Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows firewall can't change some of your settings - Error 0x80070424


  • Please log in to reply
13 replies to this topic

#1 vatos

vatos

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 27 June 2013 - 05:46 PM

Hello people,

 

I have just registered myself at this forum, because I got a problem. I play online games since 2008 and suddenly 2 days ago it said "Theres a problem of anti hacking. The game will close" when I tried to start the game. I have a completely clean and I have never hacked in my life. I read in few forums, that this Problem can occure when I downloaded some programs recently, and yes I did. And I am 99% sure that those programs contain trojans and the hackshield of the game sees it as danger and doesnt start the game although it has nothing to do with that game. I can neither download + install any anti virus because it says "The program does not respond. Close program or search another solution online" nor restore my system. I am really in trouble and I would be so glad if someone of you helped me. And I am really sorry if this post exists already or this is the wrong section. Apologizes.

 

Thanks alot.



BC AdBot (Login to Remove)

 


#2 sflatechguy

sflatechguy

  • BC Advisor
  • 2,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 AM

Posted 27 June 2013 - 08:18 PM

This error code occurs when a compuer is infected with a virus or a rootkit. See this link for more info: http://answers.microsoft.com/en-us/windows/forum/windows_7-security/error-code-0x80070424-with-windows-firewall/ec3fc3b8-69ec-4b4b-a703-4b745fe6e8ee

 

I suggest you open a new thread over at the Am I infected forum, or ask the forum moderator to move this post there.



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:22 AM

Posted 27 June 2013 - 08:20 PM

Hello valos

I moved this from Win7 to the Am I Infected forum for a further look.
 
Can you download these from another PC onto a flash drive or CD. Then either transfer them or run from he device.
 

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
 
Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 vatos

vatos
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 28 June 2013 - 02:34 AM

First of all, thanks alot for your help. I really appreciate it.

The first log is the result from MiniTool.

Here it is:

 

 

MiniToolBox by Farbar  Version: 16-06-2013
Ran by Siyar (administrator) on 28-06-2013 at 09:30:56
Running from "C:\Users\Siyar\Desktop"
Windows 7 Ultimate  (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= IP Configuration: ================================

 

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Siyar-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Win32 Adapter V9
   Physical Address. . . . . . . . . : 00-FF-66-FA-15-1F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 00-15-AF-43-B8-11
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : 802.11 n/g/b Wireless LAN USB Adapter
   Physical Address. . . . . . . . . : 00-15-AF-43-B8-10
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::289e:1cee:a06f:3013%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.103(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Freitag, 28. Juni 2013 09:06:56
   Lease Expires . . . . . . . . . . : Montag, 4. August 2149 16:00:04
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 234886575
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-29-6F-86-00-1D-92-23-CB-EF
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection
   Physical Address. . . . . . . . . : 00-1D-92-23-CB-EF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{AF761951-9647-405E-B610-841AF27BD780}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable Microsoft 6To4 Adapter:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  easy.box
Address:  192.168.2.1

Name:    google.com
Addresses:  2a00:1450:4001:809::1001
   173.194.113.35
   173.194.113.36
   173.194.113.37
   173.194.113.38
   173.194.113.39
   173.194.113.40
   173.194.113.41
   173.194.113.46

Pinging google.com [173.194.113.35] with 32 bytes of data:
Reply from 173.194.113.35: bytes=32 time=33ms TTL=52
Reply from 173.194.113.35: bytes=32 time=32ms TTL=52

Ping statistics for 173.194.113.35:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 32ms, Maximum = 33ms, Average = 32ms
Server:  easy.box
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  206.190.36.45
   98.138.253.109
   98.139.183.24

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=189ms TTL=51
Reply from 206.190.36.45: bytes=32 time=189ms TTL=51

