Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infested with pop-ups


  • Please log in to reply
11 replies to this topic

#1 GhostofPacman

GhostofPacman

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 26 March 2013 - 12:36 AM

Hey everyone, love the site but for once I cannot find an answer to my problem without personally asking.

 

 

Pop-ups have invaded my computer, I have foolishly ignored them for weeks rather than find an actual solution, but now it's gotten so annoying and tedious that I just want to fix it!! 

 

 

I get at least 2 pop ups per page, one in each of the bottom corners ALWAYS, and occasionally one right in the middle of my screen. They range from fake facebook IM's to spanish lessons and camgirl ads. It's so annoying!! I hope you can help me break these horrible popup ad chains, thanks in advance!



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:48 PM

Posted 26 March 2013 - 10:36 AM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run
  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg
  • Click Reboot computer
  • Please post the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply
  • Due to forum upgrade you may face issues posting the TDSSkiller log.Just last few lines of log is sufficient

===================================================

RKILL
  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another.) and save it to your desktop:
  • Link 1
  • Link 2

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

===================================================

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    esetsmartinstaller_enu.png

    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button

===================================================

Junkware Removal Tool by thisisu
  • Please download Junkware Removal Tool
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply.

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • TDSSKiller log
  • RKILL log
  • ESET log
  • Junkware removal tool log


 



#3 GhostofPacman

GhostofPacman
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 27 March 2013 - 12:10 AM

Thank you for the speedy reply! Here all the logs for ya.

 

 

TSDSSKiller Log

 

 

17:09:25.0576 4532  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:09:27.0604 4532  ============================================================
17:09:27.0604 4532  Current date / time: 2013/03/26 17:09:27.0604
17:09:27.0604 4532  SystemInfo:
17:09:27.0604 4532  
17:09:27.0604 4532  OS Version: 6.1.7601 ServicePack: 1.0
17:09:27.0604 4532  Product type: Workstation
17:09:27.0604 4532  ComputerName: KGS-PC
17:09:27.0604 4532  UserName: Kyle
17:09:27.0604 4532  Windows directory: C:\Windows
17:09:27.0604 4532  System windows directory: C:\Windows
17:09:27.0604 4532  Running under WOW64
17:09:27.0604 4532  Processor architecture: Intel x64
17:09:27.0604 4532  Number of processors: 4
17:09:27.0604 4532  Page size: 0x1000
17:09:27.0604 4532  Boot type: Normal boot
17:09:27.0604 4532  ============================================================
17:09:33.0947 4532  BG loaded
17:09:34.0648 4532  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:09:34.0738 4532  Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:09:34.0738 4532  ============================================================
17:09:34.0738 4532  \Device\Harddisk0\DR0:
17:09:34.0758 4532  MBR partitions:
17:09:34.0758 4532  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48DF1187
17:09:34.0758 4532  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48DF11C6, BlocksNum 0x1A65CFB
17:09:34.0758 4532  \Device\Harddisk1\DR1:
17:09:34.0758 4532  MBR partitions:
17:09:34.0758 4532  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
17:09:34.0758 4532  ============================================================
17:09:34.0898 4532  C: <-> \Device\Harddisk0\DR0\Partition1
17:09:34.0898 4532  D: <-> \Device\Harddisk1\DR1\Partition1
17:09:35.0138 4532  E: <-> \Device\Harddisk0\DR0\Partition2
17:09:35.0138 4532  ============================================================
17:09:35.0138 4532  Initialize success
17:09:35.0138 4532  ============================================================
17:36:01.0434 4824  ============================================================
17:36:01.0434 4824  Scan started
17:36:01.0434 4824  Mode: Manual; TDLFS; 
17:36:01.0434 4824  ============================================================
17:36:04.0865 4824  ================ Scan system memory ========================
17:36:04.0865 4824  System memory - ok
17:36:04.0865 4824  ================ Scan services =============================
17:36:05.0045 4824  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:36:05.0055 4824  1394ohci - ok
17:36:05.0085 4824  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:36:05.0095 4824  ACPI - ok
17:36:05.0105 4824  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:36:05.0105 4824  AcpiPmi - ok
17:36:05.0245 4824  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:36:05.0255 4824  AdobeARMservice - ok
17:36:05.0365 4824  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:36:05.0365 4824  AdobeFlashPlayerUpdateSvc - ok
17:36:05.0425 4824  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:36:05.0435 4824  adp94xx - ok
17:36:05.0475 4824  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:36:05.0475 4824  adpahci - ok
17:36:05.0495 4824  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:36:05.0495 4824  adpu320 - ok
17:36:05.0565 4824  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:36:05.0565 4824  AeLookupSvc - ok
17:36:05.0595 4824  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
17:36:05.0605 4824  AFD - ok
17:36:05.0625 4824  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:36:05.0625 4824  agp440 - ok
17:36:05.0645 4824  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:36:05.0645 4824  ALG - ok
17:36:05.0655 4824  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:36:05.0655 4824  aliide - ok
17:36:05.0685 4824  [ D45D3540C5AE2A48C6112DF03F06F374 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:36:05.0685 4824  AMD External Events Utility - ok
17:36:05.0785 4824  AMD FUEL Service - ok
17:36:05.0795 4824  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:36:05.0795 4824  amdide - ok
17:36:05.0825 4824  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
17:36:05.0825 4824  amdiox64 - ok
17:36:05.0845 4824  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:36:05.0845 4824  AmdK8 - ok
17:36:06.0055 4824  [ 5B871F3E4A4A6C4693A413E3138B51D0 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:36:06.0125 4824  amdkmdag - ok
17:36:06.0145 4824  [ 9BE1140CE8D2C5E878F136A7B85D41B3 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
17:36:06.0145 4824  amdkmdap - ok
17:36:06.0165 4824  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:36:06.0165 4824  AmdPPM - ok
17:36:06.0185 4824  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:36:06.0185 4824  amdsata - ok
17:36:06.0215 4824  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys

 

 

 

RKILL Log

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)

Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 03/26/2013 05:38:45 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\ProgramData\TVersity\Media Server\MediaServer.exe (PID: 3216) [AU-HEUR]
 * C:\Users\Kyle\AppData\Local\Temp\29971520-51BA-4593-B70C-4E9B88FB53BE.exe (PID: 4480) [T-HEUR]
 
2 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!
 
  * HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!
 
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  ::1             localhost
  149.5.18.172 www.google-analytics.com.
  149.5.18.172 ad-emea.doubleclick.net.
  149.5.18.172 www.statcounter.com.
  108.163.215.51 www.google-analytics.com.
  108.163.215.51 ad-emea.doubleclick.net.
  108.163.215.51 www.statcounter.com.
 
Program finished at: 03/26/2013 05:38:56 PM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)
 
 
 
