_pref("extensions.crossriderapp21802.21802.InstallationThankYouPage", true);
Found : user_pref("extensions.crossriderapp21802.21802.InstallationTime", 1360075490);
Found : user_pref("extensions.crossriderapp21802.21802.InstallationUserSettings.searchUserConifrmation", fal[...]
Found : user_pref("extensions.crossriderapp21802.21802.InstallationUserSettings.setHomepage", false);
Found : user_pref("extensions.crossriderapp21802.21802.InstallationUserSettings.setNewTab", false);
Found : user_pref("extensions.crossriderapp21802.21802.InstallationUserSettings.setSearch", false);
Found : user_pref("extensions.crossriderapp21802.21802.active", true);
Found : user_pref("extensions.crossriderapp21802.21802.addressbar", "");
Found : user_pref("extensions.crossriderapp21802.21802.addressbarenhanced", "");
Found : user_pref("extensions.crossriderapp21802.21802.backgroundjs", "\n\n//\n");
Found : user_pref("extensions.crossriderapp21802.21802.backgroundver", 30);
Found : user_pref("extensions.crossriderapp21802.21802.can_run_bg_code", true);
Found : user_pref("extensions.crossriderapp21802.21802.certdomaininstaller", "");
Found : user_pref("extensions.crossriderapp21802.21802.changeprevious", false);
Found : user_pref("extensions.crossriderapp21802.21802.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie.InstallationTime.value", "1360075490");
Found : user_pref("extensions.crossriderapp21802.21802.cookie.InstallerParams.expiration", "Fri Feb 01 2030 [...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_aoi.value", "1360075490");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:0[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_cf_bu1.value", "1360538739");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_country_code.expiration", "Tue Feb 19 201[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_country_code.value", "%22US%22");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_crr.value", "1360800086");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_currenttime.value", "%221360453451%22");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_hotfix20111102645.value", "%221%22");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_installer_params.value", "%7B%22source_id[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_installtime.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_installtime.value", "%221359648588%22");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_parent_zoneid.value", "%2274052%22");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_pc_20120828.value", "1360538737495");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_product_id.value", "%221269%22");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_zoneid.value", "%22139871%22");
Found : user_pref("extensions.crossriderapp21802.21802.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie.dbtest.value", "1360075661101");
Found : user_pref("extensions.crossriderapp21802.21802.description", "Shopping Sidekick");
Found : user_pref("extensions.crossriderapp21802.21802.domain", "");
Found : user_pref("extensions.crossriderapp21802.21802.enablesearch", false);
Found : user_pref("extensions.crossriderapp21802.21802.fbremoteurl", "");
Found : user_pref("extensions.crossriderapp21802.21802.group", 0);
Found : user_pref("extensions.crossriderapp21802.21802.homepage", "");
Found : user_pref("extensions.crossriderapp21802.21802.iframe", false);
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.InstallerIdentifiers.expiration", "Fri Feb[...]
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.InstallerIdentifiers.value", "%7B%22instal[...]
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_appVer.value", "44");
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_lastVersion.value", "1");
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_meta.value", "%7B%7D");
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_nextCheck.expiration", "Thu Feb [...]
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_nextCheck.value", "true");
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_queue.value", "%7B%7D");
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.SoftwareDetected.expiration", "Fri Feb 01 [...]
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.SoftwareDetected.value", "%7B%22AnySoftwar[...]