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 189ms, Maximum = 189ms, Average = 189ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 22...00 ff 66 fa 15 1f ......TAP-Win32 Adapter V9
 21...00 15 af 43 b8 11 ......Microsoft Virtual WiFi Miniport Adapter
 13...00 15 af 43 b8 10 ......802.11 n/g/b Wireless LAN USB Adapter
 11...00 1d 92 23 cb ef ......Intel® 82562V-2 10/100 Network Connection
  1...........................Software Loopback Interface 1
 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
 16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
 18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.103     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link     192.168.2.103    281
    192.168.2.103  255.255.255.255         On-link     192.168.2.103    281
    192.168.2.255  255.255.255.255         On-link     192.168.2.103    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.2.103    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.2.103    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 13    281 fe80::/64                On-link
 13    281 fe80::289e:1cee:a06f:3013/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/28/2013 02:56:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/28/2013 00:35:27 AM) (Source: Application Error) (User: )
Description: Faulting application name: kav13.0.1.4190de-de.exe, version: 13.0.1.4190, time stamp: 0x4bc06cd3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00024726
Faulting process id: 0x1328
Faulting application start time: 0xkav13.0.1.4190de-de.exe0
Faulting application path: kav13.0.1.4190de-de.exe1
Faulting module path: kav13.0.1.4190de-de.exe2
Report Id: kav13.0.1.4190de-de.exe3

Error: (06/28/2013 00:29:42 AM) (Source: Application Error) (User: )
Description: Faulting application name: avast_free_antivirus_setup_8.0.1489.300.exe, version: 8.0.1489.300, time stamp: 0x518b64b5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00024726
Faulting process id: 0x398
Faulting application start time: 0xavast_free_antivirus_setup_8.0.1489.300.exe0
Faulting application path: avast_free_antivirus_setup_8.0.1489.300.exe1
Faulting module path: avast_free_antivirus_setup_8.0.1489.300.exe2
Report Id: avast_free_antivirus_setup_8.0.1489.300.exe3

Error: (06/27/2013 11:31:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: avg_free_x86_all_2013_3345a6382.exe, version: 13.0.0.3345, time stamp: 0x4c611094
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00024726
Faulting process id: 0xce4
Faulting application start time: 0xavg_free_x86_all_2013_3345a6382.exe0
Faulting application path: avg_free_x86_all_2013_3345a6382.exe1
Faulting module path: avg_free_x86_all_2013_3345a6382.exe2
Report Id: avg_free_x86_all_2013_3345a6382.exe3

Error: (06/27/2013 11:22:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: TrueImage.exe, version: 16.0.0.6514, time stamp: 0x51535d84
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49caf
Exception code: 0xc0000005
Fault offset: 0x00051e86
Faulting process id: 0x11f0
Faulting application start time: 0xTrueImage.exe0
Faulting application path: TrueImage.exe1
Faulting module path: TrueImage.exe2
Report Id: TrueImage.exe3

Error: (06/27/2013 11:12:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.7600.16385, time stamp: 0x4a5bc3e6
Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time stamp: 0x4dcddbf3
Exception code: 0xc0000005
Fault offset: 0x000149d1
Faulting process id: 0x19c
Faulting application start time: 0xMsiExec.exe0
Faulting application path: MsiExec.exe1
Faulting module path: MsiExec.exe2
Report Id: MsiExec.exe3

Error: (06/27/2013 10:26:09 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070057.

Error: (06/27/2013 09:49:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: mseinstall.exe, version: 4.2.223.0, time stamp: 0x49ba026d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00024726
Faulting process id: 0xb04
Faulting application start time: 0xmseinstall.exe0
Faulting application path: mseinstall.exe1
Faulting module path: mseinstall.exe2
Report Id: mseinstall.exe3

Error: (06/27/2013 09:42:32 PM) (Source: Bonjour Service) (User: )
Description: 460: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (06/27/2013 09:42:32 PM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10093

System errors:
=============
Error: (06/28/2013 09:31:49 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (06/28/2013 09:31:19 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (06/28/2013 09:30:48 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (06/28/2013 09:30:18 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (06/28/2013 09:29:48 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (06/28/2013 09:29:24 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (06/28/2013 09:29:24 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (06/28/2013 09:29:18 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (06/28/2013 09:28:39 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (06/28/2013 09:28:09 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-06-28 02:20:21.207
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-28 02:20:21.129
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-28 02:20:21.067
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-28 02:12:33.238
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-28 02:12:33.175
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-28 02:12:33.097
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-28 02:12:32.988
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-28 02:12:32.910
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-28 02:12:32.832
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-28 02:06:25.186
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

 Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.15.26.0)
Bonjour (Version: 3.0.0.10)
eReg (Version: 1.20.138.34)
erLT (Version: 1.20.0137)
Foxit Reader 5.1 (Version: 5.1.4.104)
Free Download Manager 3.9.2
Google Chrome (Version: 28.0.1500.63)
Google Update Helper (Version: 1.3.21.99)
Hotfix für Microsoft Visual C++ 2010 Express - DEU (KB2635973) (Version: 1)
iTunes (Version: 11.0.1.12)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
KalOnline (Version: 1.00.0000)
KalOnlineTest (Version: 1.00.0000)
Logitech Gaming Software (Version: 8.45.88)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Business 2010 - Deutsch (Version: 14.0.5138.5002)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server Compact 3.5 SP2 DEU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 Express - DEU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219)
MindManager Smart (Version: 2.1.3)
MiniTool Partition Wizard Home Edition 7.6
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nexon Game Manager
NVIDIA 3D Vision Driver 311.06 (Version: 311.06)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Graphics Driver 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenOffice.org 3.3 (Version: 3.3.9567)
OpenVPN 2.1.1 (Version: 2.1.1)
Overwolf (Version: 0.42.248)
SopCast 3.5.0 (Version: 3.5.0)
TeamSpeak 2 RC2 (Version: 2.0.32.60)
TeamSpeak 3 Client (Version: 3.0.8.1)
TeamViewer 6 (Version: 6.0.11052)
TeamViewer 7 (Version: 7.0.13989)
Tor 0.2.2.32
TrueCrypt (Version: 7.1a)
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Vidalia 0.2.14
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 3070.15 MB
Available physical RAM: 1937.18 MB
Total Pagefile: 6138.57 MB
Available Pagefile: 4785.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.95 MB

========================= Partitions: =====================================

1 Drive c: (BOOT) (Fixed) (Total:465.76 GB) (Free:109.33 GB) NTFS
2 Drive d: () (Removable) (Total:0.94 GB) (Free:0.93 GB) FAT32

========================= Users: ========================================

User accounts for \\SIYAR-PC

Administrator            Guest                    Siyar                   
UpdatusUser             

**** End of log ****

 

 

 



#5 vatos

vatos
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 28 June 2013 - 02:37 AM

This is from TDS:

 