ESET Log
 
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\prq.exe a variant of Win32/Kryptik.YUY trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FWAX4WLY\cutetryteenz_com[1].htm JS/Kryptik.CK trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIOG45TM\newyear4_net[1].htm HTML/TrojanDownloader.Applet.A trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YSQR9LNX\newyear1_net[1].htm HTML/TrojanDownloader.Applet.A trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCCATE2C\asianpornfantasy_in[1].htm JS/Kryptik.CW trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\cd5a54e-187397b8 multiple threats
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\8219191-2a36de9d a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\4ac8f098-7ec73eba Java/Exploit.CVE-2011-3544.K trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2a070f99-1378bc30 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\3a062629-23d7a6e7 a variant of Win32/Injector.NGY trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\49aa396b-5dafc830 a variant of Win32/Kryptik.ZFQ trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-21ed7211 a variant of Java/Exploit.CVE-2010-4452.B trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-50fd28f5 a variant of Java/Exploit.CVE-2010-4452.B trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-7ef59510 a variant of Java/Exploit.CVE-2010-4452.B trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\3d5c8d76-21a5df2c a variant of Win32/Kryptik.YDB trojan
C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Default\aagcgggbdagfgfggdcdagfdidedddhdb\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Kyle\Downloads\iLividSetup.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\prq.exe a variant of Win32/Kryptik.YUY trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FWAX4WLY\cutetryteenz_com[1].htm JS/Kryptik.CK trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIOG45TM\newyear4_net[1].htm HTML/TrojanDownloader.Applet.A trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YSQR9LNX\newyear1_net[1].htm HTML/TrojanDownloader.Applet.A trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCCATE2C\asianpornfantasy_in[1].htm JS/Kryptik.CW trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\cd5a54e-187397b8 multiple threats cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\8219191-2a36de9d a variant of Java/TrojanDownloader.Agent.NDJ trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\4ac8f098-7ec73eba Java/Exploit.CVE-2011-3544.K trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2a070f99-1378bc30 a variant of Java/TrojanDownloader.Agent.NDJ trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\3a062629-23d7a6e7 a variant of Win32/Injector.NGY trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\49aa396b-5dafc830 a variant of Win32/Kryptik.ZFQ trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-21ed7211 a variant of Java/Exploit.CVE-2010-4452.B trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-50fd28f5 a variant of Java/Exploit.CVE-2010-4452.B trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-7ef59510 a variant of Java/Exploit.CVE-2010-4452.B trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\3d5c8d76-21a5df2c a variant of Win32/Kryptik.YDB trojan cleaned by deleting - quarantined
 
 
JRT Log
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Home Premium x64
Ran by Kyle on Tue 03/26/2013 at 21:54:26.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{687578b9-7132-4a7a-80e4-30ee31099e03} 
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} 
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03} 
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} 
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440} 
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2645238
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3072253
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Kyle\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Kyle\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Kyle\appdata\local\opencandy"
Successfully deleted: [Folder] "C:\Users\Kyle\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Kyle\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Kyle\appdata\locallow\conduitengine"
Successfully deleted: [Folder] "C:\Users\Kyle\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Kyle\AppData\Roaming\mozilla\firefox\profiles\b6r0dnfu.default\conduitcommon
Successfully deleted: [Folder] C:\Users\Kyle\AppData\Roaming\mozilla\firefox\profiles\b6r0dnfu.default\extensions\staged
Successfully deleted the following from C:\Users\Kyle\AppData\Roaming\mozilla\firefox\profiles\b6r0dnfu.default\prefs.js
 
