Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i am infected plz help


  • Please log in to reply
5 replies to this topic

#1 dockami

dockami

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 10 June 2013 - 01:35 PM

my browser is acting all weird it shuts down when i click on it also a black screen appears every now and then .also a back software pops in my g drive every so often 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:00 AM

Posted 10 June 2013 - 07:18 PM

Hello dokami,
Can you run these next.

If needed to complete the scans use Safe Mode with Networking as a boot option.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 dockami

dockami
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 13 June 2013 - 11:53 AM

MiniToolBox by Farbar  Version:21-04-2013
Ran by kami (administrator) on 12-06-2013 at 23:02:09
Running from "C:\Users\kami\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=192.168.33.1 publish=Yes
add address name="Local Area Connection" address=192.168.33.165 mask=255.255.255.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : kami-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : clearos.lan
 
Ethernet adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : GoTrusted-x64 Adapter
   Physical Address. . . . . . . . . : 00-FF-30-74-60-AC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 2A-E4-00-D7-CF-76
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : 78-E4-00-D7-CF-76
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : clearos.lan
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : C8-0A-A9-8F-78-7A
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::28bb:18e0:410b:4f49%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.33.165(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.33.1
   DNS Servers . . . . . . . . . . . : 192.168.33.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{396FA8F7-4E84-4963-822B-50208591561D}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.clearos.lan:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : clearos.lan
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{6C4C2394-441B-4F9E-BFA6-A1358EEA6F75}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:2b:3603:3f57:de5a(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::2b:3603:3f57:de5a%13(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{307460AC-2940-4127-832C-4F89CAB17CFC}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  system.clearos.lan
Address:  192.168.33.1
 
Name:    google.com
Addresses:  2a00:1450:4001:808::100e
 173.194.113.14
 173.194.113.2
 173.194.113.8
 173.194.113.5
 173.194.113.9
 173.194.113.0
 173.194.113.4
 173.194.113.6
 173.194.113.3
 173.194.113.7
 173.194.113.1
 
 
Pinging google.com [173.194.113.1] with 32 bytes of data:
Reply from 173.194.113.1: bytes=32 time=157ms TTL=49
Reply from 173.194.113.1: bytes=32 time=175ms TTL=49
 
Ping statistics for 173.194.113.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 157ms, Maximum = 175ms, Average = 166ms
Server:  system.clearos.lan
Address:  192.168.33.1
 
Name:    yahoo.com
Addresses:  98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=715ms TTL=47
Reply from 98.139.183.24: bytes=32 time=986ms TTL=47
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 715ms, Maximum = 986ms, Average = 850ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 27...00 ff 30 74 60 ac ......GoTrusted-x64 Adapter
 17...2a e4 00 d7 cf 76 ......Microsoft Virtual WiFi Miniport Adapter
 12...78 e4 00 d7 cf 76 ......Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter
 10...c8 0a a9 8f 78 7a ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 31...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.33.1   192.168.33.165    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     192.168.33.0    255.255.255.0         On-link    192.168.33.165    276
   192.168.33.165  255.255.255.255         On-link    192.168.33.165    276
   192.168.33.255  255.255.255.255         On-link    192.168.33.165    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    192.168.33.165    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    192.168.33.165    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0     192.168.33.1  Default 
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:9d38:953c:2b:3603:3f57:de5a/128
                                    On-link
 10    276 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::2b:3603:3f57:de5a/128
                                    On-link
 10    276 fe80::28bb:18e0:410b:4f49/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
x64-Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
x64-Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
x64-Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
x64-Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
x64-Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
x64-Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
x64-Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 16 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 17 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 18 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 19 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 20 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/12/2013 00:34:45 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (06/11/2013 06:55:06 AM) (Source: Google Update) (User: kami-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (06/10/2013 09:55:05 PM) (Source: Google Update) (User: kami-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (06/10/2013 06:55:05 PM) (Source: Google Update) (User: kami-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (06/10/2013 03:55:05 PM) (Source: Google Update) (User: kami-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (06/10/2013 00:55:05 PM) (Source: Google Update) (User: kami-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (06/10/2013 09:55:05 AM) (Source: Google Update) (User: kami-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (06/10/2013 00:55:05 AM) (Source: Google Update) (User: kami-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (06/09/2013 09:55:07 PM) (Source: Google Update) (User: kami-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (06/09/2013 06:55:06 PM) (Source: Google Update) (User: kami-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
 
System errors:
=============
Error: (06/12/2013 10:27:30 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends the following service: Dhcp. This service might not be installed.
 
Error: (06/12/2013 09:04:24 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends the following service: Dhcp. This service might not be installed.
 
Error: (06/12/2013 07:46:32 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends the following service: Dhcp. This service might not be installed.
 
Error: (06/12/2013 07:46:29 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends the following service: Dhcp. This service might not be installed.
 
Error: (06/12/2013 07:39:12 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends the following service: Dhcp. This service might not be installed.
 
