Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirected to ad sites, links being changed


  • Please log in to reply
9 replies to this topic

#1 JoeThing

JoeThing

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 22 March 2013 - 10:37 PM

Hello, I've recently run into an issue where occasionally, when I click on a link while using Firefox under Windows 7, I am redirected to an ad site. I'm not sure if I should post the ad site url here, but the name that I keep seeing before it loads is "purchasereviews". After it does this, it seems to send me to "adfly", and then the ad is skipped and I am sent to Google. I'm unsure at the moment if it is sending me to my homepage, which is Google, or if it is just sending me to Google (what I mean is if I changed my homepage, I'm not sure if it'll send me there instead or still send me to Google). Something that I recently discovered is that all of the links on one page get changed to the "purchasereviews" website once in a while. I've taken screenshots of this and uploaded them. You can see what the links are in the bottom-left corner. I caught the links that were changed in the first screenshot compared to when the links are sometimes normal, which is the second screenshot. I'm not sure if Tinypic is the best place for uploading screenshots, but here they are:

 

Links are changed:

http://tinypic.com/view.php?pic=2wcqrfo&s=6

 

Normal, no changed links:

http://tinypic.com/view.php?pic=2rg03yr&s=6

 

I'm unsure what is causing this. So far, I've downloaded Malware Bytes (which was very difficult because of this redirecting issue) and ran it. It detected some things but removed them and rebooted. The problem still occurs though. I also ran Windows Defender and it says my computer is running normally, though I know it isn't. I have also tried "Hitman Pro" which was recommended to someone in a Google search. That program also found a few things and deleted them. It then rebooted again, but my PC still has this issue, and it is really irritating. I think either my mom or sister may have picked the virus up somewhere. I'm always careful with the sites I visit, and I usually go to the same ones all the time. My sister and mother go to many different sites, however, and they aren't as careful because my mother has almost fallen for the tricks that some websites pull. But, basically, I'm writing this because I'm unsure what site could have possibly given the PC this virus. I would check the history, but I have a habit of erasing it every time I shut it down and didn't think of keeping it to check before I erased it. I'm unsure how long this has been happening, since the internet at my home is so slow that it would never load the page, or it would time out and so I would rarely use it, though my mother and sister have the patience to use it. I'm currently at my aunt's house where the internet is much faster and I figured out that I was being redirected like this barely now. I would greatly appreciate any help that anyone has to offer to me.



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:48 PM

Posted 22 March 2013 - 10:40 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run
  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg
  • Click Reboot computer
  • Please post the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply
  • Due to forum upgrade you may face issues posting the TDSSkiller log.Just last few lines of log is sufficient

===================================================

RKILL
  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another.) and save it to your desktop:
  • Link 1
  • Link 2
  • Link 3
  • Link 4

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

===================================================

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    esetsmartinstaller_enu.png

    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button

===================================================

Junkware Removal Tool by thisisu
  • Please download Junkware Removal Tool
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply.

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • TDSSKiller log
  • RKILL log
  • ESET log
  • Junkware removal tool log


 



#3 JoeThing

JoeThing
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 23 March 2013 - 08:24 PM

Okay, the scans took a while and I also had to do some things, but here's the requested files. For the TDSKiller, I'm not sure why but there were two logs, one is longer than the other, but I posted both.

 

First TDSKiller Log:

 

21:43:43.0902 2840  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:43:44.0308 2840  ============================================================
21:43:44.0308 2840  Current date / time: 2013/03/22 21:43:44.0308
21:43:44.0308 2840  SystemInfo:
21:43:44.0308 2840  
21:43:44.0308 2840  OS Version: 6.1.7601 ServicePack: 1.0
21:43:44.0308 2840  Product type: Workstation
21:43:44.0308 2840  ComputerName: PC
21:43:44.0308 2840  UserName: jewel
21:43:44.0308 2840  Windows directory: C:\Windows
21:43:44.0308 2840  System windows directory: C:\Windows
21:43:44.0308 2840  Running under WOW64
21:43:44.0308 2840  Processor architecture: Intel x64
21:43:44.0308 2840  Number of processors: 2
21:43:44.0308 2840  Page size: 0x1000
21:43:44.0308 2840  Boot type: Normal boot
21:43:44.0308 2840  ============================================================
21:43:45.0712 2840  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:43:45.0727 2840  ============================================================
21:43:45.0727 2840  \Device\Harddisk0\DR0:
21:43:45.0727 2840  MBR partitions:
21:43:45.0727 2840  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
21:43:45.0727 2840  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38444000
21:43:45.0727 2840  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x384A8000, BlocksNum 0x1EAA000
21:43:45.0727 2840  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
21:43:45.0727 2840  ============================================================
21:43:45.0743 2840  C: <-> \Device\Harddisk0\DR0\Partition2
21:43:45.0790 2840  D: <-> \Device\Harddisk0\DR0\Partition3
21:43:45.0790 2840  ============================================================
21:43:45.0790 2840  Initialize success
21:43:45.0790 2840  ============================================================
21:44:09.0330 1608  Deinitialize success
 

Second TDSKiller Log (last few lines):

 


21:50:18.0441 5484  ============================================================
21:50:18.0441 5484  Scan finished
21:50:18.0441 5484  ============================================================
21:50:18.0457 5476  Detected object count: 0
21:50:18.0457 5476  Actual detected object count: 0
21:51:01.0388 2248  Deinitialize success
 

Rkill Log:

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/22/2013 09:58:01 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\SysWOW64\PSIService.exe (PID: 2848) [WD-HEUR]
 * C:\Program Files\Java\jre6\bin\jusched.exe (PID: 1208) [FI]
 * C:\ProgramData\Boxtools\Toolbox.exe (PID: 2228) [AU-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\jewel\Desktop\rkill\rkill-03-22-2013-09-58-46.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Manual

 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1 activate.adobe.com
  127.0.0.1 lmlicenses.wip4.adobe.com
  127.0.0.1 lm.licenses.adobe.com

Program finished at: 03/22/2013 09:58:53 PM
Execution time: 0 hours(s), 0 minute(s), and 51 seconds(s)
 

JRT Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Home Premium x64
Ran by jewel on Sat 03/23/2013 at 18:49:00.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] application updater
Successfully deleted: [Service] application updater