user_pref("CT2645238..clientLogIsEnabled", true);
user_pref("CT2645238..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2645238..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2645238.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2645238.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2645238.CTID", "ct2645238");
user_pref("CT2645238.CurrentServerDate", "12-11-2011");
user_pref("CT2645238.DialogsAlignMode", "LTR");
user_pref("CT2645238.DialogsGetterLastCheckTime", "Fri Nov 11 2011 17:21:39 GMT-0800 (Pacific Standard Time)");
user_pref("CT2645238.DownloadReferralCookieData", "");
user_pref("CT2645238.EMailNotifierPollDate", "Fri Nov 11 2011 17:54:29 GMT-0800 (Pacific Standard Time)");
user_pref("CT2645238.FirstServerDate", "9-9-2011");
user_pref("CT2645238.FirstTime", true);
user_pref("CT2645238.FirstTimeFF3", true);
user_pref("CT2645238.FixPageNotFoundErrors", true);
user_pref("CT2645238.GroupingServerCheckInterval", 1440);
user_pref("CT2645238.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2645238.HasUserGlobalKeys", true);
user_pref("CT2645238.HomePageProtectorEnabled", false);
user_pref("CT2645238.Initialize", true);
user_pref("CT2645238.InitializeCommonPrefs", true);
user_pref("CT2645238.InstallationAndCookieDataSentCount", 3);
user_pref("CT2645238.InstallationType", "UnknownIntegration");
user_pref("CT2645238.InstalledDate", "Thu Sep 08 2011 17:56:20 GMT-0700 (Pacific Daylight Time)");
user_pref("CT2645238.IsAlertDBUpdated", true);
user_pref("CT2645238.IsGrouping", false);
user_pref("CT2645238.IsInitSetupIni", true);
user_pref("CT2645238.IsMulticommunity", false);
user_pref("CT2645238.IsOpenThankYouPage", false);
user_pref("CT2645238.IsOpenUninstallPage", false);
user_pref("CT2645238.LanguagePackLastCheckTime", "Thu Sep 08 2011 17:56:22 GMT-0700 (Pacific Daylight Time)");
user_pref("CT2645238.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2645238.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2645238.LastLogin_3.6.0.10", "Tue Sep 27 2011 17:52:27 GMT-0700 (Pacific Daylight Time)");
user_pref("CT2645238.LastLogin_3.7.0.6", "Mon Nov 07 2011 17:45:27 GMT-0800 (Pacific Standard Time)");
user_pref("CT2645238.LastLogin_3.8.0.8", "Fri Nov 11 2011 17:21:40 GMT-0800 (Pacific Standard Time)");
user_pref("CT2645238.LatestVersion", "3.8.0.8");
user_pref("CT2645238.Locale", "en");
user_pref("CT2645238.MCDetectTooltipHeight", "83");
user_pref("CT2645238.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2645238.MCDetectTooltipWidth", "295");
user_pref("CT2645238.MyStuffEnabledAtInstallation", true);
user_pref("CT2645238.OriginalFirstVersion", "3.6.0.10");
user_pref("CT2645238.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
user_pref("CT2645238.SearchFromAddressBarIsInit", true);
user_pref("CT2645238.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=2&q=");
user_pref("CT2645238.SearchInNewTabEnabled", true);
user_pref("CT2645238.SearchInNewTabIntervalMM", 1440);
user_pref("CT2645238.SearchInNewTabLastCheckTime", "Thu Sep 08 2011 17:56:21 GMT-0700 (Pacific Daylight Time)");
user_pref("CT2645238.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2645238.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
user_pref("CT2645238.SearchProtectorEnabled", false);
user_pref("CT2645238.SearchProtectorToolbarDisabled", false);
user_pref("CT2645238.ServiceMapLastCheckTime", "Thu Nov 10 2011 18:02:39 GMT-0800 (Pacific Standard Time)");
user_pref("CT2645238.SettingsLastCheckTime", "Thu Sep 08 2011 17:56:20 GMT-0700 (Pacific Daylight Time)");
user_pref("CT2645238.SettingsLastUpdate", "1314606769");
user_pref("CT2645238.ThirdPartyComponentsInterval", 504);
user_pref("CT2645238.ThirdPartyComponentsLastCheck", "Thu Sep 08 2011 17:56:19 GMT-0700 (Pacific Daylight Time)");
user_pref("CT2645238.ThirdPartyComponentsLastUpdate", "1312887586");
user_pref("CT2645238.ToolbarShrinkedFromSetup", false);
user_pref("CT2645238.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2645238");
user_pref("CT2645238.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2645238.UserID", "UN03093375139906640");
user_pref("CT2645238.ValidationData_Search", 1);
user_pref("CT2645238.ValidationData_Toolbar", 2);
user_pref("CT2645238.alertChannelId", "1037922");
user_pref("CT2645238.ct2645238.AppTrackingLastCheckTime", "Sun Oct 23 2011 05:23:20 GMT-0700 (Pacific Daylight Time)");
user_pref("CT2645238.ct2645238.DialogsAlignMode", "LTR");
user_pref("CT2645238.ct2645238.LanguagePackLastCheckTime", "Thu Nov 10 2011 18:02:39 GMT-0800 (Pacific Standard Time)");
user_pref("CT2645238.ct2645238.Locale", "en");
user_pref("CT2645238.ct2645238.SearchInNewTabLastCheckTime", "Thu Nov 10 2011 18:02:38 GMT-0800 (Pacific Standard Time)");
user_pref("CT2645238.ct2645238.SettingsLastCheckTime", "Fri Nov 11 2011 17:21:39 GMT-0800 (Pacific Standard Time)");
user_pref("CT2645238.ct2645238.SettingsLastUpdate", "1320075118");
user_pref("CT2645238.ct2645238.ThirdPartyComponentsLastCheck", "Thu Nov 10 2011 18:02:38 GMT-0800 (Pacific Standard Time)");
user_pref("CT2645238.ct2645238.ThirdPartyComponentsLastUpdate", "1312887586");
user_pref("CT2645238.ct2645238.globalFirstTimeInfoLastCheckTime", "Fri Nov 11 2011 17:21:40 GMT-0800 (Pacific Standard Time)");
user_pref("CT2645238.ct2645238.toolbarAppMetaDataLastCheckTime", "Thu Nov 10 2011 18:02:39 GMT-0800 (Pacific Standard Time)");
user_pref("CT2645238.ct2645238.toolbarContextMenuLastCheckTime", "Sat Nov 05 2011 13:34:50 GMT-0700 (Pacific Daylight Time)");
user_pref("CT2645238.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2645238.globalFirstTimeInfoLastCheckTime", "Thu Sep 08 2011 17:56:23 GMT-0700 (Pacific Daylight Time)");
user_pref("CT2645238.homepageProtectorEnableByLogin", true);
user_pref("CT2645238.initDone", true);
user_pref("CT2645238.isAppTrackingManagerOn", true);
user_pref("CT2645238.myStuffEnabled", true);
user_pref("CT2645238.myStuffPublihserMinWidth", 400);
user_pref("CT2645238.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2645238.myStuffServiceIntervalMM", 1440);
user_pref("CT2645238.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2645238.oldAppsList", "129194820424161790,129194820424318041,111,129194820424474292,129194820424630543,129194820424786794,1000080,129538367557950003,1000034,12919
user_pref("CT2645238.revertSettingsEnabled", false);
user_pref("CT2645238.searchProtectorDialogDelayInSec", 10);
user_pref("CT2645238.searchProtectorEnableByLogin", true);
user_pref("CT2645238.testingCtid", "");
user_pref("CT2645238.toolbarAppMetaDataLastCheckTime", "Thu Sep 08 2011 17:56:22 GMT-0700 (Pacific Daylight Time)");
user_pref("CT2645238.toolbarContextMenuLastCheckTime", "Thu Sep 08 2011 17:56:23 GMT-0700 (Pacific Daylight Time)");
user_pref("CT2645238.usagesFlag", 2);
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253", "\"855c0149f6eee656fc46e123af79ec731\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2645238", "\"1283468208\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", "\"1336063965\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2645238", "\"1283468208\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE", "wVmmvqqOMqrv5xct1cJIHg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "C5ZJe6gL80JBW5CuLy+wkg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE", "0uSPYx+Kl2jpu8sJZMeHjw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "mfQ70fvlD2zuBxSBj8rQqA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE", "Dclc8oo4TTv7+mAkSlUSWg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "UgzXjW7BIkfdx+x39Ruv3w==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE", "K4Vqu91uAzWURlxJRdXJOg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "FqddrIU7eyJgaaLyHDeVMQ==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.8", "\"4ead38b3e6bcd1:144a\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:144a\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:1462\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"0ee90707f77cc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"6a637346d78ccc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.0.8", "\"6a637346d78ccc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2645238", "\"634553316085800000\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253", "\"84df7a85bec3b2a3dd055a4bedea5adc\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2645238&octid=CT2645238", "\"1314606769\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2645238&octid=CT2645238", "\"1320075119\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/38/264/CT2645238/Images/634084960850172500.png", "\"42eee7aac1eaca1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"634510680517330000\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"21ba1682b5b6825cbfd420592a540476\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Kyle\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\b6r0dnfu.default\\conduitCommon\\modules\\3.13.0.6");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
user_pref("CommunityToolbar.ToolbarsList", "CT2645238");
user_pref("CommunityToolbar.ToolbarsList2", "CT2645238");
user_pref("CommunityToolbar.ToolbarsList4", "CT2645238");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Nov 10 2011 18:02:39 GMT-0800 (Pacific Standard Time)");
user_pref("CommunityToolbar.globalUserId", "1b5bdcf0-0409-4c3a-b08c-274e12566645");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jun 04 2012 18:42:17 GMT-0700 (Pacific Daylight Time)");
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jun 04 2012 22:35:06 GMT-0700 (Pacific Daylight Time)");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jun 04 2012 18:42:16 GMT-0700 (Pacific Daylight Time)");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "8ef87f88-9893-48c7-a349-6316f39213fe");
user_pref("CommunityToolbar.originalHomepage", "hxxps://www.facebook.com/home.php");
user_pref("CommunityToolbar.originalSearchEngine", "Google");
user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"20\": {\"id\": \"20\",\"title\": \"Babylon\",\"type\": \"EXE\",\"url\": \"hxxps://www.addonfox.com/par
user_pref("extensions.ntk.feedStore", "{\"URLtoFeedCount\":15,\"FeedStoriesCount\":9,\"data\":[{\"uri\":\"hxxps://www.facebook.com/home.php\",\"feed\":null,\"stories\":null},{
Emptied folder: C:\Users\Kyle\AppData\Roaming\mozilla\firefox\profiles\b6r0dnfu.default\minidumps [489 files]
 