Found : user_pref("extensions.crossriderapp21802.21802.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
Found : user_pref("extensions.crossriderapp21802.21802.manifesturl", "");
Found : user_pref("extensions.crossriderapp21802.21802.name", "Shopping Sidekick Plugin");
Found : user_pref("extensions.crossriderapp21802.21802.newtab", "");
Found : user_pref("extensions.crossriderapp21802.21802.opensearch", "");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1.name", "base");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1.ver", 4);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000014.code", "Array.prototype.indexO[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000014.ver", 15);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000015.code", "var a=appAPI.db.getLis[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000015.name", "GPL Background (BG)");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000015.ver", 32);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_13.name", "CrossriderAppUtils");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_13.ver", 2);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_14.name", "CrossriderUtils");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_14.ver", 2);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_16.name", "FFAppAPIWrapper");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_16.ver", 4);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_17.name", "jQuery");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_17.ver", 3);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_21.name", "debug");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_21.ver", 3);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_22.name", "resources");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_22.ver", 2);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_28.name", "initializer");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_28.ver", 2);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_4.name", "jquery_1_7_1");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_4.ver", 3);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_47.name", "resources_background");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_47.ver", 1);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_64.name", "appApiMessage");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_64.ver", 1);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_72.name", "appApiValidation");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_72.ver", 1);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_78.name", "CrossriderInfo");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_78.ver", 2);
Found : user_pref("extensions.crossriderapp21802.21802.plugins_lists.plugins_0", "4,14,78,16,64,47,72,100001[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,2[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Found : user_pref("extensions.crossriderapp21802.21802.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
Found : user_pref("extensions.crossriderapp21802.21802.pluginsversion", 41);
Found : user_pref("extensions.crossriderapp21802.21802.publisher", "215 Apps");
Found : user_pref("extensions.crossriderapp21802.21802.searchstatus", 0);
Found : user_pref("extensions.crossriderapp21802.21802.setnewtab", false);
Found : user_pref("extensions.crossriderapp21802.21802.settingsurl", "");
Found : user_pref("extensions.crossriderapp21802.21802.thankyou", "");
Found : user_pref("extensions.crossriderapp21802.21802.updateinterval", 360);
Found : user_pref("extensions.crossriderapp21802.21802.ver", 44);
Found : user_pref("extensions.crossriderapp21802.adsOldValue", 10);
Found : user_pref("extensions.crossriderapp21802.apps", "21802");
Found : user_pref("extensions.crossriderapp21802.bic", "13caad3367dbe6ffbfe44b243350abf5");
Found : user_pref("extensions.crossriderapp21802.cid", 21802);
Found : user_pref("extensions.crossriderapp21802.firstrun", false);
Found : user_pref("extensions.crossriderapp21802.hadappinstalled", true);
Found : user_pref("extensions.crossriderapp21802.installationdate", 1360075634);
Found : user_pref("extensions.crossriderapp21802.lastcheck", 22675646);
Found : user_pref("extensions.crossriderapp21802.lastcheckitem", 22675646);
Found : user_pref("extensions.crossriderapp21802.modetype", "production");
Found : user_pref("extensions.crossriderapp21802.reportInstall", true);
Found : user_pref("extensions.enabledAddons", "ffxtlbr%40funmoods.com:1.5.1,extension21802%40extension21802.[...]
Found : user_pref("extensions.funmoods.aflt", "download");
Found : user_pref("extensions.funmoods.autoRvrt", false);
Found : user_pref("extensions.funmoods.dfltLng", "");
Found : user_pref("extensions.funmoods.dfltSrch", true);
Found : user_pref("extensions.funmoods.dnsErr", true);
Found : user_pref("extensions.funmoods.envrmnt", "production");
Found : user_pref("extensions.funmoods.excTlbr", true);
Found : user_pref("extensions.funmoods.hmpg", false);
Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd[...]
Found : user_pref("extensions.funmoods.id", "F04DA25786B4BD03");
Found : user_pref("extensions.funmoods.instlDay", "15636");
Found : user_pref("extensions.funmoods.instlRef", "download");
Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2217:46:25");
Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Found : user_pref("extensions.funmoods.newTab", false);
Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&[...]
Found : user_pref("extensions.funmoods.prdct", "funmoods");
Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods.smplGrp", "none");
Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods.tlbrId", "base");
Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=download&chnl=downloa[...]
Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2217:46:25");
Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Found : user_pref("extensions.funmoods_i.newTab", false);
Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2217:46:25");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=2&CU[...]
Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3279141&octid=CT3279141[...]
Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Found : user_pref("smartbar.machineId", "/EDZFBKODUZZWSV5CQ01OX7QXXMCYBYS3AINDLMZBIAKWWGE70QM9WAN7YJJOMCA4LS[...]