Error: (06/12/2013 06:11:06 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends the following service: Dhcp. This service might not be installed.
 
Error: (06/12/2013 05:00:58 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends the following service: Dhcp. This service might not be installed.
 
Error: (06/12/2013 03:12:52 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends the following service: Dhcp. This service might not be installed.
 
Error: (06/12/2013 03:03:57 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer ABC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{19DE482C-2104-4D0D-A9CC-74000E07C124}.
The master browser is stopping or an election is being forced.
 
Error: (06/12/2013 01:52:21 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends the following service: Dhcp. This service might not be installed.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-06-11 00:00:38.634
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-11 00:00:38.394
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
 Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.0.0)
Adobe AIR (Version: 3.7.0.1530)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.169)
Adobe Flash Player 11 Plugin (Version: 11.7.700.169)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader XI (Version: 11.0.00)
Adobe Shockwave Player (Version: 11.5.1.601)
Ask Toolbar (Version: 1.15.26.0)
Atheros Driver Installation Program (Version: 5.0)
Avira Free Antivirus (Version: 13.0.0.3640)
Avira SearchFree Toolbar plus Web Protection Updater (Version: 1.2.6.45268)
Bing Rewards Client Installer (Version: 16.0.345.0)
BitComet 1.35 (Version: 1.35)
Broadband (Version: 16.001.06.00.172)
BufferChm (Version: 130.0.331.000)
Catalyst Control Center InstallProxy (Version: 2010.0416.541.8279)
CRULP Urdu Phonetic v1.1 (Version: 1.0.3.40)
CUE CLUB
CyberLink DVD Suite (Version: 7.0.2527)
D3DX10 (Version: 15.4.2368.0902)
D4100 (Version: 130.0.365.000)
D4100_Help (Version: 82.0.233.000)
DeviceDiscovery (Version: 130.0.465.000)
DicomWorks 1.3.5b
ESU for Microsoft Windows 7 (Version: 1.0.0)
EVDO BROADBAND PTCL
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Freemake Video Downloader (Version: 3.0.1)
Google Chrome (Version: 27.0.1453.110)
Google Drive (Version: 1.9.4536.8202)
Google Earth Plug-in (Version: 7.0.3.8542)
Google Talk (remove only)
Google Talk Plugin (Version: 4.0.1.13525)
Google Update Helper (Version: 1.3.21.145)
GPBaseService2 (Version: 130.0.371.000)
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.0.3.1)
HP Advisor (Version: 3.4.10262.3295)
HP Color LaserJet 2600 series
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Deskjet & Photosmart Printer Driver Software 13.0 Rel. A (Version: 13.0)
HP Deskjet 1050 J410 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 1050 J410 series Help (Version: 140.0.66.66)
HP Deskjet 1050 J410 series Product Improvement Study (Version: 22.50.231.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP MediaSmart Photo (Version: 4.0.3911)
HP MediaSmart SmartMenu (Version: 3.1.1.12)
HP MediaSmart Video (Version: 4.0.3911)
HP MediaSmart Webcam (Version: 4.0.2511)
HP Photo Creations (Version: 1.0.0.3781)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Power Plan Utility (Version: 1.0.6)
HP Quick Launch (Version: 2.4.4)
HP QuickWeb Installer (Version: 1.2.12.0)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Software Framework (Version: 4.1.6.1)
HP Solution Center 13.0 (Version: 13.0)
HP Support Assistant (Version: 7.0.39.15)
HP Update (Version: 5.005.000.002)
HP User Guides 0193 (Version: 1.01.0001)
HP Wireless Assistant (Version: 4.0.4.2)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
IDT Audio (Version: 1.0.6269.0)
Itibiti RTC (Version: 0.0.1)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
LabelPrint (Version: 2.5.2515)
LightScribe System Software (Version: 1.18.11.1)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729)
Microsoft Works (Version: 9.7.0621)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
MpcStar 5.4 (Version: 5.4)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
PDF Settings CS5 (Version: 10.0)
PhotoNow! (Version: 1.1.6904)
Power2Go (Version: 6.1.3715)
PowerDirector (Version: 8.0.2514)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.11.1127.2009)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30113)
Recovery Manager (Version: 5.5.2512)
SF_CDA_ProductContext (Version: 130.0.365.000)
SF_CDA_Software (Version: 130.0.396.000)
Shop for HP Supplies (Version: 13.0)
Skype Click to Call (Version: 5.9.9216)
Skype™ 6.0 (Version: 6.0.126)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
SPSS 16.0 (Version: 16.0.0)
Status (Version: 130.0.469.000)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.3.29.0)
Toolbox (Version: 130.0.648.000)
Total Video Converter 3.71 100812
TrayApp (Version: 130.0.422.000)
UnloadSupport (Version: 11.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB Disk Security
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
WebReg (Version: 130.0.132.017)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
WinWrap Basic v9.1 (x86) Utility (Version: 1.0.0)
WOT for Internet Explorer (Version: 11.11.7.0)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 52%
Total physical RAM: 3834.9 MB
Available physical RAM: 1840.47 MB
Total Pagefile: 7667.99 MB
Available Pagefile: 5505.18 MB
Total Virtual: 4095.88 MB
Available Virtual: 3959.97 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:226.53 GB) (Free:138.73 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:21.51 GB) (Free:3.13 GB) NTFS
4 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
5 Drive g: (My Disc) (Fixed) (Total:217.43 GB) (Free:101.07 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\KAMI-PC
 