 
 
~~~ Chrome
 
Dumping contents of C:\Users\Kyle\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\Kyle\appdata\local\Google\Chrome\User Data\Default\Default\aagcgggbdagfgfggdcdagfdidedddhdb
C:\Users\Kyle\appdata\local\Google\Chrome\User Data\Default\Default\aagcgggbdagfgfggdcdagfdidedddhdb\manifest.json
 
Successfully deleted: [Folder] C:\Users\Kyle\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/26/2013 at 22:05:45.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by GhostofPacman, 27 March 2013 - 12:13 AM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:48 PM

Posted 27 March 2013 - 12:45 AM

Do this once again

  • Please post the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply
  • Due to forum upgrade you may face issues posting the TDSSkiller log.Just last few lines of log is sufficient

 

 

Malwarebytes

Please download Malwarebytes Anti-Malware and save it to your desktop. If you already have it installed launch the program and update the database.

  • Make sure you are connected to the Internet and double-click on the it to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

===================================================

Farbar's MiniToolBox
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply

===================================================

Farbar's Service Scanner

Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===================================================

AdwCleaner by Xplode - Search for Adware
  • Please download AdwCleaner by Xplode onto your desktop.
  • Security softwares may flag it as malicious.This is a false positive and can be ignored.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • Click YES if you receive a warning for reboot
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================

Autoruns
 
  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply



  • Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Autoruns log

 



#5 GhostofPacman

GhostofPacman
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 27 March 2013 - 05:04 AM

Here is the TDSSKiller log, second try.

 

 

17:36:27.0247 4824  Scan finished
17:36:27.0247 4824  ============================================================
17:36:27.0257 4724  Detected object count: 1
17:36:27.0257 4724  Actual detected object count: 1
17:37:22.0891 4724  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:37:22.0891 4724  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
17:37:39.0522 4484  Deinitialize success
 
 
But now I've reached a new problem, Malware Bytes is freezing up about 3 minutes into the scan. I've used the program before without problem but now it's freezing on me!! Should I continue with the other steps?


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:48 PM

Posted 27 March 2013 - 08:27 AM

Disable your antivirus and run malwarebytes.If it still freezes move to other scans.



#7 GhostofPacman

GhostofPacman
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 27 March 2013 - 02:43 PM

No luck with Malwarebytes, here are the other logs.

 

 

Mini Tool Box

 

MiniToolBox by Farbar  Version:05-03-2013

Ran by Kyle (administrator) on 27-03-2013 at 12:29:12
Running from "C:\Users\Kyle\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
::1        localhost
 
 
149.5.18.172 www.google-analytics.com.
149.5.18.172 ad-emea.doubleclick.net.
149.5.18.172 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Belkin USB Wireless Adaptor = Wireless Network Connection 2 (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : KGS-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin
 
Wireless LAN adapter Wireless Network Connection 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 08-86-3B-0E-97-0F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Belkin USB Wireless Adaptor
   Physical Address. . . . . . . . . : 08-86-3B-0E-97-0F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::d096:a531:3480:935b%16(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.2.8(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, March 27, 2013 5:06:50 AM
   Lease Expires . . . . . . . . . . : Saturday, May 03, 2149 6:57:41 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 403211835
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-96-C3-73-20-CF-30-56-2C-14
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 20-CF-30-56-2C-14
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.Belkin:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 21:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:28c6:19d2:3f57:fdf7(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::28c6:19d2:3f57:fdf7%28(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.2.1
 
Name:    google.com
Addresses:  2001:4860:4001:802::1009
 173.194.33.36
 173.194.33.32
 173.194.33.34
 173.194.33.40
 173.194.33.46
 173.194.33.35
 173.194.33.39
 173.194.33.33
 173.194.33.38
 173.194.33.41
 173.194.33.37
 
 
Pinging google.com [173.194.33.4] with 32 bytes of data:
Reply from 173.194.33.4: bytes=32 time=26ms TTL=55
Reply from 173.194.33.4: bytes=32 time=17ms TTL=55
 
Ping statistics for 173.194.33.4:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 17ms, Maximum = 26ms, Average = 21ms
Server:  UnKnown
Address:  192.168.2.1
 
DNS request timed out.
    timeout was 2 seconds.
Name:    yahoo.com
Addresses:  98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=654ms TTL=52
Reply from 206.190.36.45: bytes=32 time=580ms TTL=52
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 580ms, Maximum = 654ms, Average = 617ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Request timed out.
Request timed out.
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
===========================================================================
Interface List
 24...08 86 3b 0e 97 0f ......Microsoft Virtual WiFi Miniport Adapter
 16...08 86 3b 0e 97 0f ......Belkin USB Wireless Adaptor
 10...20 cf 30 56 2c 14 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 28...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.8     30
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.8    286
      192.168.2.8  255.255.255.255         On-link       192.168.2.8    286
    192.168.2.255  255.255.255.255         On-link       192.168.2.8    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.8    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.8    286
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 28     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 28     58 2001::/32                On-link
 28    306 2001:0:4137:9e76:28c6:19d2:3f57:fdf7/128
                                    On-link
 16    286 fe80::/64                On-link
 28    306 fe80::/64                On-link
 28    306 fe80::28c6:19d2:3f57:fdf7/128
                                    On-link
 16    286 fe80::d096:a531:3480:935b/128
                                    On-link
  1    306 ff00::/8                 On-link
 28    306 ff00::/8                 On-link
 16    286 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
 
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
 
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/27/2013 11:22:47 AM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.70.0.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: bd4
 
Start Time: 01ce2ae428896431
 
Termination Time: 5
 
Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
 
Report Id: 4a019d7b-970b-11e2-b165-20cf30562c14
 
Error: (03/27/2013 05:14:59 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (03/27/2013 05:14:59 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (03/27/2013 05:04:05 AM) (Source: Application Error) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x50a6a1b0
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x9b0
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3
 
Error: (03/27/2013 05:02:39 AM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.70.0.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e98
 
Start Time: 01ce2ae11c0ababb
 
Termination Time: 15
 
Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
 
Report Id: 2b657be7-96d6-11e2-8705-20cf30562c14
 
Error: (03/27/2013 03:41:23 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (03/27/2013 03:41:23 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (03/27/2013 03:35:12 AM) (Source: Application Error) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x50a6a1b0
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x1440
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3
 
Error: (03/27/2013 03:11:12 AM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.70.0.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 484
 
Start Time: 01ce2ad174b7667e
 
Termination Time: 5
 
Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
 
Report Id: 9b04a400-96c6-11e2-9eba-20cf30562c14
 