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{30f9b915-b755-4826-820b-08fba6bd249d}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{30f9b915-b755-4826-820b-08fba6bd249d}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{4b3803ea-5230-4dc3-a7fc-33638f3d3542}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{4b3803ea-5230-4dc3-a7fc-33638f3d3542}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d7e97865-918f-41e4-9cd0-25ab1c574ce8}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d7e97865-918f-41e4-9cd0-25ab1c574ce8}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{f3fee66e-e034-436a-86e4-9690573bee8a}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{f3fee66e-e034-436a-86e4-9690573bee8a}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3916399014-2223131724-3538580664-1000\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-3916399014-2223131724-3538580664-1000\software\web assistant"
Successfully deleted: [Registry Key] hkey_local_machine\software\application updater
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduitengine
Successfully deleted: [Registry Key] hkey_current_user\software\ctoolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\ctoolbar
Successfully deleted: [Registry Key] hkey_current_user\software\im
Successfully deleted: [Registry Key] hkey_current_user\software\iminstaller
Successfully deleted: [Registry Key] hkey_current_user\software\inbox toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\inbox toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_local_machine\software\web assistant
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitengine
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\search settings
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\utorrentbar
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\extension.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ctbr.r404pro
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ctoolbar.tb4client
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ctoolbar.tb4script
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ctoolbar.tb4server
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\extension.extensionhelperobject
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\extension.extensionhelperobject.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\inbox
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\tbr
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\ctoolbar_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\new_correct_incredibar_install_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\new_correct_incredibar_install_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\crawler
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2786678
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{30f9b915-b755-4826-820b-08fba6bd249d}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{4b3803ea-5230-4dc3-a7fc-33638f3d3542}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{abd3b5e1-b268-407b-a150-2641dab8d898}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{abd3b5e1-b268-407b-a150-2641dab8d898}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{c04b7d22-5aec-4561-8f49-27f6269208f6}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{cff4db9b-135f-47c0-9269-b4c6572fd61a}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d3d233d5-9f6d-436c-b6c7-e63f77503b30}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d3d233d5-9f6d-436c-b6c7-e63f77503b30}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d7e97865-918f-41e4-9cd0-25ab1c574ce8}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{f3fee66e-e034-436a-86e4-9690573bee8a}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{f3fee66e-e034-436a-86e4-9690573bee8a}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
Successfully deleted: [File] "C:\Windows\syswow64\conduitengine.tmp"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\Users\jewel\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\jewel\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\jewel\appdata\locallow\conduitengine"
Successfully deleted: [Folder] "C:\Users\jewel\appdata\locallow\inbox toolbar"
Successfully deleted: [Folder] "C:\Users\jewel\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\jewel\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Users\jewel\appdata\locallow\utorrentbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\application updater"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduitengine"
Successfully deleted: [Folder] "C:\Program Files (x86)\crawler"
Successfully deleted: [Folder] "C:\Program Files (x86)\driver-soft"
Successfully deleted: [Folder] "C:\Program Files (x86)\inbox toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\utorrentbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ytd toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\homepage protection"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\inbox toolbar"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Users\jewel\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Failed to delete: [Folder] C:\Users\jewel\AppData\Roaming\mozilla\firefox\profiles\vz620gv8.default-1359706710463\extensions\ytd@mybrowserbar.com
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted the following from C:\Users\jewel\AppData\Roaming\mozilla\firefox\profiles\vz620gv8.default-1359706710463\prefs.js

user_pref("browser.newtabpage.blocked", "{\"36wqwvgQK7+9TvGKJH10yw==\":1,\"1R8Fn5fZ+KDbe8qVy8dS1g==\":1,\"53Mi/GDVixbZSHEJrvfYgA==\":1,\"UA7zbFopVUhlNoHYaBqTfA==\":1,\"8g3B70V
Emptied folder: C:\Users\jewel\AppData\Roaming\mozilla\firefox\profiles\vz620gv8.default-1359706710463\minidumps [105 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\jewel\appdata\local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/23/2013 at 19:00:14.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#4 JoeThing

JoeThing
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 23 March 2013 - 08:27 PM

Also, thank you in advance for the help.

 

EDIT: I went to a download link that was previously always sending me to the ad site. From the bottom-left corner where it tells you the URL, it's actually normal, though I'm not going to download it or go into that link just in case.


Edited by JoeThing, 23 March 2013 - 08:30 PM.


#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:48 PM

Posted 23 March 2013 - 08:37 PM

ESET log?
 
Malwarebytes

Please download Malwarebytes Anti-Malware and save it to your desktop. If you already have it installed launch the program and update the database.

  • Make sure you are connected to the Internet and double-click on the it to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

===================================================

Farbar's MiniToolBox

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply

===================================================

Farbar's Service Scanner

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===================================================

AdwCleaner by Xplode - Search for Adware

  • Please download AdwCleaner by Xplode onto your desktop.
  • Security softwares may flag it as malicious.This is a false positive and can be ignored.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • Click YES if you receive a warning for reboot
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================

Malwarebytes Anti-Rootkit

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
  • Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • MBAR log

Edited by narenxp, 23 March 2013 - 08:37 PM.


#6 JoeThing

JoeThing
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 23 March 2013 - 08:43 PM

Sorry about that, here's the ESET:

 

C:\Users\All Users\Ask\APN-Stub\PF\APNIC.dll    a variant of Win32/Bundled.Toolbar.Ask application    
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Program Files (x86)\Laplink\PCmover\ThirdParty\registrybooster.exe    a variant of Win32/RegistryBooster application    cleaned by deleting - quarantined
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.10    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.11    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.12    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.13    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.14    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.15    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.16    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.17    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.18    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.19    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.20    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.21    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.5    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.6    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.7    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.8    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.9    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Program Files (x86)\YTD Toolbar\IE\7.0\ytdToolbarIE.dll    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\ProgramData\Ask\APN-Stub\PF\APNIC.dll    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Users\jewel\AppData\Local\Downloaded Installations\{1975FDD5-4BDD-4257-8D27-D8A4DA128159}\PCmover Professional.msi    multiple threats    deleted - quarantined
C:\Users\jewel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\173M7M8C\bi_downloader[1].exe    a variant of Win32/Somoto.A application    cleaned by deleting - quarantined
C:\Users\jewel\AppData\Local\Temp\DTLite4461-0328.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\jewel\AppData\Local\Temp\far3hY70.exe.part    a variant of Win32/SoftonicDownloader.E application    cleaned by deleting - quarantined
C:\Users\jewel\AppData\Local\Temp\nsqDC48.tmp    a variant of Win32/Somoto.A application    cleaned by deleting - quarantined
C:\Users\jewel\Documents\MAGIX Downloads\Installationsmanager\Video_easy_3_HD_DLV_en-US_110414_16-04_3_0_0_23.exe    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
C:\Users\jewel\Downloads\flash\crack\ADOBE.CS6.0.MASTER.COLLECTION.WIN.OSX.KEYGEN-XFORCE\Crack-Windows\disable_activation.cmd    BAT/HostsChanger.A application    cleaned by deleting - quarantined
C:\Users\jewel\Downloads\FLStudio\FruityLoops.Studio.10.0.9.Producer.Edition.Final-P2P\flstudio_10.0.9.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Windows\Installer\59ba2.msi    a variant of Win32/Toolbar.Widgi application    deleted - quarantined
C:\Windows\Installer\d1ef66.msi    multiple threats    deleted - quarantined
 

 

I'm also going to do those scans you replied with. Thank you again.