Administrator            Guest                    kami                     
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
02-06-2013 14:00:03 Windows Backup
04-06-2013 23:31:27 Windows Update
09-06-2013 14:00:05 Windows Backup
10-06-2013 20:37:30 avast! Free Antivirus Setup
 
**** End of log ****
 
 
 
 
 
23:03:12.0058 10708  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:03:12.0925 10708  ============================================================
23:03:12.0925 10708  Current date / time: 2013/06/12 23:03:12.0925
23:03:12.0925 10708  SystemInfo:
23:03:12.0925 10708  
23:03:12.0926 10708  OS Version: 6.1.7601 ServicePack: 1.0
23:03:12.0926 10708  Product type: Workstation
23:03:12.0926 10708  ComputerName: KAMI-PC
23:03:12.0926 10708  UserName: kami
23:03:12.0926 10708  Windows directory: C:\Windows
23:03:12.0926 10708  System windows directory: C:\Windows
23:03:12.0926 10708  Running under WOW64
23:03:12.0926 10708  Processor architecture: Intel x64
23:03:12.0926 10708  Number of processors: 2
23:03:12.0926 10708  Page size: 0x1000
23:03:12.0926 10708  Boot type: Normal boot
23:03:12.0926 10708  ============================================================
23:03:14.0782 10708  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:03:14.0793 10708  ============================================================
23:03:14.0794 10708  \Device\Harddisk0\DR0:
23:03:14.0794 10708  MBR partitions:
23:03:14.0794 10708  Initialize success
23:03:14.0794 10708  ============================================================
23:03:33.0273 8852  ============================================================
23:03:33.0273 8852  Scan started
23:03:33.0273 8852  Mode: Manual; TDLFS; 
23:03:33.0274 8852  ============================================================
23:03:33.0323 8852  ================ Scan system memory ========================
23:03:33.0323 8852  System memory - ok
23:03:33.0324 8852  ================ Scan services =============================
23:03:33.0363 8852  1394ohci - ok
23:03:33.0378 8852  Accelerometer - ok
23:03:33.0388 8852  ACPI - ok
23:03:33.0397 8852  AcpiPmi - ok
23:03:33.0424 8852  AdobeARMservice - ok
23:03:33.0436 8852  AdobeFlashPlayerUpdateSvc - ok
23:03:33.0447 8852  adp94xx - ok
23:03:33.0452 8852  adpahci - ok
23:03:33.0457 8852  adpu320 - ok
23:03:33.0466 8852  AeLookupSvc - ok
23:03:33.0479 8852  AESTFilters - ok
23:03:33.0496 8852  AFD - ok
23:03:33.0501 8852  agp440 - ok
23:03:33.0516 8852  ALG - ok
23:03:33.0534 8852  aliide - ok
23:03:33.0559 8852  AMD External Events Utility - ok
23:03:33.0565 8852  amdide - ok
23:03:33.0576 8852  amdiox64 - ok
23:03:33.0583 8852  AmdK8 - ok
23:03:33.0600 8852  amdkmdag - ok
23:03:33.0608 8852  amdkmdap - ok
23:03:33.0618 8852  AmdPPM - ok
23:03:33.0633 8852  amdsata - ok
23:03:33.0639 8852  amdsbs - ok
23:03:33.0646 8852  amdxata - ok
23:03:33.0683 8852  AntiVirSchedulerService - ok
23:03:33.0704 8852  AntiVirService - ok
23:03:33.0710 8852  AntiVirWebService - ok
23:03:33.0721 8852  AODDriver4.01 - ok
23:03:33.0737 8852  AppID - ok
23:03:33.0746 8852  AppIDSvc - ok
23:03:33.0751 8852  Appinfo - ok
23:03:33.0776 8852  arc - ok
23:03:33.0782 8852  arcsas - ok
23:03:33.0816 8852  AsyncMac - ok
23:03:33.0822 8852  atapi - ok
23:03:33.0829 8852  athr - ok
23:03:33.0850 8852  AtiHDAudioService - ok
23:03:33.0859 8852  AtiHdmiService - ok
23:03:33.0868 8852  AtiPcie - ok
23:03:33.0884 8852  AudioEndpointBuilder - ok
23:03:33.0888 8852  AudioSrv - ok
23:03:33.0933 8852  avgntflt - ok
23:03:33.0950 8852  avipbb - ok