09:35:10.0591 3128  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:35:10.0809 3128  ============================================================
09:35:10.0809 3128  Current date / time: 2013/06/28 09:35:10.0809
09:35:10.0809 3128  SystemInfo:
09:35:10.0809 3128 
09:35:10.0809 3128  OS Version: 6.1.7600 ServicePack: 0.0
09:35:10.0809 3128  Product type: Workstation
09:35:10.0809 3128  ComputerName: SIYAR-PC
09:35:10.0809 3128  UserName: Siyar
09:35:10.0809 3128  Windows directory: C:\Windows
09:35:10.0809 3128  System windows directory: C:\Windows
09:35:10.0809 3128  Processor architecture: Intel x86
09:35:10.0809 3128  Number of processors: 4
09:35:10.0809 3128  Page size: 0x1000
09:35:10.0809 3128  Boot type: Normal boot
09:35:10.0809 3128  ============================================================
09:35:11.0885 3128  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:35:11.0917 3128  Drive \Device\Harddisk4\DR4 - Size: 0x3C276200 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:35:11.0917 3128  ============================================================
09:35:11.0917 3128  \Device\Harddisk0\DR0:
09:35:11.0917 3128  MBR partitions:
09:35:11.0917 3128  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384000
09:35:11.0917 3128  \Device\Harddisk4\DR4:
09:35:11.0979 3128  MBR partitions:
09:35:11.0979 3128  ============================================================
09:35:11.0979 3128  Initialize success
09:35:11.0979 3128  ============================================================
09:35:43.0117 2764  ============================================================
09:35:43.0117 2764  Scan started
09:35:43.0117 2764  Mode: Manual; TDLFS;
09:35:43.0117 2764  ============================================================
09:35:43.0132 2764  ================ Scan system memory ========================
09:35:43.0132 2764  System memory - ok
09:35:43.0132 2764  ================ Scan services =============================
09:35:43.0163 2764  1394ohci - ok
09:35:43.0179 2764  ACPI - ok
09:35:43.0179 2764  AcpiPmi - ok
09:35:43.0210 2764  AdobeFlashPlayerUpdateSvc - ok
09:35:43.0226 2764  adp94xx - ok
09:35:43.0226 2764  adpahci - ok
09:35:43.0226 2764  adpu320 - ok
09:35:43.0241 2764  AeLookupSvc - ok
09:35:43.0241 2764  AFD - ok
09:35:43.0241 2764  agp440 - ok
09:35:43.0257 2764  aic78xx - ok
09:35:43.0257 2764  ALG - ok
09:35:43.0273 2764  aliide - ok
09:35:43.0273 2764  amdagp - ok
09:35:43.0273 2764  amdide - ok
09:35:43.0273 2764  AmdK8 - ok
09:35:43.0288 2764  AmdPPM - ok
09:35:43.0288 2764  amdsata - ok
09:35:43.0288 2764  amdsbs - ok
09:35:43.0304 2764  amdxata - ok
09:35:43.0319 2764  androidusb - ok
09:35:43.0319 2764  AppID - ok
09:35:43.0319 2764  AppIDSvc - ok
09:35:43.0335 2764  Appinfo - ok
09:35:43.0335 2764  Apple Mobile Device - ok
09:35:43.0351 2764  AppMgmt - ok
09:35:43.0351 2764  arc - ok
09:35:43.0366 2764  arcsas - ok
09:35:43.0366 2764  aspnet_state - ok
09:35:43.0382 2764  AsyncMac - ok
09:35:43.0382 2764  atapi - ok
09:35:43.0382 2764  AudioEndpointBuilder - ok
09:35:43.0382 2764  Audiosrv - ok
09:35:43.0397 2764  AxInstSV - ok
09:35:43.0397 2764  b06bdrv - ok
09:35:43.0397 2764  b57nd60x - ok
09:35:43.0397 2764  BDESVC - ok
09:35:43.0413 2764  Beep - ok
09:35:43.0413 2764  BITS - ok