#7 JoeThing

JoeThing
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 23 March 2013 - 10:02 PM

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.23.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
jewel :: PC [administrator]

3/23/2013 7:43:49 PM
mbam-log-2013-03-23 (19-43-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System |

Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229518
Time elapsed: 6 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MiniToolBox Log:

MiniToolBox by Farbar  Version:05-03-2013
Ran by jewel (administrator) on 23-03-2013 at 19:52:36
Running from "C:\Users\jewel\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
*****************************************************

**********************

========================= Flush DNS:

===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings:

==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings:

==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content:

=================================



127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com

========================= IP Configuration:

================================

Qualcomm Atheros AR5009 802.11a/g/n WiFi Adapter = Wireless

Network Connection (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only

Network (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media

disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network

Connection 2 (Media disconnected)
PdaNet Broadband Adapter = Local Area Connection 4 (Media

disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="VirtualBox Host-Only Network"

address=192.168.56.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Home

Ethernet adapter Local Area Connection 4:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : PdaNet Broadband Adapter
   Physical Address. . . . . . . . . : 00-26-37-BD-39-42
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 22-03-7F-8E-95-48
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 00-26-9E-35-6E-91
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Qualcomm Atheros AR5009 802.11a/g/n

WiFi Adapter
   Physical Address. . . . . . . . . : 00-03-7F-8E-95-48
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : fd00::d075:f4d4:f3df:3c5d(Preferred)
   Temporary IPv6 Address. . . . . . : fd00::6566:c665:8586:eac8

(Preferred)
   Link-local IPv6 Address . . . . . : fe80::d075:f4d4:f3df:3c5d%10

(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, March 22, 2013 9:45:19 PM
   Lease Expires . . . . . . . . . . : Sunday, March 24, 2013 9:45:24 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.1
                                       205.171.2.25
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VirtualBox Host-Only Network:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 08-00-27-00-24-F6
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::344c:32db:45e8:8084%49

(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 1057488935
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-65-EE-88-00-

03-7F-8E-95-48
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{63775FCF-24C3-41A8-BE31-

3462345706CD}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{33519683-62CC-4266-A962-

BC3ADB9DA5C6}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B7726FC7-7054-43F5-A6B7-

6F5623518D3E}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{FBCEC632-BCD5-4561-8BE6-

A114F2284A2D}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 35:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.0.1

Name:    google.com
Addresses:  2607:f8b0:400f:800::1004
      74.125.225.165
      74.125.225.166
      74.125.225.167
      74.125.225.168
      74.125.225.169
      74.125.225.174
      74.125.225.160
      74.125.225.161
      74.125.225.162
      74.125.225.163
      74.125.225.164


Pinging google.com [74.125.225.166] with 32 bytes of data:
Reply from 74.125.225.166: bytes=32 time=40ms TTL=57
Reply from 74.125.225.166: bytes=32 time=41ms TTL=57

Ping statistics for 74.125.225.166:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 40ms, Maximum = 41ms, Average = 40ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  206.190.36.45
      98.138.253.109
      98.139.183.24


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=795ms TTL=52
Reply from 98.138.253.109: bytes=32 time=782ms TTL=52

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 782ms, Maximum = 795ms, Average = 788ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===============================================

============================
Interface List
 39...00 26 37 bd 39 42 ......PdaNet Broadband Adapter
 31...22 03 7f 8e 95 48 ......Microsoft Virtual WiFi Miniport Adapter
 11...00 26 9e 35 6e 91 ......Realtek PCIe GBE Family Controller
 10...00 03 7f 8e 95 48 ......Qualcomm Atheros AR5009 802.11a/g/n

WiFi Adapter
 49...08 00 27 00 24 f6 ......VirtualBox Host-Only Ethernet Adapter
  1...........................Software Loopback Interface 1
 42...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 43...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 44...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 40...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
 41...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===============================================

============================

IPv4 Route Table
===============================================

============================
Active Routes:
Network Destination        Netmask          Gateway       Interface  

Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.3     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    

306
      192.168.0.0    255.255.255.0         On-link       192.168.0.3    

281
      192.168.0.3  255.255.255.255         On-link       192.168.0.3    

281
    192.168.0.255  255.255.255.255         On-link       192.168.0.3    

281
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    

276
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    

276
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    

276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link       192.168.0.3    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    

306
  255.255.255.255  255.255.255.255         On-link      192.168.56.1   

 276
  255.255.255.255  255.255.255.255         On-link       192.168.0.3    

281
===============================================

============================
Persistent Routes:
  None

IPv6 Route Table
===============================================

============================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10     33 fd00::/64                On-link
 10    281 fd00::6566:c665:8586:eac8/128
                                    On-link
 10    281 fd00::d075:f4d4:f3df:3c5d/128
                                    On-link
 49    276 fe80::/64                On-link
 10    281 fe80::/64                On-link
 49    276 fe80::344c:32db:45e8:8084/128
                                    On-link
 10    281 fe80::d075:f4d4:f3df:3c5d/128
                                    On-link
  1    306 ff00::/8                 On-link
 49    276 ff00::/8                 On-link
 10    281 ff00::/8                 On-link
===============================================

============================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
===============================================

============================
========================= Winsock entries

=====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224]

(Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft

Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024]

(Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024]

(Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared

\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared

\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448]

(Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft

Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704]

(Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448]

(Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448]

(Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448]

(Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448]

(Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448]

(Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448]

(Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448]

(Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448]

(Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448]

(Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448]

(Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656]

(Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096]

(Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016]

(Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016]

(Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared

\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared

\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144]

(Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft

Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968]

(Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144]

(Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144]

(Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144]

(Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144]

(Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144]

(Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144]

(Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144]

(Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144]

(Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144]

(Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144]

(Microsoft Corporation)

========================= Event log errors:

===============================

Application errors:
==================

System errors:
=============
Error: (03/23/2013 07:40:44 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2012-12-05 22:06:30.941
  Description: Windows is unable to verify the image integrity of the file

\Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI

Master Overclocking Arena 2009 edition\RivaTuner64.sys because file

hash could not be found on the system. A recent hardware or software

change might have installed a file that is signed incorrectly or damaged,

or that might be malicious software from an unknown source.

  Date: 2012-12-05 22:06:30.764
  Description: Windows is unable to verify the image integrity of the file

\Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI

Master Overclocking Arena 2009 edition\RivaTuner64.sys because file

hash could not be found on the system. A recent hardware or software

change might have installed a file that is signed incorrectly or damaged,

or that might be malicious software from an unknown source.

  Date: 2012-12-05 22:06:29.277
  Description: Windows is unable to verify the image integrity of the file

\Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI

Master Overclocking Arena 2009 edition\RivaTuner64.sys because file

hash could not be found on the system. A recent hardware or software

change might have installed a file that is signed incorrectly or damaged,

or that might be malicious software from an unknown source.

  Date: 2012-12-05 22:06:29.103
  Description: Windows is unable to verify the image integrity of the file

\Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI

Master Overclocking Arena 2009 edition\RivaTuner64.sys because file

hash could not be found on the system. A recent hardware or software

change might have installed a file that is signed incorrectly or damaged,

or that might be malicious software from an unknown source.

  Date: 2012-12-05 22:06:27.907
  Description: Windows is unable to verify the image integrity of the file

\Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI

Master Overclocking Arena 2009 edition\RivaTuner64.sys because file

hash could not be found on the system. A recent hardware or software

change might have installed a file that is signed incorrectly or damaged,

or that might be malicious software from an unknown source.

  Date: 2012-12-05 22:06:27.726
  Description: Windows is unable to verify the image integrity of the file

\Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI

Master Overclocking Arena 2009 edition\RivaTuner64.sys because file

hash could not be found on the system. A recent hardware or software

change might have installed a file that is signed incorrectly or damaged,

or that might be malicious software from an unknown source.