Found : user_pref("smartbar.originalHomepage", "about:home");
Found : user_pref("smartbar.originalSearchAddressUrl", "");
Found : user_pref("smartbar.originalSearchEngine", "Search");
 
-\\ Google Chrome v24.0.1312.57
 
File : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Users\Jane\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [38344 octets] - [13/02/2013 22:14:22]
 
########## EOF - C:\AdwCleaner[R1].txt - [38405 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.3 (02.12.2013:1)
OS: Windows 7 Home Premium x64
Ran by Gabriel on Wed 02/13/2013 at 22:27:08.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1036903982-3704318840-2887217120-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\pcfixspeed"
Successfully deleted: [Folder] "C:\Users\Gabriel\AppData\Roaming\pcfixspeed"
Successfully deleted: [Folder] "C:\Users\Gabriel\appdata\local\shopping sidekick plugin"
Successfully deleted: [Folder] "C:\Program Files (x86)\pcfixspeed"
Successfully deleted: [Folder] "C:\Program Files (x86)\shopping sidekick plugin"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc fix speed"
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Gabriel\AppData\Roaming\mozilla\firefox\profiles\ep2agqvt.default\prefs.js
 
user_pref("extensions.crossrider.bic", "13caad3367dbe6ffbfe44b243350abf5");
 
 
 
~~~ Chrome
 
Dumping contents of C:\Users\Gabriel\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\Gabriel\appdata\local\Google\Chrome\User Data\Default\Default\aadhgfdgdjgddjgcdcdjdddhdedeggdc
C:\Users\Gabriel\appdata\local\Google\Chrome\User Data\Default\Default\aadhgfdgdjgddjgcdcdjdddhdedeggdc\ContentScript.js
C:\Users\Gabriel\appdata\local\Google\Chrome\User Data\Default\Default\aadhgfdgdjgddjgcdcdjdddhdedeggdc\manifest.json
 
Successfully deleted: [Folder] C:\Users\Gabriel\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/13/2013 at 22:47:08.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Rkill 2.4.7 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 02/13/2013 10:49:41 PM in x64 mode.
Windows Version: Windows 7 Home Premium 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Users\Gabriel\Downloads\JRT.exe (PID: 2192) [UP-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]
 
Backup Registry file created at:
 C:\Users\Gabriel\Desktop\rkill\rkill-02-13-2013-10-49-53.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\.exe\shell found and deleted!
 
  * HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
  * HKCU\SOFTWARE\Classes\.exe has been deleted!
  * HKCU\SOFTWARE\Classes\exefile has been deleted!
 
 
Performing miscellaneous checks:
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1 localhost
  ::1 localhost
 
Program finished at: 02/13/2013 10:50:57 PM
Execution time: 0 hours(s), 1 minute(s), and 16 seconds(s)
 
"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms"    ""    ""    ""
+ "rdpclip"    ""    ""    "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "Broadcom Wireless Manager UI"    "DW WLAN Card Wireless Network Tray Applet"    "Dell Inc."    "c:\program files\dell\dw wlan card\wltray.exe"
+ "HotKeysCmds"    "hkcmd Module"    "Intel Corporation"    "c:\windows\system32\hkcmd.exe"
+ "IgfxTray"    "igfxTray Module"    "Intel Corporation"    "c:\windows\system32\igfxtray.exe"
+ "Persistence"    "persistence Module"    "Intel Corporation"    "c:\windows\system32\igfxpers.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "Adobe ARM"    "Adobe Reader and Acrobat Manager"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "avgnt"    "Avira System Tray Tool"    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\avgnt.exe"
+ "Intuit SyncManager"    "IntuitSyncManager"    "Intuit Inc. All rights reserved."    "c:\program files (x86)\common files\intuit\sync\intuitsyncmanager.exe"
+ "SunJavaUpdateSched"    "Java™ Update Scheduler"    "Sun Microsystems, Inc."    "c:\program files (x86)\common files\java\java update\jusched.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"    ""    ""    ""
+ "Bluetooth.lnk"    "Bluetooth Tray Application"    "Broadcom Corporation."    "c:\program files\widcomm\bluetooth software\bttray.exe"
+ "Intuit Data Protect.lnk"    "Intuit Data Protect"    "Intuit Inc."    "c:\program files (x86)\common files\intuit\dataprotect\intuitdataprotect.exe"
+ "McAfee Security Scan Plus.lnk"    "McAfee Security Scanner Scheduler"    "McAfee, Inc."    "c:\program files (x86)\mcafee security scan\3.0.318\ssscheduler.exe"
+ "Microsoft Office.lnk"    "Microsoft Office XP component"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office10\osa.exe"
+ "QuickBooks Update Agent.lnk"    "QuickBooks Automatic Update"    "Intuit Inc."    "c:\program files (x86)\common files\intuit\quickbooks\qbupdate\qbupdate.exe"
+ "QuickBooks_Standard_21.lnk"    "QuickBooks"    "Intuit Inc."    "c:\program files (x86)\intuit\quickbooks 2012\qbw32.exe"