Error: (03/27/2013 03:09:33 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (03/27/2013 00:25:28 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (03/27/2013 00:25:28 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (03/27/2013 00:25:28 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801
 
Error: (03/27/2013 00:25:14 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (03/27/2013 00:25:14 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (03/27/2013 00:25:14 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (03/27/2013 00:25:14 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (03/27/2013 00:25:14 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801
 
Error: (03/27/2013 00:25:14 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801
 
Error: (03/27/2013 00:24:24 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
 
Microsoft Office Sessions:
=========================
Error: (03/27/2013 11:22:47 AM) (Source: Application Hang)(User: )
Description: mbam.exe1.70.0.9bd401ce2ae4288964315C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe4a019d7b-970b-11e2-b165-20cf30562c14
 
Error: (03/27/2013 05:14:59 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (03/27/2013 05:14:59 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (03/27/2013 05:04:05 AM) (Source: Application Error)(User: )
Description: Fuel.Service.exe1.0.0.050a6a1b0Device.dll4.1.0.04f55e10bc000000500000000000033c19b001ce2ad6f68d5659C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll6b3ce572-96d6-11e2-8705-20cf30562c14
 
Error: (03/27/2013 05:02:39 AM) (Source: Application Hang)(User: )
Description: mbam.exe1.70.0.9e9801ce2ae11c0ababb15C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe2b657be7-96d6-11e2-8705-20cf30562c14
 
Error: (03/27/2013 03:41:23 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (03/27/2013 03:41:23 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (03/27/2013 03:35:12 AM) (Source: Application Error)(User: )
Description: Fuel.Service.exe1.0.0.050a6a1b0Device.dll4.1.0.04f55e10bc000000500000000000033c1144001ce2aac2d9972bbC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll00b9a6d0-96ca-11e2-9eba-20cf30562c14
 
Error: (03/27/2013 03:11:12 AM) (Source: Application Hang)(User: )
Description: mbam.exe1.70.0.948401ce2ad174b7667e5C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe9b04a400-96c6-11e2-9eba-20cf30562c14
 
Error: (03/27/2013 03:09:33 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\$RECYCLE.BIN\S-1-5-21-3738431208-332088571-326742816-1000\$RUTM1XB.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-03-27 12:27:23.501
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-27 11:43:04.601
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-27 11:34:54.561
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-27 11:24:29.547
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-27 05:02:41.096
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-27 04:49:36.242
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-27 03:18:35.157
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-27 03:09:24.614
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-27 02:56:48.547
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-27 02:36:28.347
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
µTorrent (Version: 3.3.0.29342)
64 Bit HP CIO Components Installer (Version: 6.2.1)
Adobe AIR (Version: 3.2.0.2070)
Adobe Community Help (Version: 3.4.980)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Flash Professional CS5.5 (Version: 11.5)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Aliens vs. Predator
AMD Accelerated Video Transcoding (Version: 12.5.100.21116)
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Catalyst Install Manager (Version: 8.0.881.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.1116.1515.27190)
AMD Media Foundation Decoders (Version: 1.0.71116.1554)
AMD VISION Engine Control Center (Version: 2012.1116.1515.27190)
AnalogX AutoTune
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Panorama Maker 6 (Version: 6.0.8.85)
ASIO4ALL
Audacity 2.0
Audials TV (Version: 1.3.10803.300)
Auslogics Duplicate File Finder (Version: 2.4)
AVG 2013 (Version: 13.0.3161)
AVG 2013 (Version: 13.0.3267)
AVG 2013 (Version: 2013.0.3267)
Belkin N+ Wireless USB Adapter (Version: 2.00.11)
Belkin USB Wireless Adaptor (Version: 1.0.0.10)
Bonjour (Version: 3.0.0.10)
BSR Screen Recorder 5
BufferChm (Version: 130.0.331.000)
CameraHelperMsi (Version: 13.10.1217.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.1116.1515.27190)
Catalyst Control Center InstallProxy (Version: 2012.0806.1213.19931)
Catalyst Control Center Localization All (Version: 2012.1116.1515.27190)
CCC Help Chinese Standard (Version: 2012.1116.1514.27190)
CCC Help Chinese Traditional (Version: 2012.1116.1514.27190)
CCC Help Czech (Version: 2012.1116.1514.27190)
CCC Help Danish (Version: 2012.1116.1514.27190)
CCC Help Dutch (Version: 2012.1116.1514.27190)
CCC Help English (Version: 2012.1116.1514.27190)
CCC Help Finnish (Version: 2012.1116.1514.27190)
CCC Help French (Version: 2012.1116.1514.27190)
CCC Help German (Version: 2012.1116.1514.27190)
CCC Help Greek (Version: 2012.1116.1514.27190)
CCC Help Hungarian (Version: 2012.1116.1514.27190)
CCC Help Italian (Version: 2012.1116.1514.27190)
CCC Help Japanese (Version: 2012.1116.1514.27190)
CCC Help Korean (Version: 2012.1116.1514.27190)
CCC Help Norwegian (Version: 2012.1116.1514.27190)
CCC Help Polish (Version: 2012.1116.1514.27190)
CCC Help Portuguese (Version: 2012.1116.1514.27190)
CCC Help Russian (Version: 2012.1116.1514.27190)
CCC Help Spanish (Version: 2012.1116.1514.27190)
CCC Help Swedish (Version: 2012.1116.1514.27190)
CCC Help Thai (Version: 2012.1116.1514.27190)
CCC Help Turkish (Version: 2012.1116.1514.27190)
ccc-utility64 (Version: 2012.1116.1515.27190)
CCleaner (Version: 3.28)
Citrix Authentication Manager (Version: 3.0.0.47031)
Citrix Receiver (HDX Flash Redirection) (Version: 13.3.0.55)
Citrix Receiver (Version: 13.3.0.55)
Citrix Receiver Inside (Version: 3.3.0.17208)
Citrix Receiver Updater (Version: 3.3.0.17207)
Citrix Receiver(Aero) (Version: 13.3.0.55)
Citrix Receiver(DV) (Version: 13.3.0.55)
Citrix Receiver(USB) (Version: 13.3.0.55)
CLUE Classic (Version: 1.0.0.0)
Content Transfer (Version: 1.3.0.23190)
Copy (Version: 130.0.428.000)
Counter-Strike 1.6
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.465.000)
DivX Setup (Version: 2.6.1.9)
DJ_AIO_03_F4200_Software_Min (Version: 130.0.365.000)
Doxillion Document Converter
DVD Catalyst 4.0.2.3 (Version: 4.0.2.3)
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
EPU-4 Engine (Version: 1.01.07)
erLT (Version: 1.20.138.34)
ESET Online Scanner v3
EverQuest
F4200 (Version: 130.0.365.000)
Family Feud 2010 1.0.4
ffdshow [rev 3154] [2009-12-09] (Version: 1.0)
FL Studio 10
FL Studio 9
Flash Movie Player 1.5 (Version: 1.5)
GameFly (Version: 1.0.1824)
Garry's Mod
Garry's Mod 13 Beta
Google Chrome (Version: 25.0.1364.172)
Google Earth (Version: 7.0.3.8542)
Google Talk Plugin (Version: 3.16.0.12200)
Google Update Helper (Version: 1.3.21.135)
GPBaseService2 (Version: 130.0.371.000)
Guitar Pro 6
Hoyle Card Games 2011 (remove only)
HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Update (Version: 4.000.011.006)
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
IL Download Manager
iTunes (Version: 11.0.1.12)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 23 (Version: 6.0.230)
Java™ 7 Update 5 (64-bit) (Version: 7.0.50)
League of Legends (Version: 1.3)
Lexmark Printable Web (Version: 1.0.0.0)
Lexmark S300-S400 Series
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.10.1216.0)
LWS Gallery (Version: 13.10.1216.0)
LWS Help_main (Version: 13.10.1224.0)
LWS Launcher (Version: 13.10.1224.0)
LWS Motion Detection (Version: 13.10.1218.0)
LWS Pictures And Video (Version: 13.10.1218.0)
LWS Twitter (Version: 13.00.1216.0)
LWS Video Mask Maker (Version: 13.10.1216.0)
LWS VideoEffects (Version: 13.00.1774.0)
LWS Webcam Software (Version: 13.00.1774.0)
LWS WLM Plugin (Version: 1.10.1222.0)
LWS YouTube Plugin (Version: 13.10.1216.0)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
ManyCam 2.6.55 (remove only) (Version: 2.6.55)
MarketResearch (Version: 130.0.374.000)
M-Audio Legacy Keyboard Driver 5.0.0 (x64) (Version: 5.0.0)
M-Audio MIDISPORT Driver 6.1.2 (x64) (Version: 6.1.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft IntelliType Pro 8.1 (Version: 8.15.406.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Miro (Version: 5.0)
Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)
Mozilla Maintenance Service (Version: 19.0.2)
MP4 Streaming Server 1.1 Free (Version: 1.1 Free)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Native Instruments Massive (Version: 1.3.0.2050)
Native Instruments Service Center (Version: 2.2.6.676)
Online Plug-in (Version: 13.3.0.55)
Pando Media Booster (Version: 2.6.0.8)
PDF Settings CS5 (Version: 10.0)
PeerGuardian 2.0 (Version: 2.1.0.2)
PoiZone