  Date: 2012-12-05 22:06:26.548
  Description: Windows is unable to verify the image integrity of the file

\Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI

Master Overclocking Arena 2009 edition\RivaTuner64.sys because file

hash could not be found on the system. A recent hardware or software

change might have installed a file that is signed incorrectly or damaged,

or that might be malicious software from an unknown source.

  Date: 2012-12-05 22:06:26.373
  Description: Windows is unable to verify the image integrity of the file

\Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI

Master Overclocking Arena 2009 edition\RivaTuner64.sys because file

hash could not be found on the system. A recent hardware or software

change might have installed a file that is signed incorrectly or damaged,

or that might be malicious software from an unknown source.

  Date: 2012-12-05 22:06:17.156
  Description: Windows is unable to verify the image integrity of the file

\Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI

Master Overclocking Arena 2009 edition\RivaTuner64.sys because file

hash could not be found on the system. A recent hardware or software

change might have installed a file that is signed incorrectly or damaged,

or that might be malicious software from an unknown source.

  Date: 2012-12-05 22:06:16.944
  Description: Windows is unable to verify the image integrity of the file

\Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI

Master Overclocking Arena 2009 edition\RivaTuner64.sys because file

hash could not be found on the system. A recent hardware or software

change might have installed a file that is signed incorrectly or damaged,

or that might be malicious software from an unknown source.


=========================== Installed Programs

============================

 Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 3.1.3)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
ABBYY FineReader 6.0 Sprint (Version: 6.00.1784.41616)
Acrobat.com (Version: 1.6.65)
Activate Norton Online Backup (Version: 1.1.20.0)
Adobe AIR (Version: 3.6.0.6090)
Adobe Download Assistant (Version: 1.2.2)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Flash Player 11 Plugin (Version: 11.6.602.168)
Adobe Flash Professional CS6 (Version: 12.0)
Adobe Help Manager (Version: 4.0.244)
Adobe Premiere Pro CS6 (Version: 6.0)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Adobe Shockwave Player 12.0 (Version: 12.0.0.112)
Aeria Ignite (Version: 1.10.1721)
Age of Empires Online
AIDA64 Extreme Edition v2.70 (Version: 2.70)
Akamai NetSession Interface
AMD APP SDK Runtime (Version: 10.0.898.1)
AMD Catalyst Install Manager (Version: 3.0.868.0)
AMD Fuel (Version: 2012.0214.2218.39913)
AMD Steady Video Plug-In  (Version: 2.04.0000)
AMD USB Filter Driver (Version: 1.0.10.84)
AMD VISION Engine Control Center (Version:

2012.0214.2218.39913)
Antares Auto-Tune Evo VST (Version: 6.00.0009)
Antichamber
AoA Audio Extractor
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
AppliedScience
AQUAZONE OpenWater
ASIO4ALL (Version: 2.10)
Ask Toolbar (Version: 1.14.1.0)
Ask Toolbar Updater (Version: 1.2.0.20007)
Atheros Driver Installation Program (Version: 9.0)
Audacity 1.3.13 (Unicode)
Audacity 2.0.2 (Version: 2.0.2)
Audiosurf Demo
Authorizer 1.0.5 (Version: 1.0.5)
Authorizer Ignition Key Support (Version: 1.0.3.0)
Auto Mouse Mover 1.5 (Version: 1.5)
AutoHotkey 1.1.09.02 (Version: 1.1.09.02)
avast! Free Antivirus (Version: 8.0.1483.0)
Avi to Mpeg 3.5 (Version: 3.5)
Bing Rewards Client Installer (Version: 16.0.345.0)
bl (Version: 1.0.0)
Blender (Version: 2.66a)
Bonjour (Version: 3.0.0.10)
CamStudio Lossless Codec v1.4
CamStudio OSS Desktop Recorder (Version: 2.6 Beta r294)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon MP250 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version:

2012.0214.2218.39913)
Catalyst Control Center InstallProxy (Version:

2009.0702.1239.20840)
Catalyst Control Center InstallProxy (Version:

2012.0214.2218.39913)
Catalyst Control Center Localization All (Version:

2012.0214.2218.39913)
CCC Help English (Version: 2012.0214.2217.39913)
ccc-utility64 (Version: 2012.0214.2218.39913)
CCleaner (Version: 3.23)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
CodeBlocks (Version: 10.05)
Company of Heroes: Tales of Valor
Compatibility Pack for the 2007 Office system (Version:

12.0.6612.1000)
Conduit Engine  (Version: )
Construct 2 r95
convert-wma-to-mp3 4.2.8 (Version: 4.2.8)
Corel VideoStudio 12 (Version: 12.0.0.0000)
Counter-Strike
Counter-Strike: Condition Zero Deleted Scenes
Counter-Strike: Global Offensive
Counter-Strike: Global Offensive - SDK
Counter-Strike: Source
Counter-Strike: Source Beta
CPUID CPU-Z 1.58
Crawler Toolbar
Cricket Broadband 1.0 (Version: 1.0.1950)
Cricket EVDO Modem (Version: 1.1.3683.1001)
CyberLink DVD Suite (Version: 6.0.3101)
CyberLink PowerDVD 11 (Version: 11.0.1719.51)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.46.1.0328)
dcmsvc 1.0
Defraggler (Version: 2.12)
DPL GhostRect TXs for Vista MM 6.0
Driver Wizard (Version: 10.0)
DVD Menu Pack for HP MediaSmart Video (Version: 4.0.3715)
ENE CIR Receiver Driver (Version: 2.7.4.0)
Equalizer APO (Version: 0.7)
ESET Online Scanner v3
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
FAKEFACTORY Cinematic Mod V11 (Version: V11.00)
Fallout 3 (Version: 1.00.0000)
Fallout Mod Manager 0.13.21
FaxRedist (Version: 1.0.0)
Finale NotePad 2012 (Version: 2012..r1.5)
Firebird SQL Server - MAGIX Edition (Version: 2.1.27.0)
FL Studio 10
FlashOffliner 1.0 (Version: 1.0)
Fraps (remove only)
FreePriceAlerts 2.3.5 (Version: 2.3.5)
GamersFirst LIVE!
Garry's Mod
GCFScape 1.8.2
GIMP 2.8.2 (Version: 2.8.2)
GimpShop 2.8 (Version: 2.8)
GoldenEye: Source (Version: 4.2)
Google Chrome (Version: 25.0.1364.172)
Google Earth (Version: 6.1.0.5001)
Google Talk Plugin (Version: 3.16.0.12200)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
Grand Fantasia
Gyazo 1.0
Half-Life
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Half-Life Deathmatch: Source
Half-Life Dedicated Server Update Tool
Half-Life: Blue Shift
Half-Life: Opposing Force
Half-Life: Source
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000)
Homepage Protection (Version: )
Horizon v2.5.10.1 (Version: 2.5.10.1)
HP 3D DriveGuard (Version: 4.0.3.1)
HP Advisor (Version: 3.2.9652.3188)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Games (Version: 1.0.0.71)
HP MediaSmart DVD (Version: 4.2.4701)
HP MediaSmart Internet TV (Version: 3.0.1916)
HP MediaSmart Live TV (Version: 3.0.1924)
HP MediaSmart SlingPlayer (Version: 2.1.1.60)
HP MediaSmart SmartMenu (Version: 3.0.30.1)
HP MediaSmart Software Notebook Demo (Version: 1.00.0000)
HP MediaSmart Video (Version: 4.0.4007)
HP MediaSmart Webcam (Version: 3.0.1913)
HP Quick Launch Buttons (Version: 6.50.16.1)
HP Setup (Version: 1.2.3220.3079)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Support Assistant (Version: 7.0.39.15)
HP Update (Version: 5.003.001.001)
HP User Guides 0153 (Version: 1.01.0000)
HP Wireless Assistant (Version: 3.50.11.2)
IB Updater Service (Version: 2.0.1.1)
IconPackager
IconPackager (Version: 5.00)
IDT Audio (Version: 1.0.6225.0)
IL Download Manager
ImgBurn (Version: 2.5.7.0)
Inbox Toolbar (Version: 1.0.0)
Interlok driver setup x64 (Version: 5.8.13)
iPi Mocap Studio 2 (Version: 2.1.2.142)
iPi Recorder 2 (Version: 2.1.0.17)
iTunes (Version: 11.0.1.12)
Java 7 Update 15 (Version: 7.0.150)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 14 (64-bit) (Version: 6.0.140)
JMicron Flash Media Controller Driver (Version: 1.0.32.1)
Junk Mail filter update (Version: 15.4.3502.0922)
Kinect for Windows Drivers v1.5 (Version: 1.5.2.331)
Kinect for Windows Runtime v1.5 (Version: 1.5.2.331)
Kinect for Windows SDK v1.5 (Version: 1.5.2.331)
Kinect for Windows Speech Recognition Language Pack (en-US)