+ "Secunia PSI Tray.lnk"    "Secunia PSI Tray"    "Secunia"    "c:\program files (x86)\secunia\psi\psi_tray.exe"
"C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"    ""    ""    ""
+ "OpenOffice.org 3.3.lnk"    ""    ""    "c:\program files (x86)\openoffice.org 3\program\quickstart.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"    ""    ""    ""
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components"    ""    ""    ""
+ "Google Chrome"    "Google Chrome"    "Google Inc."    "c:\program files (x86)\google\chrome\application\24.0.1312.57\installer\chrmstp.exe"
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "AROReminder"    "ARO 2011"    "Support.com"    "c:\program files (x86)\aro 2011\aro.exe"
+ "EPSON Artisan 730 Series"    "EPSON Status Monitor 3"    "SEIKO EPSON CORPORATION"    "c:\windows\system32\spool\drivers\x64\3\e_iatihqa.exe"
+ "Skype"    "Skype"    "Skype Technologies S.A."    "c:\program files (x86)\skype\phone\skype.exe"
+ "swg"    "GoogleToolbarNotifier"    "Google Inc."    "c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "Shell Extension for Malware scanning"    "Avira Shell Extension Library 64-bit"    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\shlext64.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers"    ""    ""    ""
+ "Monitor"    "BTNCopy Module"    "Broadcom Corporation."    "c:\program files\widcomm\bluetooth software\btncopy.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui"    "igfxpph Module"    "Intel Corporation"    "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers"    ""    ""    ""
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"    ""    "OpenOffice.org"    "c:\program files (x86)\openoffice.org 3\basis\program\shlxthdl\shlxthdl_x64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers"    ""    ""    ""
+ "PDF Shell Extension"    "PDF Shell Extension"    "Adobe Systems, Inc."    "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"    ""    "OpenOffice.org"    "c:\program files (x86)\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "Shell Extension for Malware scanning"    "Avira Shell Extension Library 64-bit"    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\shlext64.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"    ""    ""    ""
+ "GDriveBlacklistedOverlay"    "Google Drive shell extension"    "Google"    "c:\program files (x86)\google\drive\googledrivesync64.dll"
+ "GDriveSharedOverlay"    "Google Drive shell extension"    "Google"    "c:\program files (x86)\google\drive\googledrivesync64.dll"
+ "GDriveSyncedOverlay"    "Google Drive shell extension"    "Google"    "c:\program files (x86)\google\drive\googledrivesync64.dll"
+ "GDriveSyncingOverlay"    "Google Drive shell extension"    "Google"    "c:\program files (x86)\google\drive\googledrivesync64.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""
+ "Google Toolbar Helper"    "Google Toolbar"    "Google Inc."    "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "Java™ Plug-In 2 SSV Helper"    "Java™ Platform SE binary"    "Sun Microsystems, Inc."    "c:\program files\java\jre6\bin\jp2ssv.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""
+ "Adobe PDF Link Helper"    "Adobe PDF Helper for Internet Explorer"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Google Toolbar Helper"    "Google Toolbar"    "Google Inc."    "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Java™ Plug-In 2 SSV Helper"    "Java™ Platform SE binary"    "Sun Microsystems, Inc."    "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "MSS+ Identifier"    "Quick Browser Identifier for MSS+ Tool"    "McAfee, Inc."    "c:\program files (x86)\mcafee security scan\3.0.318\mcafeemss_ie.dll"
+ "Skype Browser Helper"    "Skype Click to Call for Internet Explorer"    "Skype Technologies S.A."    "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Spybot-S&D IE Protection"    "SBSD IE Protection"    "Safer Networking Limited"    "c:\program files (x86)\spybot - search & destroy\sdhelper.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar"    ""    ""    ""
+ "Google Toolbar"    "Google Toolbar"    "Google Inc."    "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar"    ""    ""    ""
+ "Google Toolbar"    "Google Toolbar"    "Google Inc."    "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions"    ""    ""    ""
+ "Send to &Bluetooth Device..."    ""    ""    "c:\program files\widcomm\bluetooth software\btsendto_ie.htm"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions"    ""    ""    ""
+ "Send to &Bluetooth Device..."    ""    ""    "c:\program files\widcomm\bluetooth software\btsendto_ie.htm"