PowerISO (Version: 4.8)
Project64 1.6 (Version: 1.6.1)
QuickTime (Version: 7.70.80.34)
RealDownloader (Version: 1.3.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
Realtek Ethernet Controller Driver For Windows Vista and Later (Version: 1.00.0009)
RealUpgrade 1.1 (Version: 1.1.0)
Recuva (Version: 1.43)
Sawer
Scan (Version: 13.0.0.0)
Self-service Plug-in (Version: 3.3.0.27839)
Serviio
SlamIt Pinball: Big Score
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
Source SDK Base 2007
SpeedFan (remove only)
Status (Version: 130.0.469.000)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
The 80 Classic Games (Version: 1.0)
The KMPlayer (remove only)
The Walking Dead (Version: 1.0.0.15)
Thief - Deadly Shadows (Version: 1.0)
Thief - Deadly Shadows Collective Texture Pack by John P., ver. 1.0.3
Toolbox (Version: 130.0.648.000)
Toxic Biohazard
trailblazers Player (Version: 3.0.1.49)
TrayApp (Version: 130.0.422.000)
TVersity Codec Pack 1.4 (Version: 1.4)
TVersity Media Server 1.9.3 (Version: 1.9.3)
Ultra MKV Converter 4.1.0101
Unity Web Player (Version: )
UnloadSupport (Version: 11.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VC 9.0 Runtime (Version: 1.0.0)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VideoPad Video Editor
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VoiceOver Kit (Version: 1.40.128.0)
WebReg (Version: 130.0.132.017)
WinRAR 4.00 beta 2 (64-bit) (Version: 4.00.2)
WinX DVD Ripper Platinum 6.0.2
ZoneAlarm Firewall (Version: 10.1.065.000)
ZoneAlarm Free (Version: 10.1.065.000)
ZoneAlarm Security (Version: 10.1.065.000)
ZoneAlarm Toolbar
 
========================= Devices: ================================
 
Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Xbox 360
Description: Xbox 360
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 32%
Total physical RAM: 6143.18 MB
Available physical RAM: 4138.33 MB
Total Pagefile: 12284.54 MB
Available Pagefile: 9399.77 MB
Total Virtual: 4095.88 MB
Available Virtual: 3954.73 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Primary) (Fixed) (Total:582.97 GB) (Free:98.64 GB) NTFS
2 Drive d: (BK Drive 2) (Fixed) (Total:74.52 GB) (Free:50.6 GB) NTFS
3 Drive e: (BK Drive 1) (Fixed) (Total:13.2 GB) (Free:13.11 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\KGS-PC
 
Administrator            Guest                    Kyle                     
 
 
**** End of log ****
 
 
Service Scanner Log
 
Farbar Service Scanner Version: 03-03-2013
Ran by Kyle (administrator) on 27-03-2013 at 12:30:18
Running from "C:\Users\Kyle\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Destination is offline
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
Awdcleaner Log
 
# AdwCleaner v2.115 - Logfile created 03/27/2013 at 12:31:31
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Kyle - KGS-PC
# Boot Mode : Normal
# Running from : C:\Users\Kyle\Desktop\AdwCleaner (1).exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16470
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v19.0.2 (en-US)
 
File : C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\b6r0dnfu.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v25.0.1364.172
 
File : C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [20173 octets] - [25/03/2013 22:27:36]
AdwCleaner[R2].txt - [6978 octets] - [27/03/2013 05:02:44]
AdwCleaner[R3].txt - [1177 octets] - [27/03/2013 12:31:13]
AdwCleaner[S1].txt - [316 octets] - [25/03/2013 22:28:03]
AdwCleaner[S2].txt - [7154 octets] - [27/03/2013 05:03:30]
AdwCleaner[S3].txt - [1109 octets] - [27/03/2013 12:31:31]
 
########## EOF - C:\AdwCleaner[S3].txt - [1169 octets] ##########
 
 
AutoRuns Log
 
"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "IntelliPoint" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe"
+ "ISW" "ZoneAlarm Browser Security" "Check Point Software Technologies" "c:\program files\checkpoint\zaforcefield\forcefield.exe"
+ "itype" "IType.exe" "Microsoft Corporation" "c:\program files\microsoft intellitype pro\itype.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "AdobeCS5.5ServiceManager" "Adobe CS5.5 Service Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\cs5.5servicemanager\cs5.5servicemanager.exe"
+ "AMD AVT" "" "" "File not found: AMD Accelerated Video Transcoding device initialization"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "AVG_UI" "AVG User Interface" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgui.exe"
+ "ConnectionCenter" "Citrix Connection Center" "Citrix Systems, Inc." "c:\program files (x86)\citrix\ica client\concentr.exe"
+ "ContentTransferWMDetector.exe" "Content Transfer Walkman Detector" "Sony Corporation" "c:\program files (x86)\sony\content transfer\contenttransferwmdetector.exe"
+ "DivXUpdate" "DivX Update" "" "c:\program files (x86)\divx\divx update\divxupdate.exe"
+ "F5D8055v2" "BelkinDetectUI" "" "c:\program files (x86)\belkin\f5d8055\v2\hiddenui\belkindetectui.exe"
+ "HP Software Update" "hpwuSchd Application" "Hewlett-Packard" "c:\program files (x86)\hp\hp software update\hpwuschd2.exe"
+ "hpqSRMon" "HpqSRmon" "Hewlett-Packard" "c:\program files (x86)\hp\digital imaging\bin\hpqsrmon.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "SwitchBoard" "SwitchBoard Server (32 bit)" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\switchboard\switchboard.exe"
+ "TkBellExe" "RealNetworks Scheduler" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\update\realsched.exe"
+ "ZoneAlarm" "ZoneAlarm" "Check Point Software Technologies LTD" "c:\program files (x86)\checkpoint\zonealarm\zatray.exe"
"C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Serviio.lnk" "" "" "c:\program files\serviio\bin\serviioconsole.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Google Update" "Google Installer" "Google Inc." "c:\users\kyle\appdata\local\google\update\googleupdate.exe"
+ "ROC_ROC_JAN2013_AV" "" "" "c:\users\kyle\appdata\roaming\avg january 2013 campaign\roc_jan2013_av.exe"
+ "Sidebar" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgsea.dll"
+ "PowerISO" "PowerISOShell DLL" "PowerISO Computing, Inc." "c:\program files (x86)\poweriso\pwrisosh.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgse.dll"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "PowerISO" "PowerISOShell DLL" "PowerISO Computing, Inc." "c:\program files (x86)\poweriso\pwrisosh.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgsea.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "PowerISO" "PowerISOShell DLL" "PowerISO Computing, Inc." "c:\program files (x86)\poweriso\pwrisosh.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgse.dll"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
+ "ZoneAlarm Security Engine Registrar" "ZoneAlarm Browser Security" "Check Point Software Technologies" "c:\program files\checkpoint\zaforcefield\trustchecker\bin\trustcheckerieplugin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "DivX Plus Web Player HTML5 <video>" "DivX Plus Web Player HTML5 <video> version 2.1.2.145" "DivX, LLC" "c:\program files (x86)\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll"
+ "HP Print Enhancer" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll"
+ "HP Smart BHO Class" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "Lexmark Printable Web" "" "" "c:\program files\lexmark printable web\bho.dll"
+ "RealNetworks Download and Record Plugin for Internet Explorer" "RealPlayer Download and Record Plugin" "RealDownloader" "c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll"
+ "ZoneAlarm Security Engine Registrar" "ZoneAlarm Browser Security" "Check Point Software Technologies" "c:\program files\checkpoint\zaforcefield\wow64\trustchecker\bin\trustcheckerieplugin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "ZoneAlarm Security Engine" "ZoneAlarm Browser Security" "Check Point Software Technologies" "c:\program files\checkpoint\zaforcefield\trustchecker\bin\trustcheckerieplugin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "ZoneAlarm Security Engine" "ZoneAlarm Browser Security" "Check Point Software Technologies" "c:\program files\checkpoint\zaforcefield\wow64\trustchecker\bin\trustcheckerieplugin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Show or hide HP Smart Web Printing" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll"
"Task Scheduler" "" "" ""
+ "\AdobeAAMUpdater-1.0-KGS-PC-Kyle" "Adobe Updater Startup Utility" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe"
+ "\Apple\AppleSoftwareUpdate" "" "" "File not found: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe"
+ "\ASUS\ASUS SIX Engine" "" "ASUSTeK Computer Inc." "c:\program files (x86)\asus\epu-4 engine\fourengine.exe"
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-3738431208-332088571-326742816-1000Core" "Google Installer" "Google Inc." "c:\users\kyle\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-3738431208-332088571-326742816-1000UA" "Google Installer" "Google Inc." "c:\users\kyle\appdata\local\google\update\googleupdate.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Microsoft_Hardware_Launch_IPoint_exe" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe"