(Version: 11.0.7400.336)
K-Lite Codec Pack 9.3.0 (Basic) (Version: 9.3.0)
LabelPrint (Version: 2.5.1913)
Lame ACM MP3 Codec
LAME v3.98.3 for Audacity
Laplink DiskImage Professional (Version: 5.0.127)
Left 4 Dead 2
Left 4 Dead 2 Authoring Tools
Lexmark 5400 Series
Lexmark Toolbar
LightScribe System Software (Version: 1.18.19.1)
Line 6 Uninstaller (Version: )
LSI HDA Modem (Version: 2.1.94)
MAGIX Goya burnR (MSI) (Version: 4.3.1.6)
MAGIX Music Maker MX Premium Download Version (Version:

18.0.0.42)
MAGIX Screenshare (Version: 4.3.6.1987)
MAGIX Speed burnR (MSI) (Version: 7.0.1.27)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version:

1.70.0.1100)
ManyCam 2.6.65 (remove only) (Version: 2.6.65)
MelodyneUno 1.8 Demo (Version: 1.08.0005)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Games for Windows - LIVE Redistributable (Version:

3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Live Search Toolbar (Version: 3.0.560.0)
Microsoft Mouse and Keyboard Center (Version: 2.0.162.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version:

12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version:

12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version:

12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version:

12.0.6612.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version:

12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

(Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version:

12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007

(Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version:

12.0.6612.1000)
Microsoft Server Speech Platform Runtime (x64) (Version:

11.0.7400.345)
Microsoft Server Speech Platform Runtime (x86) (Version:

11.0.7400.345)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version:

3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64

8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86

8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

(Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version:

8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86

9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86

9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version:

9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

(Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

(Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

(Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version:

9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

(Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

(Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

(Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

(Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

(Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft XNA Framework Redistributable 3.0 (Version: 3.0.11010.0)
Microsoft XNA Framework Redistributable 4.0 (Version:

4.0.20823.0)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
MilkShape 3D 1.8.4 (Version: 1.8.4)
Mirror's Edge™ (Version: 1.0.1.0)
MobileMe Control Panel (Version: 3.1.6.0)
Movie Maker 6.0 for Windows 7 (64-bit) (Version: 6.0.0)
Movie Theme Pack for HP MediaSmart Video (Version: 4.0.3715)
Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)
Mozilla Maintenance Service (Version: 19.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
My Game Long Name
Network Addon Mod Version 30 with Essentials r132 (Version:

Version 30 with Essentials r132)
NetWorx 5.2.7
Notepad++ (Version: 6.1.2)
NVIDIA PhysX (Version: 9.10.0513)
Oblivion (Version: 1.00.0000)
Oblivion mod manager 1.1.12
Octodad
OnLive
OpenNI 1.5.4.0 for Windows (Version: 1.5.4.0)
Oracle VM VirtualBox 4.2.6 (Version: 4.2.6)
Paint.NET v3.5.10 (Version: 3.60.0)
Pando Media Booster (Version: 2.6.0.1)
PANTECH USB Modem V2 (Version: 1.2.2299.608)
PCmover Professional (Version: 6.00.620.0)
PdaNet for Android 3.50
PDF Settings CS6 (Version: 11.0)
PESTERCHUM
PFPortChecker 1.0.39 (Version: 1.0.39)
ph (Version: 1.0.0)
PhotoNow! (Version: 1.1.5615)
PlanetSide 2
Poker Night at the Inventory
Portal 2
Portal 2 Authoring Tools - Beta
Power2Go (Version: 6.0.3101)
PowerDirector (Version: 7.0.3101)
PowerRecover (Version: 5.5.1923)
PrimeSense - NITE 1.5.2.21 for Windows (Version: 1.5.2.21)
PrimeSense Sensor 5.1.2.1 for Windows 64-bit (Version: 5.1.2.1)
PrimeSense Sensor KinectMod 5.1.2.1 for Windows (Version:

5.1.2.1)
Prism Video File Converter
PunkBuster Services (Version: 0.993)
Python 2.5 pygame-1.9.1 (Version: 1.9.1)
QLBCASL (Version: 6.40.17.2)
Quest (Version: 5.20.0000)
Quicken WillMaker Plus 2009
QuickTime (Version: 7.50.61.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0007)
Reason 5.0 (Version: 5.0)
Replay Music 5 (Version: 5.05)
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition

(Version: v2.24 MSI Master Overclocking Arena 2009 edition)
ROBLOX Player for jewel
Room EQ Wizard V5
RPG Maker VX (Version: 1.02)
RX-SSTV Version 1.2.3
Safari (Version: 5.34.50.0)
Saints Row: The Third
ShaderTFX version 1.1
SimCity 4 Deluxe
SimTheme Park
Sizer 3.34 (Version: 3.3.4.0)
Skype™ 6.1 (Version: 6.1.129)
SlingBoxWatchYourTVAnyWhere (Version: 2.1.1.58)
SmartSound Quicktracks for Premiere Elements (Version: 3.11.3090)
SmartWebPrinting (Version: 140.0.186.000)
Sony Vegas Pro 8.0 (Version: 8.0.144)
Source Filmmaker
Source Multiplayer Dedicated Server
Source SDK
Source SDK Base 2007
SpeedFan (remove only)
SPORE™ (Version: 1.05.0001)
SPORE™ Galactic Adventures (Version: 1.01.0001)
Spotify (Version: 0.8.3.222.g317ab79d)
Spotydl 0.1.9 (Version: 0.1.9)
Star Wars: The Old Republic (Version: 1.00)
Steam (Version: 1.0.0.0)
StudioCompiler v0.4A (Version: v0.4A)
swMSM (Version: 12.0.0.1)
Symantec Technical Support Advanced Chat Controls (Version: 3.5.3)
Symantec Technical Support Web Controls (Version: 3.5.3)
Synaptics Pointing Device Driver (Version: 15.3.29.0)
Synthesia (Version: 8.4)
System Requirements Lab CYRI (Version: 5.0.6.0)
Tag - v1.1
Taksi Desktop Video Recorder v0.779 (Version: 0.7.79)
Team Fortress 2
Team Fortress 2 Beta
Team Fortress Classic
TechPowerUp GPU-Z
Terraria
Text-To-Speech-Runtime (Version: 1.0.0.0)
TF2 (Version: 1.0.0.0)
TF2 Items Editor (Version: 2.0.0.300)
The Binding of Isaac
The Sims™ 3 (Version: 1.0.632)
TortoiseSVN 1.7.10.23359 (64 bit) (Version: 1.7.23359)
TrackMania Nations Forever
Traffic Simulator Configuration Tool
TreeSize Free V2.7 (Version: 2.7)
Unity Web Player (Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

(Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

(Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

(Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871)

(Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523)

(Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217)

(Version: 1)
Update for Microsoft Office 2007 Help for Common Features

(KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
uTorrentBar Toolbar (Version: 6.3.5.3)
VideoStudio (Version: 12.0.0.0000)
VLC media player 2.0.0 (Version: 2.0.0)
VoiceOver Kit (Version: 1.42.128.0)
VTFEdit 1.2.5
VTFEdit 1.3.3
Warhammer 40,000: Dawn of War - Game of the Year Edition
Warner Bros. Digital Copy Manager (Version: 1.70)
Web Assistant 2.0.0.573 (Version: 2.0.0.573)
WeGame Client 2.4.3.0 (Version: 2.4.3.0)
WildTangent Games App (HP Games) (Version: 4.0.5.14)
WildTangent Games App (Version: 4.0.5.25)
Winamp (Version: 5.63 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Driver Package - PrimeSense (psdrv3) PrimeSense  

(05/22/2012 3.1.3.1) (Version: 05/22/2012 3.1.3.1)
Windows Driver Package - PrimeSense (psdrv3) PrimeSense  

(11/21/2011 3.1.3.1) (Version: 11/21/2011 3.1.3.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections

(Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version:

15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version:

15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Mobile Device Center (Version: 6.1.6965.0)
Windows Mobile Device Center Driver Update (Version: 6.1.6965.0)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Wizard101 (Version: 1.0.0)
Wondershare Video Converter Ultimate(Build 6.0.1.0) (Version:

6.0.1.0)
World's Best Board Games 2009
Yahoo! Detect
Yahoo! Install Manager
Yahoo! Widgets (Version: 4.5.2.0)
Yahtzee (remove only)
YTD Toolbar v7.0 (Version: 7.0)
Zombie Panic Source

========================= Devices:

================================


========================= Memory info:

===================================

Percentage of memory in use: 68%
Total physical RAM: 4092.2 MB
Available physical RAM: 1285.98 MB
Total Pagefile: 8182.59 MB
Available Pagefile: 4670.06 MB
Total Virtual: 4095.88 MB
Available Virtual: 3952.95 MB

========================= Partitions:

=====================================

1 Drive c: () (Fixed) (Total:450.13 GB) (Free:78.99 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:15.33 GB) (Free:2.52 GB)

NTFS

========================= Users:

========================================

User accounts for \\PC

Administrator            ASPNET                   Guest                    
jewel                    


**** End of log ****

Fanbar's Service Scanner Log:

Farbar Service Scanner Version: 03-03-2013
Ran by jewel (administrator) on 23-03-2013 at 20:01:36
Running from "C:\Users\jewel\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
*****************************************************

***********

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Demand. The default start

type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

AdwCleaner Log:

# AdwCleaner v2.115 - Logfile created 03/23/2013 at 20:03:17
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64

bits)
# User : jewel - PC
# Boot Mode : Normal
# Running from : C:\Users\jewel\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\Users\jewel\AppData\Local\APN
Folder Deleted : C:\Users\jewel\AppData\Local\Temp\TempDir
Folder Deleted : C:\Windows\SysWOW64\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low

Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-

9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion

\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion

\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion

\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion

\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion

\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion

\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion

\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion

\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion

\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion

\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion

\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion

\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion

\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion

\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion

\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion

\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion

\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion

\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion

\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion

\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion

\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\Microsoft\Internet Explorer

\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-

77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-

933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-

0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-

956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-

292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-

91E1-46CE-830F-E2F4268E9966}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-

6BB8-4A3D-A1CC-373194DB612C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-

D080-4737-88DA-111EEC6651AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E79BB61D-

7F1A-41DF-8AD0-402795E3B566}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows

\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46

-2B772C627456}
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID

\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID

\{183643C8-EE67-4574-9A38-927852E34163}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID

\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID

\{1DDA201E-5B42-4352-933E-21A92B297E3B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID

\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID

\{4D25FB7A-8902-4291-960E-9ADA051CFBBF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID

\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID

\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID

\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID

\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID

\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID

\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID

\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID

\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID

\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID

\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID

\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID

\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes

\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes

\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes

\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes

\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes

\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes

\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes

\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes

\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes

\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes

\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes

\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft

\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-

4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft

\Internet Explorer\Low Rights\ElevationPolicy\{7459F1D0-9FB6-

4D71-AA7B-9DECB34EB704}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft

\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-

4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft

\Internet Explorer\Low Rights\ElevationPolicy\{C0EA71CE-F155-

45A7-AFFC-0B455E96077D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft

\Internet Explorer\Low Rights\ElevationPolicy\{F0720066-E075-

40B0-B9D4-B7A47565F26D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft

\Internet Explorer\Low Rights\ElevationPolicy\{FBF1B8D2-9A06-

4174-A8B5-E38606DDB92B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft

\Windows\CurrentVersion\Explorer\Browser Helper Objects

\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft

\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-

92374E91C4BB}_is1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft

\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86

-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft

\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft

\Windows\CurrentVersion\Uninstall\CToolbar_UNINSTALL
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft

\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-

8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01C78433-

6FDF-4E5A-A82D-B535C32E03DF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-

32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41349826-

5C7F-4BF0-8279-5DAF1DE6E9AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{604EA016-

1EDE-41E6-A23E-76CF8F2A4808}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-

053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-

4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-

302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-

94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-

79A9-464D-A7FA-711C5888C6E9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-

2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-

4B87-4EE2-912F-6635674986C0}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions

\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools

\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows

\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-

8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows

\CurrentVersion\Installer\UserData\S-1-5-18\Products

\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows

\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-

65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows

\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions

[{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\jewel\AppData\Roaming\Mozilla\Firefox\Profiles

\vz620gv8.default-1359706710463\prefs.js

Deleted : user_pref("browser.newtabpage.blocked",

"{\"36wqwvgQK7+9TvGKJH10yw==\":1,\"1R8Fn5fZ

+KDbe8qVy8dS1g==\[...]