09:35:43.0413 2764  blbdrive - ok
09:35:43.0413 2764  Bonjour Service - ok
09:35:43.0429 2764  bowser - ok
09:35:43.0429 2764  BrFiltLo - ok
09:35:43.0429 2764  BrFiltUp - ok
09:35:43.0429 2764  Browser - ok
09:35:43.0429 2764  BrSerIb - ok
09:35:43.0444 2764  Brserid - ok
09:35:43.0444 2764  BrSerWdm - ok
09:35:43.0444 2764  BrUsbMdm - ok
09:35:43.0444 2764  BrUsbSer - ok
09:35:43.0460 2764  BrUsbSIb - ok
09:35:43.0475 2764  BTHMODEM - ok
09:35:43.0475 2764  bthserv - ok
09:35:43.0475 2764  cdfs - ok
09:35:43.0475 2764  cdrom - ok
09:35:43.0491 2764  CertPropSvc - ok
09:35:43.0491 2764  circlass - ok
09:35:43.0491 2764  CLFS - ok
09:35:43.0491 2764  clr_optimization_v2.0.50727_32 - ok
09:35:43.0507 2764  clr_optimization_v4.0.30319_32 - ok
09:35:43.0507 2764  CmBatt - ok
09:35:43.0507 2764  cmdide - ok
09:35:43.0507 2764  CNG - ok
09:35:43.0522 2764  Compbatt - ok
09:35:43.0522 2764  CompositeBus - ok
09:35:43.0522 2764  COMSysApp - ok
09:35:43.0522 2764  crcdisk - ok
09:35:43.0538 2764  CryptSvc - ok
09:35:43.0538 2764  CSC - ok
09:35:43.0538 2764  CscService - ok
09:35:43.0538 2764  cvhsvc - ok
09:35:43.0553 2764  DcomLaunch - ok
09:35:43.0553 2764  defragsvc - ok
09:35:43.0553 2764  DfsC - ok
09:35:43.0553 2764  dgderdrv - ok
09:35:43.0569 2764  Dhcp - ok
09:35:43.0569 2764  discache - ok
09:35:43.0569 2764  Disk - ok
09:35:43.0569 2764  Dnscache - ok
09:35:43.0585 2764  dot3svc - ok
09:35:43.0585 2764  DPS - ok
09:35:43.0600 2764  drmkaud - ok
09:35:43.0600 2764  DXGKrnl - ok
09:35:43.0616 2764  e1express - ok
09:35:43.0616 2764  EagleNT - ok
09:35:43.0616 2764  EagleXNt - ok
09:35:43.0631 2764  EapHost - ok
09:35:43.0631 2764  ebdrv - ok
09:35:43.0631 2764  EFS - ok
09:35:43.0631 2764  ehRecvr - ok
09:35:43.0647 2764  ehSched - ok
09:35:43.0647 2764  elxstor - ok
09:35:43.0647 2764  ErrDev - ok
09:35:43.0663 2764  EventSystem - ok
09:35:43.0663 2764  exfat - ok
09:35:43.0663 2764  fastfat - ok
09:35:43.0663 2764  Fax - ok
09:35:43.0678 2764  fdc - ok
09:35:43.0678 2764  fdPHost - ok
09:35:43.0678 2764  FDResPub - ok
09:35:43.0694 2764  FileInfo - ok
09:35:43.0694 2764  Filetrace - ok
09:35:43.0694 2764  flpydisk - ok
09:35:43.0694 2764  FltMgr - ok
09:35:43.0709 2764  FontCache - ok
09:35:43.0709 2764  FontCache3.0.0.0 - ok
09:35:43.0709 2764  FsDepends - ok
09:35:43.0709 2764  FsUsbExDisk - ok
09:35:43.0725 2764  FsUsbExService - ok
09:35:43.0725 2764  Fs_Rec - ok
09:35:43.0725 2764  fvevol - ok
09:35:43.0725 2764  gagp30kx - ok
09:35:43.0741 2764  GEARAspiWDM - ok
09:35:43.0741 2764  gpsvc - ok
09:35:43.0756 2764  hcw85cir - ok
09:35:43.0756 2764  HdAudAddService - ok
09:35:43.0756 2764  HDAudBus - ok
09:35:43.0756 2764  HidBatt - ok
09:35:43.0772 2764  HidBth - ok
09:35:43.0772 2764  HidIr - ok
09:35:43.0772 2764  hidserv - ok
09:35:43.0772 2764  HidUsb - ok
09:35:43.0787 2764  hkmsvc - ok
09:35:43.0787 2764  HomeGroupListener - ok
09:35:43.0787 2764  HomeGroupProvider - ok
09:35:43.0787 2764  HpSAMD - ok
09:35:43.0803 2764  HTTP - ok
09:35:43.0803 2764  hwpolicy - ok
09:35:43.0819 2764  i8042prt - ok
09:35:43.0819 2764  iaStorV - ok
09:35:43.0819 2764  idsvc - ok
09:35:43.0819 2764  iirsp - ok
09:35:43.0834 2764  IKEEXT - ok
09:35:43.0834 2764  intelide - ok
09:35:43.0834 2764  intelppm - ok