23:03:33.0955 8852  avkmgr - ok
23:03:33.0973 8852  AxInstSV - ok
23:03:33.0978 8852  b06bdrv - ok
23:03:33.0993 8852  b57nd60a - ok
23:03:34.0002 8852  BDESVC - ok
23:03:34.0008 8852  Beep - ok
23:03:34.0023 8852  BFE - ok
23:03:34.0050 8852  BITCOMET_HELPER_SERVICE - ok
23:03:34.0056 8852  BITS - ok
23:03:34.0063 8852  blbdrive - ok
23:03:34.0078 8852  bowser - ok
23:03:34.0088 8852  BrFiltLo - ok
23:03:34.0094 8852  BrFiltUp - ok
23:03:34.0154 8852  BridgeMP - ok
23:03:34.0164 8852  Browser - ok
23:03:34.0170 8852  Brserid - ok
23:03:34.0178 8852  BrSerWdm - ok
23:03:34.0186 8852  BrUsbMdm - ok
23:03:34.0192 8852  BrUsbSer - ok
23:03:34.0200 8852  BthAvrcp - ok
23:03:34.0216 8852  BthEnum - ok
23:03:34.0231 8852  BTHMODEM - ok
23:03:34.0243 8852  BthPan - ok
23:03:34.0259 8852  BTHPORT - ok
23:03:34.0271 8852  bthserv - ok
23:03:34.0292 8852  BTHUSB - ok
23:03:34.0339 8852  catchme - ok
23:03:34.0351 8852  cdfs - ok
23:03:34.0367 8852  cdrom - ok
23:03:34.0384 8852  CertPropSvc - ok
23:03:34.0403 8852  circlass - ok
23:03:34.0443 8852  CISVC - ok
23:03:34.0448 8852  CLFS - ok
23:03:34.0456 8852  clr_optimization_v2.0.50727_32 - ok
23:03:34.0461 8852  clr_optimization_v2.0.50727_64 - ok
23:03:34.0477 8852  clr_optimization_v4.0.30319_32 - ok
23:03:34.0483 8852  clr_optimization_v4.0.30319_64 - ok
23:03:34.0511 8852  CmBatt - ok
23:03:34.0516 8852  cmdide - ok
23:03:34.0523 8852  CNG - ok
23:03:34.0529 8852  Compbatt - ok
23:03:34.0540 8852  CompositeBus - ok
23:03:34.0549 8852  COMSysApp - ok
23:03:34.0609 8852  cpuz136 - ok
23:03:34.0622 8852  crcdisk - ok
23:03:34.0652 8852  CryptSvc - ok
23:03:34.0662 8852  DcomLaunch - ok
23:03:34.0668 8852  defragsvc - ok
23:03:34.0674 8852  DfsC - ok
23:03:34.0692 8852  discache - ok
23:03:34.0716 8852  Disk - ok
23:03:34.0722 8852  Dnscache - ok
23:03:34.0726 8852  dot3svc - ok
23:03:34.0732 8852  DPS - ok
23:03:34.0738 8852  drmkaud - ok
23:03:34.0748 8852  DVMIO - ok
23:03:34.0756 8852  DvmMDES - ok
23:03:34.0763 8852  DXGKrnl - ok
23:03:34.0769 8852  EapHost - ok
23:03:34.0776 8852  ebdrv - ok
23:03:34.0781 8852  EFS - ok
23:03:34.0796 8852  ehRecvr - ok
23:03:34.0801 8852  ehSched - ok
23:03:34.0811 8852  elxstor - ok
23:03:34.0817 8852  ErrDev - ok
23:03:34.0838 8852  EventSystem - ok
23:03:34.0849 8852  exfat - ok
23:03:34.0856 8852  fastfat - ok
23:03:34.0861 8852  Fax - ok
23:03:34.0869 8852  fdc - ok
23:03:34.0879 8852  fdPHost - ok
23:03:34.0886 8852  FDResPub - ok
23:03:34.0890 8852  FileInfo - ok
23:03:34.0899 8852  Filetrace - ok
23:03:34.0903 8852  flpydisk - ok
23:03:34.0909 8852  FltMgr - ok
23:03:34.0926 8852  FontCache - ok
23:03:34.0939 8852  FontCache3.0.0.0 - ok
23:03:34.0967 8852  Freemake Improver - ok
23:03:34.0984 8852  FreemakeVideoCapture - ok
23:03:34.0991 8852  FsDepends - ok
23:03:34.0996 8852  Fs_Rec - ok
23:03:35.0007 8852  fvevol - ok
23:03:35.0023 8852  gagp30kx - ok
23:03:35.0058 8852  getbus - ok
23:03:35.0064 8852  gpsvc - ok
23:03:35.0079 8852  gttap1 - ok
23:03:35.0104 8852  gupdate - ok
23:03:35.0120 8852  gupdatem - ok
23:03:35.0126 8852  hcw85cir - ok
23:03:35.0141 8852  HdAudAddService - ok
23:03:35.0146 8852  HDAudBus - ok
23:03:35.0152 8852  HidBatt - ok
23:03:35.0158 8852  HidBth - ok
23:03:35.0168 8852  HidIr - ok
23:03:35.0174 8852  hidserv - ok
23:03:35.0193 8852  HidUsb - ok
23:03:35.0199 8852  hkmsvc - ok
23:03:35.0204 8852  HomeGroupListener - ok
23:03:35.0226 8852  HP Wireless Assistant Service - ok
23:03:35.0262 8852  HPDrvMntSvc.exe - ok
23:03:35.0269 8852  hpdskflt - ok
23:03:35.0291 8852  hpqcxs08 - ok