-\\ Google Chrome v25.0.1364.172

File : C:\Users\jewel\AppData\Local\Google\Chrome\User Data

\Default\Preferences

Deleted [l.45] : icon_url =

"hxxp://mystart.incredibar.com/mb165/favicon.ico",
Deleted [l.48] : keyword = "mystart.incredibar.com/mb165",
Deleted [l.51] : search_url = "hxxp://mystart.incredibar.com/mb165/?

loc=IB_DS&search={searchTerms}&a=6OyFAsN81[...]

*************************

AdwCleaner[S1].txt - [11133 octets] - [23/03/2013 20:03:17]

########## EOF - C:\AdwCleaner[S1].txt - [11194 octets]

##########


MBAR Log 1:

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.23.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
jewel :: PC [administrator]

3/23/2013 8:29:21 PM
mbar-log-2013-03-23 (20-29-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System |

Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 34654
Time elapsed: 18 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\jewel\Desktop\FlashInstall\Tools\xf-mccs6.exe

(PUP.RiskwareTool.CK) -> Delete on reboot.

(end)

MBAR Log 2:

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.23.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
jewel :: PC [administrator]

3/23/2013 8:57:30 PM
mbar-log-2013-03-23 (20-57-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System |

Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 34656
Time elapsed: 22 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

system-log:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.393000 GHz
Memory total: 4290981888, free: 2713141248

------------ Kernel report ------------
     03/23/2013 20:08:44
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\isapnp.sys
\SystemRoot\system32\drivers\mpio.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\aliide.sys
\SystemRoot\system32\drivers\amdide.sys
\SystemRoot\system32\drivers\cmdide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\msdsm.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\lsi_sas.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\HpSAMD.sys
\SystemRoot\system32\DRIVERS\adp94xx.sys
\SystemRoot\system32\DRIVERS\adpahci.sys
\SystemRoot\system32\DRIVERS\adpu320.sys
\SystemRoot\system32\drivers\amdsata.sys
\SystemRoot\system32\DRIVERS\amdsbs.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\DRIVERS\arc.sys
\SystemRoot\system32\DRIVERS\arcsas.sys
\SystemRoot\system32\DRIVERS\elxstor.sys
\SystemRoot\system32\DRIVERS\iirsp.sys
\SystemRoot\system32\DRIVERS\lsi_fc.sys
\SystemRoot\system32\DRIVERS\lsi_sas2.sys
\SystemRoot\system32\DRIVERS\lsi_scsi.sys
\SystemRoot\system32\DRIVERS\megasas.sys
\SystemRoot\system32\DRIVERS\MegaSR.sys
\SystemRoot\system32\DRIVERS\nfrd960.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\DRIVERS\ql2300.sys
\SystemRoot\system32\DRIVERS\ql40xx.sys
\SystemRoot\system32\DRIVERS\SiSRaid2.sys
\SystemRoot\system32\DRIVERS\sisraid4.sys
\SystemRoot\system32\DRIVERS\stexstor.sys
\SystemRoot\system32\DRIVERS\vsmraid.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\oodisrh.sys
\SystemRoot\system32\DRIVERS\oodivdh.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\Tpkd.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\system32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\oodisr.sys
\SystemRoot\system32\DRIVERS\oodivd.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\networx.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\jmcr.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\enecir.sys
\SystemRoot\System32\Drivers\ashplgch.SYS
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\wmamp3DriverV32.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\ManyCam_x64.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
\SystemRoot\system32\DRIVERS\pneteth.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel

\amd64\AODDriver2.sys
\??\C:\Windows\system32\drivers\cpuz135_x64.sys
\??\C:\Windows\system32\Drivers\rikvm_C6F09094.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP

\ntk_PowerDVD_64.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD11\Common

\NavFilter\000.fcl
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shlwapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\psapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\setupapi.dll
\Windows\System32\user32.dll
\Windows\System32\lpk.dll
\Windows\System32\usp10.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ole32.dll
\Windows\System32\imm32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\iertutil.dll
\Windows\System32\gdi32.dll
\Windows\System32\shell32.dll
\Windows\System32\advapi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\kernel32.dll
\Windows\System32\msctf.dll
\Windows\System32\wininet.dll
\Windows\System32\Wldap32.dll
\Windows\System32\nsi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\sechost.dll
\Windows\System32\msvcrt.dll
\Windows\System32\normaliz.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80046e8060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8004653060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys

(0x0)
Load Function returned 0x0
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.393000 GHz
Memory total: 4290981888, free: 2549682176

------------ Kernel report ------------
     03/23/2013 20:09:49
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\isapnp.sys
\SystemRoot\system32\drivers\mpio.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\aliide.sys
\SystemRoot\system32\drivers\amdide.sys
\SystemRoot\system32\drivers\cmdide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\msdsm.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\lsi_sas.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\HpSAMD.sys
\SystemRoot\system32\DRIVERS\adp94xx.sys
\SystemRoot\system32\DRIVERS\adpahci.sys
\SystemRoot\system32\DRIVERS\adpu320.sys
\SystemRoot\system32\drivers\amdsata.sys
\SystemRoot\system32\DRIVERS\amdsbs.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\DRIVERS\arc.sys
\SystemRoot\system32\DRIVERS\arcsas.sys
\SystemRoot\system32\DRIVERS\elxstor.sys
\SystemRoot\system32\DRIVERS\iirsp.sys
\SystemRoot\system32\DRIVERS\lsi_fc.sys
\SystemRoot\system32\DRIVERS\lsi_sas2.sys
\SystemRoot\system32\DRIVERS\lsi_scsi.sys
\SystemRoot\system32\DRIVERS\megasas.sys
\SystemRoot\system32\DRIVERS\MegaSR.sys
\SystemRoot\system32\DRIVERS\nfrd960.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\DRIVERS\ql2300.sys
\SystemRoot\system32\DRIVERS\ql40xx.sys
\SystemRoot\system32\DRIVERS\SiSRaid2.sys
\SystemRoot\system32\DRIVERS\sisraid4.sys
\SystemRoot\system32\DRIVERS\stexstor.sys
\SystemRoot\system32\DRIVERS\vsmraid.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\oodisrh.sys
\SystemRoot\system32\DRIVERS\oodivdh.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\Tpkd.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\system32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\oodisr.sys
\SystemRoot\system32\DRIVERS\oodivd.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\networx.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\jmcr.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\enecir.sys
\SystemRoot\System32\Drivers\ashplgch.SYS
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\wmamp3DriverV32.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\ManyCam_x64.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
\SystemRoot\system32\DRIVERS\pneteth.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel

\amd64\AODDriver2.sys
\??\C:\Windows\system32\drivers\cpuz135_x64.sys
\??\C:\Windows\system32\Drivers\rikvm_C6F09094.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP

\ntk_PowerDVD_64.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD11\Common

\NavFilter\000.fcl
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shlwapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\psapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\setupapi.dll
\Windows\System32\user32.dll
\Windows\System32\lpk.dll
\Windows\System32\usp10.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ole32.dll
\Windows\System32\imm32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\iertutil.dll
\Windows\System32\gdi32.dll
\Windows\System32\shell32.dll
\Windows\System32\advapi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\kernel32.dll
\Windows\System32\msctf.dll
\Windows\System32\wininet.dll
\Windows\System32\Wldap32.dll
\Windows\System32\nsi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\sechost.dll
\Windows\System32\msvcrt.dll
\Windows\System32\normaliz.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80046e8060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8004653060
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xfffffa8003f8d5a0
Downloaded database version: v2013.03.23.11
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80046e8060, DeviceName: \Device