+ "\Microsoft_Hardware_Launch_IType_exe" "IType.exe" "Microsoft Corporation" "c:\program files\microsoft intellitype pro\itype.exe"
+ "\NCH Software\DoxillionDowngrade" "Doxillion Document Converter" "NCH Software" "c:\program files (x86)\nch software\doxillion\doxillion.exe"
+ "\RealPlayerRealUpgradeLogonTaskS-1-5-21-3738431208-332088571-326742816-1000" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files (x86)\real\realupgrade\realupgrade.exe"
+ "\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3738431208-332088571-326742816-1000" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files (x86)\real\realupgrade\realupgrade.exe"
+ "\ReclaimerInstall_Kyle" "RealNetworks Installer" "RealNetworks, Inc." "c:\users\kyle\appdata\roaming\real\update\upgradehelper\realplayer\10.40\agent\rnupgagent.exe"
+ "\{1D189E66-3563-4BCD-BA0E-4DCA8D89B59E}" "" "" "File not found: C:\Program Files (x86)\Skype\Phone\Skype.exe"
+ "\{22C5FFB2-C42B-4F63-AE09-382FD8059869}" "" "" "File not found: C:\Sierra\Blue-Shift\bshift.exe"
+ "\{2384E4A2-1B0C-4D29-9CA0-04CE391C6AC6}" "" "" "File not found: C:\Program Files (x86)\Skype\Phone\Skype.exe"
+ "\{C5EAB7A0-8738-4733-A784-17607F5C786A}" "Firefox" "Mozilla Corporation" "c:\program files (x86)\mozilla firefox\firefox.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "AMD FUEL Service" "Provides FUEL Functionality" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgwdsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "hpqcxs08" "HP CUE Context Manager Objects" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll"
+ "hpqddsvc" "This service detects and monitors CUE devices on the system." "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "IswSvc" "ZoneAlarm Browser Security" "Check Point Software Technologies" "c:\program files\checkpoint\zaforcefield\iswsvc.exe"
+ "LVPrcS64" "Injector service" "Logitech Inc." "c:\program files\common files\logishrd\lvmvfm\lvprcsrv.exe"
+ "lxea_device" "Printer Communication System" " " "c:\windows\system32\lxeacoms.exe"
+ "lxeaCATSCustConnectService" "Lexmark Connect Service Executable" "Lexmark International, Inc." "c:\windows\system32\spool\drivers\x64\3\lxeaserv.exe"
+ "MIDISPORTAudioDevMon" "Manages device settings and hot plugging for M-Audio MIDISPORT devices." "M-Audio" "c:\program files (x86)\m-audio\midisport\audiodevmon.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "RealNetworks Downloader Resolver Service" "Manage different Downloader versions in RealNetworks' products." "" "c:\program files (x86)\realnetworks\realdownloader\rndlresolversvc.exe"
+ "Serviio" "Serviio DLNA Media Server" "" "c:\program files\serviio\bin\serviioservice.exe"
+ "Steam Client Service" "Steam Client Service monitors and updates Steam content" "Valve Corporation" "c:\program files (x86)\common files\steam\steamservice.exe"
+ "SwitchBoard" "Adobe SwitchBoard" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\switchboard\switchboard.exe"
+ "TVersityMediaServer" "The Windows service of the TVersity Media Server software." "" "c:\programdata\tversity\media server\mediaserver.exe"
+ "vsmon" "Monitors internet traffic and generates alerts for disallowed access." "Check Point Software Technologies LTD" "c:\program files (x86)\checkpoint\zonealarm\vsmon.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdiox64" "AMD IO Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdiox64.sys"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "AODDriver4.1" "AMD OverDrive Service Driver" "Advanced Micro Devices" "c:\program files\ati technologies\ati.ace\fuel\amd64\aoddriver2.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "AsIO" "" "" "c:\windows\syswow64\drivers\asio.sys"
+ "ASPI" "" "" "File not found: C:\Windows\System32\DRIVERS\ASPI32.sys"
+ "AtiHDAudioService" "AMD High Definition Audio Function Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\atihdw76.sys"
+ "AtiHdmiService" "ATI High Definition Audio Function Driver" "ATI Technologies, Inc." "c:\windows\system32\drivers\atihdmi.sys"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "AtiPcie" "AMD PCIE Filter Driver for ATI PCIE chipset" "Advanced Micro Devices Inc." "c:\windows\system32\drivers\atipcie.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgidsdrivera.sys"
+ "AVGIDSHA" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgidsha.sys"
+ "Avgldx64" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx64.sys"
+ "Avgloga" "AVG Logging Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgloga.sys"
+ "Avgmfx64" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx64.sys"
+ "Avgrkx64" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx64.sys"
+ "Avgtdia" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdia.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "catchme" "" "" "File not found: C:\ComboFix\catchme.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ctxusbm" "Citrix USB Filter Driver" "Citrix Systems, Inc." "c:\windows\system32\drivers\ctxusbm.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "ISWKL" "ZoneAlarm Browser Security" "Check Point Software Technologies" "c:\program files\checkpoint\zaforcefield\iswkl.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "LVPr2M64" "Logitech LVPr2M64 Driver" "Logitech Inc." "c:\windows\system32\drivers\lvpr2m64.sys"
+ "LVPr2Mon" "Logitech LVPr2M64 Driver" "Logitech Inc." "c:\windows\system32\drivers\lvpr2m64.sys"
+ "LVUVC64" "Logitech USB Video Class Driver" "Logitech Inc." "c:\windows\system32\drivers\lvuvc64.sys"
+ "MADFUMIDISPORT2010" "M-Audio WDM DFU Driver" "M-Audio" "c:\windows\system32\drivers\maudiomidisport_dfu.sys"
+ "ManyCam" "ManyCam Virtual Webcam, WDM Video Capture Driver" "ManyCam LLC." "c:\windows\system32\drivers\manycam_x64.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "MTsensor" "ATK0110 ACPI Utility" "" "c:\windows\system32\drivers\asacpi.sys"
+ "netr28ux" "Ralink 802.11n Wireless Adapter Driver" "Ralink Technology Corp." "c:\windows\system32\drivers\netr28ux.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver                " "Realtek                                            " "c:\windows\system32\drivers\rt64win7.sys"
+ "RTL8192su" "Realtek RTL8192S USB NDIS Driver" "Realtek Semiconductor Corporation                           " "c:\windows\system32\drivers\rtl8192su.sys"
+ "SbFw" "Sunbelt Personal Firewall driver" "Sunbelt Software, Inc." "c:\windows\system32\drivers\sbfw.sys"
+ "SBFWIMCL" "Sunbelt Personal Firewall NDIS Intermediate driver" "Sunbelt Software, Inc." "c:\windows\system32\drivers\sbfwim.sys"
+ "SBFWIMCLMP" "Sunbelt Personal Firewall NDIS Intermediate driver" "Sunbelt Software, Inc." "c:\windows\system32\drivers\sbfwim.sys"
+ "sbhips" "Legacy Host Intrusion Prevention System Driver" "Sunbelt Software, Inc." "c:\windows\system32\drivers\sbhips.sys"
+ "SBRE" "" "" "File not found: C:\Windows\system32\drivers\SBREdrv.sys"
+ "SbTis" "Sunbelt TDI Inspection System" "Sunbelt Software, Inc." "c:\windows\system32\drivers\sbtis.sys"
+ "SCDEmu" "PowerISO Virtual Drive" "PowerISO Computing, Inc." "c:\windows\system32\drivers\scdemu.sys"
+ "ScreamBAudioSvc" "Screaming Bee Audio Driver" "Screaming Bee LLC" "c:\windows\system32\drivers\screamingbaudio64.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "speedfan" "SpeedFan Device Driver" "Windows ® Server 2003 DDK provider" "c:\windows\syswow64\speedfan.sys"
+ "stexstor" "Promise  SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "tbhsd" "Tunebite High-Speed Dubbing" "RapidSolution Software AG" "c:\windows\system32\drivers\tbhsd.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "Vsdatant" "Zone Alarm Firewall Driver" "Check Point Software Technologies LTD" "c:\windows\system32\drivers\vsdatant.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.i420" "Video Codec" "Logitech Inc." "c:\windows\system32\lvcod64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "msacm.vorbis" "Ogg Vorbis CODEC for MSACM" "HMS http://hp.vector.co.jp/authors/VA012897/" "c:\windows\syswow64\vorbis.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\syswow64\divx.dll"
+ "VIDC.FFDS" "" "" "c:\windows\syswow64\ff_vfw.dll"
+ "vidc.i420" "Video Codec" "Logitech Inc." "c:\windows\syswow64\lvcodec2.dll"
+ "VIDC.IV31" "" "Intel® Corporation" "c:\windows\syswow64\ir32_32.dll"
+ "VIDC.IV32" "" "Intel® Corporation" "c:\windows\syswow64\ir32_32.dll"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\syswow64\ir50_32.dll"
+ "vidc.yv12" "DivX" "DivX, Inc." "c:\windows\syswow64\divx.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "IL FL Studio DXi" "" "Image-Line" "c:\program files (x86)\image-line\fl studio 10\system\plugin\dxi\fl studio dxi.dll"