23:03:35.0299 8852  hpqddsvc - ok
23:03:35.0307 8852  hpqwmiex - ok
23:03:35.0328 8852  HpSAMD - ok
23:03:35.0334 8852  hpsrv - ok
23:03:35.0343 8852  HTTP - ok
23:03:35.0352 8852  hwdatacard - ok
23:03:35.0358 8852  hwpolicy - ok
23:03:35.0366 8852  hwusbdev - ok
23:03:35.0383 8852  i8042prt - ok
23:03:35.0389 8852  iaStorV - ok
23:03:35.0416 8852  IDriverT - ok
23:03:35.0422 8852  idsvc - ok
23:03:35.0428 8852  igfx - ok
23:03:35.0442 8852  iirsp - ok
23:03:35.0447 8852  IKEEXT - ok
23:03:35.0458 8852  intelide - ok
23:03:35.0467 8852  intelppm - ok
23:03:35.0472 8852  IPBusEnum - ok
23:03:35.0477 8852  IpFilterDriver - ok
23:03:35.0486 8852  iphlpsvc - ok
23:03:35.0492 8852  IPMIDRV - ok
23:03:35.0498 8852  IPNAT - ok
23:03:35.0526 8852  IRENUM - ok
23:03:35.0543 8852  isapnp - ok
23:03:35.0548 8852  iScsiPrt - ok
23:03:35.0567 8852  kbdclass - ok
23:03:35.0573 8852  kbdhid - ok
23:03:35.0584 8852  KeyIso - ok
23:03:35.0590 8852  KSecDD - ok
23:03:35.0596 8852  KSecPkg - ok
23:03:35.0603 8852  ksthunk - ok
23:03:35.0610 8852  KtmRm - ok
23:03:35.0616 8852  LanmanServer - ok
23:03:35.0620 8852  LanmanWorkstation - ok
23:03:35.0630 8852  LightScribeService - ok
23:03:35.0641 8852  lltdio - ok
23:03:35.0651 8852  lltdsvc - ok
23:03:35.0658 8852  lmhosts - ok
23:03:35.0666 8852  LSI_FC - ok
23:03:35.0674 8852  LSI_SAS - ok
23:03:35.0682 8852  LSI_SAS2 - ok
23:03:35.0688 8852  LSI_SCSI - ok
23:03:35.0709 8852  luafv - ok
23:03:35.0719 8852  Mcx2Svc - ok
23:03:35.0724 8852  megasas - ok
23:03:35.0730 8852  MegaSR - ok
23:03:35.0741 8852  MMCSS - ok
23:03:35.0747 8852  Modem - ok
23:03:35.0753 8852  monitor - ok
23:03:35.0758 8852  mouclass - ok
23:03:35.0764 8852  mouhid - ok
23:03:35.0770 8852  mountmgr - ok
23:03:35.0776 8852  mpio - ok
23:03:35.0782 8852  mpsdrv - ok
23:03:35.0786 8852  MpsSvc - ok
23:03:35.0791 8852  MRxDAV - ok
23:03:35.0797 8852  mrxsmb - ok
23:03:35.0802 8852  mrxsmb10 - ok
23:03:35.0807 8852  mrxsmb20 - ok
23:03:35.0813 8852  msahci - ok
23:03:35.0819 8852  msdsm - ok
23:03:35.0825 8852  MSDTC - ok
23:03:35.0837 8852  Msfs - ok
23:03:35.0842 8852  mshidkmdf - ok
23:03:35.0848 8852  msisadrv - ok
23:03:35.0854 8852  MSiSCSI - ok
23:03:35.0859 8852  msiserver - ok
23:03:35.0865 8852  MSKSSRV - ok
23:03:35.0871 8852  MSPCLOCK - ok
23:03:35.0878 8852  MSPQM - ok
23:03:35.0883 8852  MsRPC - ok
23:03:35.0891 8852  mssmbios - ok
23:03:35.0898 8852  MSTEE - ok
23:03:35.0903 8852  MTConfig - ok
23:03:35.0916 8852  Mup - ok
23:03:35.0921 8852  napagent - ok
23:03:35.0927 8852  NativeWifiP - ok
23:03:35.0936 8852  NDIS - ok
23:03:35.0943 8852  NdisCap - ok
23:03:35.0948 8852  NdisTapi - ok
23:03:35.0956 8852  Ndisuio - ok
23:03:35.0962 8852  NdisWan - ok
23:03:35.0968 8852  NDProxy - ok
23:03:35.0974 8852  NetBIOS - ok
23:03:35.0980 8852  NetBT - ok
23:03:35.0986 8852  Netlogon - ok
23:03:36.0000 8852  Netman - ok
23:03:36.0006 8852  netprofm - ok
23:03:36.0041 8852  netr28ux - ok
23:03:36.0047 8852  NetTcpPortSharing - ok
23:03:36.0054 8852  netw5v64 - ok
23:03:36.0070 8852  nfrd960 - ok
23:03:36.0085 8852  NlaSvc - ok
23:03:36.0090 8852  Npfs - ok
23:03:36.0097 8852  nsi - ok
23:03:36.0102 8852  nsiproxy - ok
23:03:36.0110 8852  Ntfs - ok
23:03:36.0116 8852  Null - ok
23:03:36.0121 8852  nvraid - ok
23:03:36.0127 8852  nvstor - ok
23:03:36.0132 8852  nv_agp - ok
23:03:36.0138 8852  odserv - ok
23:03:36.0144 8852  ohci1394 - ok
23:03:36.0150 8852  ose - ok
23:03:36.0156 8852  p2pimsvc - ok
23:03:36.0161 8852  p2psvc - ok
23:03:36.0167 8852  Parport - ok