\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80046e9040, DeviceName: Unknown,

DriverName: \Driver\oodisr\
DevicePointer: 0xfffffa80046e8b90, DeviceName: Unknown,

DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80046e8060, DeviceName: \Device

\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80046e7840, DeviceName: Unknown,

DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8004653060, DeviceName: \Device\Ide

\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0xfffff8a00d919860, 0xfffffa80046e8060,

0xfffffa800426b090
Lower DeviceData: 0xfffff8a00d8a3a30, 0xfffffa8004653060,

0xfffffa8003f8d5a0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024,

MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024,

MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6FE0338E

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 943996928

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 944406528  Numsec = 32153600

    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976560128  Numsec = 210992

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-

976753168-976773168)...
Done!
Performing system, memory and registry scan...
Read File: File "c:\ProgramData\{1C533CDB-BAC7-4600-B3DE-

0B628D9AC643}\IconPackager.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{1C533CDB-BAC7-4600-B3DE-

0B628D9AC643}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{1C533CDB-BAC7-4600-B3DE-

0B628D9AC643}\IconPackager.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{1C533CDB-BAC7-4600-B3DE-

0B628D9AC643}\instance.dat" is compressed (flags = 1)
Infected: c:\Users\jewel\Desktop\FlashInstall\Tools\xf-mccs6.exe -->

[PUP.RiskwareTool.CK]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024,

MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.393000 GHz
Memory total: 4290981888, free: 3222003712

Removal queue found; removal started
Removing c:\Users\jewel\Desktop\FlashInstall\Tools\xf-mccs6.exe...
Removal finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.393000 GHz
Memory total: 4290981888, free: 2678415360

------------ Kernel report ------------
     03/23/2013 20:34:27
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\isapnp.sys
\SystemRoot\system32\drivers\mpio.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\aliide.sys
\SystemRoot\system32\drivers\amdide.sys
\SystemRoot\system32\drivers\cmdide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\msdsm.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\lsi_sas.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\HpSAMD.sys
\SystemRoot\system32\DRIVERS\adp94xx.sys
\SystemRoot\system32\DRIVERS\adpahci.sys
\SystemRoot\system32\DRIVERS\adpu320.sys
\SystemRoot\system32\drivers\amdsata.sys
\SystemRoot\system32\DRIVERS\amdsbs.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\DRIVERS\arc.sys
\SystemRoot\system32\DRIVERS\arcsas.sys
\SystemRoot\system32\DRIVERS\elxstor.sys
\SystemRoot\system32\DRIVERS\iirsp.sys
\SystemRoot\system32\DRIVERS\lsi_fc.sys
\SystemRoot\system32\DRIVERS\lsi_sas2.sys
\SystemRoot\system32\DRIVERS\lsi_scsi.sys
\SystemRoot\system32\DRIVERS\megasas.sys
\SystemRoot\system32\DRIVERS\MegaSR.sys
\SystemRoot\system32\DRIVERS\nfrd960.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\DRIVERS\ql2300.sys
\SystemRoot\system32\DRIVERS\ql40xx.sys
\SystemRoot\system32\DRIVERS\SiSRaid2.sys
\SystemRoot\system32\DRIVERS\sisraid4.sys
\SystemRoot\system32\DRIVERS\stexstor.sys
\SystemRoot\system32\DRIVERS\vsmraid.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\oodisrh.sys
\SystemRoot\system32\DRIVERS\oodivdh.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\Tpkd.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\system32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\oodisr.sys
\SystemRoot\system32\DRIVERS\oodivd.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\networx.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\jmcr.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\enecir.sys
\SystemRoot\System32\Drivers\a11jjcny.SYS
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\wmamp3DriverV32.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\ManyCam_x64.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
\SystemRoot\system32\DRIVERS\pneteth.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel

\amd64\AODDriver2.sys
\??\C:\Windows\system32\drivers\cpuz135_x64.sys
\??\C:\Windows\system32\Drivers\rikvm_C6F09094.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP

\ntk_PowerDVD_64.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD11\Common

\NavFilter\000.fcl
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\lpk.dll
\Windows\System32\normaliz.dll
\Windows\System32\wininet.dll
\Windows\System32\user32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\difxapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\gdi32.dll
\Windows\System32\setupapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\sechost.dll
\Windows\System32\msvcrt.dll
\Windows\System32\kernel32.dll
\Windows\System32\advapi32.dll
\Windows\System32\iertutil.dll
\Windows\System32\psapi.dll
\Windows\System32\shell32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\ole32.dll
\Windows\System32\usp10.dll
\Windows\System32\nsi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\imm32.dll
\Windows\System32\msctf.dll
\Windows\System32\imagehlp.dll
\Windows\System32\clbcatq.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004706660
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa800467f060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys

(0x0)
Load Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004706660, DeviceName: \Device

\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004707590, DeviceName: Unknown,

DriverName: \Driver\oodisr\
DevicePointer: 0xfffffa8004707b90, DeviceName: Unknown,

DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004706660, DeviceName: \Device

\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004706040, DeviceName: Unknown,

DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa800467f060, DeviceName: \Device\Ide

\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0xfffff8a00d208d40, 0xfffffa8004706660,

0xfffffa80041355e0
Lower DeviceData: 0xfffff8a00e0563a0, 0xfffffa800467f060,

0xfffffa8004687e40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024,

MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024,

MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6FE0338E

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 943996928

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 944406528  Numsec = 32153600

    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976560128  Numsec = 210992

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-

976753168-976773168)...
Done!
Performing system, memory and registry scan...
Read File: File "c:\ProgramData\{1C533CDB-BAC7-4600-B3DE-

0B628D9AC643}\IconPackager.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{1C533CDB-BAC7-4600-B3DE-

0B628D9AC643}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{1C533CDB-BAC7-4600-B3DE-

0B628D9AC643}\IconPackager.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{1C533CDB-BAC7-4600-B3DE-

0B628D9AC643}\instance.dat" is compressed (flags = 1)
Done!
Scan finished
=======================================



#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:48 PM

Posted 23 March 2013 - 10:05 PM

Reboot the PC and let me know if you still have redirects



#9 JoeThing

JoeThing
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 23 March 2013 - 10:28 PM

So far, so good. I've been surfing around the usual places I visit and have not been redirected. Everything is looking good, but if it does act up, I'll be sure to come back. Thank you very much, again! I'll be watching more careful what I click on now.



#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:48 PM

Posted 23 March 2013 - 10:34 PM

That looks good

Remove temporary and junk files

Download Temp file cleaner from HERE.Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode
 

Create a new restore point

Follow this guide to turn off and turn on your restore points

Windows XP

Vista & windows 7

Windows 8

Turn off your system restore-It deletes old infected restore points.Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old versions of java and flash player from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/ & http://www.adobe.com/support/flashplayer/downloads.html

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

Best Practices for Safe Computing - Prevention of Malware Infection

Simple and easy ways to keep your computer safe and secure on the Internet


Safe surfing :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users