+ "IL Multi FL Studio DXi" "" "Image-Line" "c:\program files (x86)\image-line\fl studio 10\system\plugin\dxi\fl studio dxi (multi).dll"
+ "NI Massive" "Massive" "Native Instruments GmbH" "c:\program files (x86)\native instruments\massive\dxi\massivedxi.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "AMD MJPEG Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Audio Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG File Writer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Multiplexer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Video Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Video Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI Video Rotation Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI Video Scaler Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "AMD MJPEG Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Audio Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG File Writer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Multiplexer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Video Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Video Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI Ticker" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "ATI Video Rotation Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI Video Scaler Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files (x86)\google\google earth\client\wavdest.ax"
+ "DirectVobSub" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files (x86)\common files\common share\filters\vsfilter.dll"
+ "DirectVobSub (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files (x86)\common files\common share\filters\vsfilter.dll"
+ "DivX AAC Decoder" "AAC audio decoder filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\daac.ax"
+ "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "c:\program files (x86)\divx\divx codec\divxdec.ax"
+ "DivX Demux Filter" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX Demux Filter (Unrestricted Edition)" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX H.264 Decoder" "DivX H.264 Decoder Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\divxdech264.ax"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\common files\common share\filters\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\common files\common share\filters\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\common files\common share\filters\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\common files\common share\filters\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\common files\common share\filters\ffdshow\ffdshow.ax"
+ "FLAC Audio Decoder" "FLAC Audio Filter" "-" "c:\program files (x86)\common files\common share\codecs\flac.ax"
+ "FLAC Audio Filter" "FLAC Audio Filter" "-" "c:\program files (x86)\common files\common share\codecs\flac.ax"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files (x86)\common files\common share\filters\haali\splitter.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files (x86)\common files\common share\filters\haali\splitter.ax"
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files (x86)\common files\common share\filters\haali\splitter.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files (x86)\common files\common share\filters\haali\splitter.ax"
+ "Haali Video Renderer" "" "" "c:\program files (x86)\common files\common share\filters\haali\dxr.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files (x86)\common files\common share\filters\haali\splitter.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\syswow64\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\syswow64\ir50_32.dll"
+ "MMACE Deinterlace" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MP4 Source" "MP4 Splitter" "Gabest" "c:\program files (x86)\tversity codec pack\mp4splitter.ax"
+ "MP4 Splitter" "MP4 Splitter" "Gabest" "c:\program files (x86)\tversity codec pack\mp4splitter.ax"
+ "Mpa Source" "Mpa Splitter" "Gabest" "c:\program files (x86)\tversity codec pack\mpasplitter.ax"
+ "Mpa Splitter" "Mpa Splitter" "Gabest" "c:\program files (x86)\tversity codec pack\mpasplitter.ax"
+ "MPC - FLV Source (Gabest)" "FLV Splitter" "Gabest" "c:\program files (x86)\common files\common share\filters\flvsplitter.ax"
+ "MPC - FLV Splitter (Gabest)" "FLV Splitter" "Gabest" "c:\program files (x86)\common files\common share\filters\flvsplitter.ax"
+ "MPC - MPEG-2 Video Decoder (Gabest)" "MPEG-2 Decoder Filter for DirectShow" "Gabest" "c:\program files (x86)\common files\common share\filters\mpeg2decfilter.ax"
+ "Mpeg Source" "Mpeg Splitter" "Gabest" "c:\program files (x86)\tversity codec pack\mpegsplitter.ax"
+ "Mpeg Splitter" "Mpeg Splitter" "Gabest" "c:\program files (x86)\tversity codec pack\mpegsplitter.ax"
+ "MPEG4 Video Source" "MP4 Splitter" "Gabest" "c:\program files (x86)\tversity codec pack\mp4splitter.ax"
+ "MPEG4 Video Splitter" "MP4 Splitter" "Gabest" "c:\program files (x86)\tversity codec pack\mp4splitter.ax"
+ "QTSrc" "" "" "c:\windows\syswow64\aveqt.dll"
+ "RealAudio Decoder" "" "" "c:\windows\syswow64\averm.dll"
+ "RealMedia Source" "" "" "c:\windows\syswow64\averm.dll"
+ "RealMedia Splitter" "" "" "c:\windows\syswow64\averm.dll"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "RealPlayer Mp3 Transform Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "RealPlayer MPEG4 Transform Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "RealVideo Decoder" "" "" "c:\windows\syswow64\averm.dll"
+ "Sony ATRAC3/3plus Decode Filter" "Sony ATRAC3/3plus Decode Filter" "Sony Corporation" "c:\windows\syswow64\atxdec.ax"
+ "Sony ATRAC3/3plus Parse Filter" "Sony ATRAC3/3plus Parse Filter" "Sony Corporation" "c:\windows\syswow64\atxparser.ax"
+ "SonyMp4AacDecoder" "SonyMp4AacDecoder" "sony" "c:\program files (x86)\sony\content transfer\sonymp4aacdecoder.ax"
+ "Video Memory Render Filter" "" "" "c:\program files (x86)\image-line\fl studio 10\plugins\fruity\effects\zgameeditor visualizer\videomemoryrenderfilter.ax"
+ "WavPack Audio Decoder" "WavPack Audio DirectShow Decoder" "-" "c:\program files (x86)\common files\common share\filters\wavpackdsdecoder.ax"
+ "WavPack Audio Splitter" "WavPack Audio DirectShow Splitter" "-" "c:\program files (x86)\common files\common share\filters\wavpackdssplitter.ax"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll" "Citrix Reverse Seamless Hook DLL" "Citrix Systems, Inc." "c:\program files (x86)\citrix\ica client\rshook.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "BJ Language Monitor4" "Canon Inkjet Printer Driver" "CANON INC." "c:\windows\system32\cnblm4.dll"
+ "PCL hpz3lw71" "LanguageMonitor" "Hewlett-Packard Corporation" "c:\windows\system32\hpz3lw71.dll"
+ "S300-S400 Series Port" "Printer Communication System" " " "c:\windows\system32\lxealmpm.dll"
"C:\Users\Kyle\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Clock" "Watch the clock in your own time zone or any city in the world." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\Gadget.xml"
+ "Weather" "See what the weather looks like around the world." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\Gadget.xml"


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:48 PM

Posted 27 March 2013 - 08:45 PM

Try to run malwarebytes now.Quick scan is enough.


Edited by narenxp, 27 March 2013 - 10:18 PM.


#9 GhostofPacman

GhostofPacman
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 27 March 2013 - 10:14 PM

MiniToolBox by Farbar  Version:05-03-2013
Ran by Kyle (administrator) on 27-03-2013 at 20:13:19
Running from "C:\Users\Kyle\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================
 
#       ::1             localhost
 
 
**** End of log ****
 
 
 
Still no luck with Malwarebytes.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:48 PM

Posted 27 March 2013 - 10:19 PM

Reinstall malwarebytes and try.If that doesnt work,configure a clean boot using this guide

 

http://support.microsoft.com/kb/929135

 

Restart the PC and try to run malwarebytes



#11 GhostofPacman

GhostofPacman
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 27 March 2013 - 11:10 PM

Finally success with Malwarebytes after the clean boot, here is the log.

 

 

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.03.28.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kyle :: KGS-PC [administrator]
 
3/27/2013 8:53:43 PM
mbam-log-2013-03-27 (20-53-43).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238426
Time elapsed: 3 minute(s), 15 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:48 PM

Posted 27 March 2013 - 11:15 PM

Change the msconfig startup type to normal startup ,restart the PC and try to run malwarebytes now.If it still freezes,go to

 

http://support.microsoft.com/kb/929135

 

Follow the steps under How to determine what is causing the problem by performing a clean boot.

 

This should help you find the exact entry that is causing malwarebytes to freeze.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users