23:03:36.0186 8852  partmgr - ok
23:03:36.0192 8852  PcaSvc - ok
23:03:36.0197 8852  pci - ok
23:03:36.0208 8852  pciide - ok
23:03:36.0214 8852  pcmcia - ok
23:03:36.0220 8852  pcw - ok
23:03:36.0227 8852  PEAUTH - ok
23:03:36.0236 8852  PerfHost - ok
23:03:36.0249 8852  pla - ok
23:03:36.0256 8852  PlugPlay - ok
23:03:36.0262 8852  PNRPAutoReg - ok
23:03:36.0267 8852  PNRPsvc - ok
23:03:36.0273 8852  PolicyAgent - ok
23:03:36.0281 8852  Power - ok
23:03:36.0287 8852  PptpMiniport - ok
23:03:36.0293 8852  Processor - ok
23:03:36.0299 8852  ProfSvc - ok
23:03:36.0304 8852  ProtectedStorage - ok
23:03:36.0317 8852  Psched - ok
23:03:36.0323 8852  ql2300 - ok
23:03:36.0329 8852  ql40xx - ok
23:03:36.0339 8852  QWAVE - ok
23:03:36.0344 8852  QWAVEdrv - ok
23:03:36.0350 8852  RasAcd - ok
23:03:36.0358 8852  RasAgileVpn - ok
23:03:36.0365 8852  RasAuto - ok
23:03:36.0370 8852  Rasl2tp - ok
23:03:36.0376 8852  RasMan - ok
23:03:36.0381 8852  RasPppoe - ok
23:03:36.0387 8852  RasSstp - ok
23:03:36.0392 8852  rdbss - ok
23:03:36.0398 8852  rdpbus - ok
23:03:36.0403 8852  RDPCDD - ok
23:03:36.0412 8852  RDPENCDD - ok
23:03:36.0420 8852  RDPREFMP - ok
23:03:36.0430 8852  RdpVideoMiniport - ok
23:03:36.0436 8852  RDPWD - ok
23:03:36.0444 8852  rdyboost - ok
23:03:36.0450 8852  RegGuard - ok
23:03:36.0456 8852  RemoteAccess - ok
23:03:36.0461 8852  RemoteRegistry - ok
23:03:36.0478 8852  RFCOMM - ok
23:03:36.0484 8852  RpcEptMapper - ok
23:03:36.0492 8852  RpcLocator - ok
23:03:36.0498 8852  RpcSs - ok
23:03:36.0509 8852  rspndr - ok
23:03:36.0517 8852  RSUSBSTOR - ok
23:03:36.0525 8852  RTL8167 - ok
23:03:36.0531 8852  SamSs - ok
23:03:36.0536 8852  sbp2port - ok
23:03:36.0540 8852  SCardSvr - ok
23:03:36.0546 8852  scfilter - ok
23:03:36.0551 8852  Schedule - ok
23:03:36.0556 8852  SCPolicySvc - ok
23:03:36.0567 8852  sdbus - ok
23:03:36.0570 8852  SDRSVC - ok
23:03:36.0576 8852  secdrv - ok
23:03:36.0583 8852  seclogon - ok
23:03:36.0587 8852  SENS - ok
23:03:36.0601 8852  SensrSvc - ok
23:03:36.0610 8852  Serenum - ok
23:03:36.0614 8852  Serial - ok
23:03:36.0625 8852  sermouse - ok
23:03:36.0643 8852  SessionEnv - ok
23:03:36.0648 8852  sffdisk - ok
23:03:36.0654 8852  sffp_mmc - ok
23:03:36.0660 8852  sffp_sd - ok
23:03:36.0666 8852  sfloppy - ok
23:03:36.0681 8852  SharedAccess - ok
23:03:36.0692 8852  ShellHWDetection - ok
23:03:36.0709 8852  SiSRaid2 - ok
23:03:36.0713 8852  SiSRaid4 - ok
23:03:36.0740 8852  SkypeUpdate - ok
23:03:36.0747 8852  Smb - ok
23:03:36.0760 8852  SNMPTRAP - ok
23:03:36.0767 8852  spldr - ok
23:03:36.0772 8852  Spooler - ok
23:03:36.0777 8852  sppsvc - ok
23:03:36.0783 8852  sppuinotify - ok
23:03:36.0789 8852  srv - ok
23:03:36.0795 8852  srv2 - ok
23:03:36.0804 8852  SrvHsfHDA - ok
23:03:36.0810 8852  SrvHsfV92 - ok
23:03:36.0816 8852  SrvHsfWinac - ok
23:03:36.0821 8852  srvnet - ok
23:03:36.0836 8852  SSDPSRV - ok
23:03:36.0841 8852  SstpSvc - ok
23:03:36.0850 8852  STacSV - ok
23:03:36.0858 8852  stexstor - ok
23:03:36.0872 8852  STHDA - ok
23:03:36.0888 8852  stisvc - ok
23:03:36.0894 8852  swenum - ok
23:03:36.0937 8852  SwitchBoard - ok
23:03:36.0943 8852  swprv - ok
23:03:36.0959 8852  SynTP - ok
23:03:36.0966 8852  SysMain - ok
23:03:36.0970 8852  TabletInputService - ok
23:03:36.0978 8852  taphss - ok
23:03:36.0984 8852  taphss6 - ok
23:03:36.0990 8852  TapiSrv - ok
23:03:36.0998 8852  tapSF0901 - ok
23:03:37.0007 8852  TBS - ok
23:03:37.0011 8852  Tcpip - ok
23:03:37.0020 8852  TCPIP6 - ok
23:03:37.0028 8852  tcpipreg - ok
23:03:37.0047 8852  TDPIPE - ok