+ "Skype Click to Call"    "Skype Click to Call for Internet Explorer"    "Skype Technologies S.A."    "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Spybot - Search & Destroy Configuration"    "SBSD IE Protection"    "Safer Networking Limited"    "c:\program files (x86)\spybot - search & destroy\sdhelper.dll"
"Task Scheduler"    ""    ""    ""
+ "\Adobe Flash Player Updater"    "Adobe® Flash® Player Update Service 11.5 r502"    "Adobe Systems Incorporated"    "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "\GoogleUpdateTaskMachineCore"    "Google Installer"    "Google Inc."    "c:\program files (x86)\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskMachineUA"    "Google Installer"    "Google Inc."    "c:\program files (x86)\google\update\googleupdate.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan"    "Microsoft Malware Protection Command Line Utility"    "Microsoft Corporation"    "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo"    ""    ""    "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary"    "Windows Media Player Network Sharing Service Configuration Application"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnscfg.exe"
+ "\Scheduled Update for Ask Toolbar"    ""    ""    "File not found: C:\Program Files (x86)\Ask.com\UpdateTask.exe"
+ "\Updater21802.exe"    ""    ""    "File not found: C:\Users\Gabriel\AppData\Local\Updater21802\Updater21802.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "AdobeARMservice"    "Adobe Acrobat Updater keeps your Adobe software up to date."    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc"    "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes."    "Adobe Systems Incorporated"    "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AntiVirSchedulerService"    "Service to schedule Avira Free Antivirus jobs and updates."    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\sched.exe"
+ "AntiVirService"    "Offers permanent protection against viruses and malware with the Avira search engine."    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\avguard.exe"
+ "btwdins"    "Handles installation and removal of Bluetooth devices."    "Broadcom Corporation."    "c:\program files\widcomm\bluetooth software\btwdins.exe"
+ "gupdate"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    "Google Inc."    "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    "Google Inc."    "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc"    "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work."    "Google"    "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "MBAMScheduler"    "Malwarebytes Anti-Malware scheduler"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService"    "Malwarebytes Anti-Malware service"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "McComponentHostService"    "McAfee Security Scan Component Host Service"    "McAfee, Inc."    "c:\program files (x86)\mcafee security scan\3.0.318\mcchsvc.exe"
+ "MDM"    "Manages local and remote debugging for Visual Studio debuggers"    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\vs7debug\mdm.exe"
+ "MozillaMaintenance"    "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled."    "Mozilla Foundation"    "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "QBCFMonitorService"    "QuickBooks Company File Monitoring Service"    "Intuit"    "c:\program files (x86)\common files\intuit\quickbooks\qbcfmonitorservice.exe"
+ "QBFCService"    "QuickBooks FCS module"    "Intuit Inc."    "c:\program files (x86)\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs.exe"
+ "QBVSS"    "Enables standard users to access Intuit Data Protect service."    "Intuit Inc."    "c:\program files (x86)\common files\intuit\dataprotect\qbidpservice.exe"
+ "SBSDWSCService"    "Spybot-S&D Security Center integration"    "Safer Networking Ltd."    "c:\program files (x86)\spybot - search & destroy\sdwinsec.exe"
+ "Secunia PSI Agent"    "Performs routine software inspections of the system, the results of which can be seen in your Secunia PSI"    "Secunia"    "c:\program files (x86)\secunia\psi\psia.exe"
+ "Secunia Update Agent"    "Performs routine updates of selected software on the system, the results of which can be seen in your Secunia PSI"    "Secunia"    "c:\program files (x86)\secunia\psi\sua.exe"
+ "szserver"    "STOPzilla Service"    "iS3, Inc."    "c:\program files (x86)\common files\is3\anti-spyware\szserver.exe"
+ "WinDefend"    "Protection against spyware and potentially unwanted software"    "Microsoft Corporation"    "c:\program files\windows defender\mpsvc.dll"
+ "wltrysvc"    "Provides automatic configuration for the 802.11 adapter using the Broadcom supplicant."    "Dell Inc."    "c:\program files\dell\dw wlan card\wltrysvc.exe"
+ "WMPNetworkSvc"    "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "adp94xx"    "Adaptec Windows SAS/SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci"    "Adaptec Windows SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320"    "Adaptec StorPort Ultra320 SCSI Driver (X64)"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpu320.sys"
+ "aliide"    "ALi mini IDE Driver"    "Acer Laboratories Inc."    "c:\windows\system32\drivers\aliide.sys"
+ "amdsata"    "AHCI 1.2 Device Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs"    "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform"    "AMD Technologies Inc."    "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata"    "Storage Filter Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdxata.sys"
+ "arc"    "Adaptec RAID Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arc.sys"
+ "arcsas"    "Adaptec SAS RAID WS03 Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arcsas.sys"
+ "avgntflt"    "Avira mini-filter driver"    "Avira GmbH"    "c:\windows\system32\drivers\avgntflt.sys"
+ "avipbb"    "Avira Security Enhancement Driver"    "Avira GmbH"    "c:\windows\system32\drivers\avipbb.sys"
+ "avkmgr"    "Avira Manager Driver"    "Avira GmbH"    "c:\windows\system32\drivers\avkmgr.sys"
+ "b06bdrv"    "Broadcom NetXtreme II GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a"    "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver."    "Broadcom Corporation"    "c:\windows\system32\drivers\b57nd60a.sys"
+ "BCM42RLY"    "Broadcom iLine10™ PCI Network Adapter Proxy Protocol Driver"    "Broadcom Corporation"    "c:\windows\system32\drivers\bcm42rly.sys"
+ "BCM43XX"    "Broadcom 802.11 Network Adapter wireless driver"    "Broadcom Corporation"    "c:\windows\system32\drivers\bcmwl664.sys"
+ "BrFiltLo"    "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp"    "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid"    "Brotehr Serial I/F Driver (WDM)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm"    "Brother Serial driver (WDM version)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm"    "Brother USB MDM Driver "    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer"    "Brother USB Serial Driver"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbser.sys"
+ "btwaudio"    "Bluetooth Audio Device"    "Broadcom Corporation."    "c:\windows\system32\drivers\btwaudio.sys"
+ "btwavdt"    "Broadcom Bluetooth AVDT Service"    "Broadcom Corporation."    "c:\windows\system32\drivers\btwavdt.sys"
+ "btwl2cap"    "Broadcom Bluetooth L2CAP Service"    "Broadcom Corporation."    "c:\windows\system32\drivers\btwl2cap.sys"
+ "btwrchid"    "Bluetooth Remote Control HID Minidriver"    "Broadcom Corporation."    "c:\windows\system32\drivers\btwrchid.sys"
+ "cmdide"    "CMD PCI IDE Bus Driver"    "CMD Technology, Inc."    "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv"    "Broadcom NetXtreme II 10 GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\evbda.sys"
+ "elxstor"    "Storport Miniport Driver for LightPulse HBAs"    "Emulex"    "c:\windows\system32\drivers\elxstor.sys"
+ "hcw85cir"    "Hauppauge WinTV 885 Consumer IR Driver for eHome"    "Hauppauge Computer Works, Inc."    "c:\windows\system32\drivers\hcw85cir.sys"
+ "HECIx64"    "Intel® Management Engine Interface"    "Intel Corporation"    "c:\windows\system32\drivers\hecix64.sys"
+ "HpSAMD"    "Smart Array SAS/SATA Controller Media Driver"    "Hewlett-Packard Company"    "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV"    "Intel Matrix Storage Manager driver - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastorv.sys"
+ "igfx"    "Intel Graphics Kernel Mode Driver"    "Intel Corporation"    "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp"    "Intel/ICP Raid Storport Driver"    "Intel Corp./ICP vortex GmbH"    "c:\windows\system32\drivers\iirsp.sys"
+ "Impcd"    "Intel® Turbo Boost Technology Driver"    "Intel Corporation"    "c:\windows\system32\drivers\impcd.sys"
+ "IntcDAud"    "Intel® Display Audio Driver"    "Intel® Corporation"    "c:\windows\system32\drivers\intcdaud.sys"
+ "is3srv"    "szkg Device Driver"    "iS3 Inc."    "c:\windows\syswow64\drivers\is3srv64.sys"
+ "L1C"    "Atheros L1c PCI-E Gigabit Ethernet Controller"    "Atheros Communications, Inc."    "c:\windows\system32\drivers\l1c62x64.sys"
+ "LSI_FC"    "LSI Fusion-MPT FC Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS"    "LSI Fusion-MPT SAS Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2"    "LSI SAS Gen2 Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI"    "LSI Fusion-MPT SCSI Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\windows\system32\drivers\mbam.sys"
+ "megasas"    "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64"    "LSI Corporation"    "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR"    "LSI MegaRAID Software RAID Driver"    "LSI Corporation, Inc."    "c:\windows\system32\drivers\megasr.sys"