23:03:37.0053 8852  TDTCP - ok
23:03:37.0072 8852  tdx - ok
23:03:37.0077 8852  TermDD - ok
23:03:37.0083 8852  TermService - ok
23:03:37.0088 8852  Themes - ok
23:03:37.0094 8852  THREADORDER - ok
23:03:37.0099 8852  TrkWks - ok
23:03:37.0105 8852  TrustedInstaller - ok
23:03:37.0114 8852  tssecsrv - ok
23:03:37.0121 8852  TsUsbFlt - ok
23:03:37.0128 8852  tunnel - ok
23:03:37.0134 8852  uagp35 - ok
23:03:37.0140 8852  udfs - ok
23:03:37.0155 8852  UDisk Monitor - ok
23:03:37.0167 8852  UI0Detect - ok
23:03:37.0177 8852  uliagpkx - ok
23:03:37.0182 8852  umbus - ok
23:03:37.0188 8852  UmPass - ok
23:03:37.0196 8852  upnphost - ok
23:03:37.0203 8852  usbccgp - ok
23:03:37.0208 8852  usbcir - ok
23:03:37.0214 8852  usbehci - ok
23:03:37.0223 8852  usbhub - ok
23:03:37.0227 8852  usbohci - ok
23:03:37.0240 8852  usbprint - ok
23:03:37.0246 8852  usbscan - ok
23:03:37.0252 8852  USBSTOR - ok
23:03:37.0258 8852  usbuhci - ok
23:03:37.0280 8852  usbvideo - ok
23:03:37.0286 8852  UxSms - ok
23:03:37.0291 8852  VaultSvc - ok
23:03:37.0296 8852  vdrvroot - ok
23:03:37.0302 8852  vds - ok
23:03:37.0310 8852  vga - ok
23:03:37.0316 8852  VgaSave - ok
23:03:37.0321 8852  vhdmp - ok
23:03:37.0327 8852  viaide - ok
23:03:37.0332 8852  volmgr - ok
23:03:37.0338 8852  volmgrx - ok
23:03:37.0344 8852  volsnap - ok
23:03:37.0356 8852  vsmraid - ok
23:03:37.0363 8852  VSS - ok
23:03:37.0369 8852  vwifibus - ok
23:03:37.0378 8852  vwififlt - ok
23:03:37.0395 8852  vwifimp - ok
23:03:37.0401 8852  W32Time - ok
23:03:37.0407 8852  WacomPen - ok
23:03:37.0412 8852  WANARP - ok
23:03:37.0418 8852  Wanarpv6 - ok
23:03:37.0423 8852  WatAdminSvc - ok
23:03:37.0429 8852  wbengine - ok
23:03:37.0434 8852  WbioSrvc - ok
23:03:37.0440 8852  wcncsvc - ok
23:03:37.0446 8852  WcsPlugInService - ok
23:03:37.0452 8852  Wd - ok
23:03:37.0457 8852  Wdf01000 - ok
23:03:37.0463 8852  WdiServiceHost - ok
23:03:37.0468 8852  WdiSystemHost - ok
23:03:37.0473 8852  WebClient - ok
23:03:37.0479 8852  Wecsvc - ok
23:03:37.0484 8852  wercplsupport - ok
23:03:37.0491 8852  WerSvc - ok
23:03:37.0512 8852  WfpLwf - ok
23:03:37.0518 8852  WIMMount - ok
23:03:37.0523 8852  WinDefend - ok
23:03:37.0542 8852  WinHttpAutoProxySvc - ok
23:03:37.0547 8852  Winmgmt - ok
23:03:37.0554 8852  WinRM - ok
23:03:37.0565 8852  Wlansvc - ok
23:03:37.0570 8852  wlidsvc - ok
23:03:37.0578 8852  WmiAcpi - ok
23:03:37.0586 8852  wmiApSrv - ok
23:03:37.0592 8852  WMPNetworkSvc - ok
23:03:37.0598 8852  WPCSvc - ok
23:03:37.0603 8852  WPDBusEnum - ok
23:03:37.0609 8852  ws2ifsl - ok
23:03:37.0634 8852  wscsvc - ok
23:03:37.0642 8852  WSearch - ok
23:03:37.0652 8852  wuauserv - ok
23:03:37.0658 8852  WudfPf - ok
23:03:37.0708 8852  WUDFRd - ok
23:03:37.0716 8852  wudfsvc - ok
23:03:37.0727 8852  WwanSvc - ok
23:03:37.0740 8852  yukonw7 - ok
23:03:37.0750 8852  ztemtusbser - ok
23:03:37.0830 8852  ================ Scan global ===============================
23:03:37.0833 8852  [Global] - ok
23:03:37.0836 8852  ================ Scan MBR ==================================
23:03:37.0845 8852  [ 7CD43A74EEA9D4F30E997E26486B0019 ] \Device\Harddisk0\DR0
23:03:38.0335 8852  \Device\Harddisk0\DR0 - ok
23:03:38.0337 8852  ================ Scan VBR ==================================
23:03:38.0337 8852  ============================================================
23:03:38.0337 8852  Scan finished
23:03:38.0337 8852  ============================================================
23:03:38.0364 10416  Detected object count: 0
23:03:38.0364 10416  Actual detected object count: 0
 