+ "nfrd960"    "IBM ServeRAID Controller Driver"    "IBM Corporation"    "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid"    "NVIDIA® nForce™ RAID Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor"    "NVIDIA® nForce™ Sata Performance Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvstor.sys"
+ "PSI"    "PSI mini-filter driver"    "Secunia"    "c:\windows\system32\drivers\psi_mf.sys"
+ "ql2300"    "QLogic Fibre Channel Stor Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx"    "QLogic iSCSI Storport Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql40xx.sys"
+ "secdrv"    "Macrovision SECURITY Driver"    "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."    "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2"    "SiS RAID Stor Miniport Driver"    "Silicon Integrated Systems Corp."    "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4"    "SiS AHCI Stor-Miniport Driver"    "Silicon Integrated Systems"    "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor"    "Promise  SuperTrak EX Series Driver for Windows "    "Promise Technology"    "c:\windows\system32\drivers\stexstor.sys"
+ "szkg5"    "szkg Device Driver"    "iS3 Inc."    "c:\windows\syswow64\drivers\szkg64.sys"
+ "viaide"    "VIA Generic PCI IDE Bus Driver"    "VIA Technologies, Inc."    "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid"    "VIA RAID DRIVER FOR AMD-X86-64"    "VIA Technologies Inc.,Ltd"    "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid"    "Cinepak® Codec"    "Radius Inc."    "c:\windows\syswow64\iccvid.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers"    ""    ""    ""
+ "BtwCredentialProvider"    "BtwCP DLL"    "Broadcom Corporation."    "c:\program files\widcomm\bluetooth software\btwcp.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"    ""    ""    ""
+ "igfxcui"    "igfxdev Module"    "Intel Corporation"    "c:\windows\system32\igfxdev.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors"    ""    ""    ""
+ "EPSON Artisan 730 Series 64MonitorBA"    "EPSON Bi-directional Monitor AMD64"    "SEIKO EPSON CORPORATION"    "c:\windows\system32\e_ilmhqa.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order"    ""    ""    ""
+ "BCMLogon"    "DW WLAN Card Logon Provider"    "Dell Inc."    "c:\windows\system32\bcmlogon.dll"
 
 


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:35 PM

Posted 13 February 2013 - 11:12 PM

Launch Adware cleaner and select DELETE,post the new log



#9 slaboskg

slaboskg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 13 February 2013 - 11:57 PM

# AdwCleaner v2.112 - Logfile created 02/13/2013 at 23:53:00
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium  (64 bits)
# User : Gabriel - GABRIEL-PC
# Boot Mode : Normal
# Running from : C:\Users\Gabriel\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\Program Files (x86)\Ask.com
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16464
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v18.0 (en-US)
 
File : C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\ep2agqvt.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v24.0.1312.57
 
File : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Users\Jane\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [38433 octets] - [13/02/2013 22:14:22]
AdwCleaner[S1].txt - [39533 octets] - [13/02/2013 22:15:06]
AdwCleaner[S2].txt - [1082 octets] - [13/02/2013 23:53:00]
 
########## EOF - C:\AdwCleaner[S2].txt - [1142 octets] ##########


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:35 PM

Posted 14 February 2013 - 02:46 AM


That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)



#11 slaboskg

slaboskg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 15 February 2013 - 06:00 PM

Awesome. Thank you!!!



#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:35 PM

Posted 15 February 2013 - 06:06 PM

You're welcome :)



#13 slaboskg

slaboskg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 15 February 2013 - 08:34 PM

Hey, so actually, everything was great for about an hour and now everything is messed up. Webpages are loading funny and internet explorer doesn't work at all. any idea what could be wrong?



#14 slaboskg

slaboskg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 15 February 2013 - 08:44 PM

For instance, i can look at google maps but i can't get directions. I can load websites but sometimes they appear with a white background and everything in a row going down the page, then when i reload it will load normally. 



#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:35 PM

Posted 15 February 2013 - 09:47 PM

Press Windows+R key and type

inetcpl.cpl and click ok

Click on Advanced tab and click on RESET option

Makesure to checkmark Delete personal settings option and click ok

 

Does it work now?


Edited by narenxp, 15 February 2013 - 09:48 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users