 

 

# AdwCleaner v2.303 - Logfile created 06/12/2013 at 23:05:36
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : kami - KAMI-PC
# Boot Mode : Normal
# Running from : C:\Users\kami\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : DvmMDES
 
***** [Files / Folders] *****
 
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\kami\AppData\Local\APN
Folder Deleted : C:\Users\kami\AppData\Local\Conduit
Folder Deleted : C:\Users\kami\AppData\Local\PackageAware
Folder Deleted : C:\Users\kami\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\kami\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\kami\AppData\LocalLow\Conduit
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C6565F37-655B-4c9e-AA5F-0307AC976ED4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2707060
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16576
 
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=W3i&dpid=W3i&co=PK&range=72&searchtype=ds&isid=9860&q={searchTerms} --> hxxp://www.google.com
 
-\\ Google Chrome v27.0.1453.110
 
File : C:\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S6].txt - [8578 octets] - [12/06/2013 23:05:36]
 
########## EOF - C:\AdwCleaner[S6].txt - [8638 octets] ##########
 

 

 

 

C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined
C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined
 

 

 

 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:00 AM

Posted 13 June 2013 - 01:29 PM

Hello, were the last 2 lines from the ESET scan?

I would like to do one more

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions
  • for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


How is it running now?

Edited by boopme, 13 June 2013 - 01:29 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 dockami

dockami
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 13 June 2013 - 08:57 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.06.13.09
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
kami :: KAMI-PC [administrator]
 
6/14/2013 6:43:23 AM
mbam-log-2013-06-14 (06-43-23).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255962
Time elapsed: 7 minute(s), 58 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

yes they were of eset scanner log 

its working better 



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:00 AM

Posted 13 June 2013 - 09:08 PM

Looks clean to me now.

If all's good then Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can re-infect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup
  • to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links:
  • Create a New Restore Point in Vista
  • Create a New Restore Point in Windows 7 (alternate method)
  • Disk Cleanup in Vista
  • Disk Cleanup in Windows 7
  • ◾Reboot and see how it is.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users