09:35:43.0834 2764  IPBusEnum - ok
09:35:43.0850 2764  IpFilterDriver - ok
09:35:43.0850 2764  IPMIDRV - ok
09:35:43.0850 2764  IPNAT - ok
09:35:43.0850 2764  iPod Service - ok
09:35:43.0865 2764  IRENUM - ok
09:35:43.0865 2764  isapnp - ok
09:35:43.0865 2764  iScsiPrt - ok
09:35:43.0865 2764  kbdcap - ok
09:35:43.0881 2764  kbdclass - ok
09:35:43.0881 2764  kbdhid - ok
09:35:43.0881 2764  KeyIso - ok
09:35:43.0881 2764  KSecDD - ok
09:35:43.0897 2764  KSecPkg - ok
09:35:43.0897 2764  KtmRm - ok
09:35:43.0912 2764  LanmanServer - ok
09:35:43.0912 2764  LanmanWorkstation - ok
09:35:43.0912 2764  LGBusEnum - ok
09:35:43.0912 2764  LGSHidFilt - ok
09:35:43.0928 2764  LGVirHid - ok
09:35:43.0959 2764  LHidFilt - ok
09:35:43.0975 2764  lltdio - ok
09:35:43.0975 2764  lltdsvc - ok
09:35:43.0975 2764  lmhosts - ok
09:35:43.0990 2764  LMouFilt - ok
09:35:43.0990 2764  LSI_FC - ok
09:35:43.0990 2764  LSI_SAS - ok
09:35:43.0990 2764  LSI_SAS2 - ok
09:35:44.0006 2764  LSI_SCSI - ok
09:35:44.0006 2764  luafv - ok
09:35:44.0021 2764  MBAMProtector - ok
09:35:44.0037 2764  MBAMScheduler - ok
09:35:44.0037 2764  MBAMService - ok
09:35:44.0037 2764  Mcx2Svc - ok
09:35:44.0037 2764  megasas - ok
09:35:44.0053 2764  MegaSR - ok
09:35:44.0053 2764  Microsoft Office Groove Audit Service - ok
09:35:44.0053 2764  MMCSS - ok
09:35:44.0053 2764  Modem - ok
09:35:44.0068 2764  monitor - ok
09:35:44.0068 2764  mouclass - ok
09:35:44.0068 2764  mouhid - ok
09:35:44.0084 2764  mountmgr - ok
09:35:44.0084 2764  mpio - ok
09:35:44.0084 2764  mpsdrv - ok
09:35:44.0099 2764  MRxDAV - ok
09:35:44.0099 2764  mrxsmb - ok
09:35:44.0099 2764  mrxsmb10 - ok
09:35:44.0099 2764  mrxsmb20 - ok
09:35:44.0099 2764  msahci - ok
09:35:44.0115 2764  msdsm - ok
09:35:44.0115 2764  MSDTC - ok
09:35:44.0115 2764  Msfs - ok
09:35:44.0131 2764  mshidkmdf - ok
09:35:44.0131 2764  msisadrv - ok
09:35:44.0131 2764  MSiSCSI - ok
09:35:44.0131 2764  msiserver - ok
09:35:44.0131 2764  MSKSSRV - ok
09:35:44.0146 2764  MSPCLOCK - ok
09:35:44.0146 2764  MSPQM - ok
09:35:44.0146 2764  MsRPC - ok
09:35:44.0162 2764  mssmbios - ok
09:35:44.0162 2764  MSTEE - ok
09:35:44.0162 2764  MTConfig - ok
09:35:44.0162 2764  Mup - ok
09:35:44.0177 2764  napagent - ok
09:35:44.0177 2764  NativeWifiP - ok
09:35:44.0177 2764  NDIS - ok
09:35:44.0177 2764  NdisCap - ok
09:35:44.0193 2764  NdisTapi - ok
09:35:44.0193 2764  Ndisuio - ok
09:35:44.0193 2764  NdisWan - ok
09:35:44.0193 2764  NDProxy - ok
09:35:44.0209 2764  NetBIOS - ok
09:35:44.0209 2764  NetBT - ok
09:35:44.0209 2764  Netlogon - ok
09:35:44.0209 2764  Netman - ok
09:35:44.0224 2764  NetMsmqActivator - ok
09:35:44.0224 2764  NetPipeActivator - ok
09:35:44.0224 2764  netprofm - ok
09:35:44.0224 2764  netr28u - ok
09:35:44.0224 2764  NetTcpActivator - ok
09:35:44.0240 2764  NetTcpPortSharing - ok
09:35:44.0240 2764  nfrd960 - ok
09:35:44.0240 2764  NlaSvc - ok
09:35:44.0255 2764  Npfs - ok
09:35:44.0255 2764  nsi - ok
09:35:44.0255 2764  nsiproxy - ok
09:35:44.0255 2764  Ntfs - ok
09:35:44.0271 2764  Null - ok
09:35:44.0271 2764  nvlddmkm - ok
09:35:44.0271 2764  nvraid - ok
09:35:44.0287 2764  nvstor - ok
09:35:44.0302 2764  nvsvc - ok
09:35:44.0302 2764  nvUpdatusService - ok
09:35:44.0302 2764  nv_agp - ok
09:35:44.0302 2764  odserv - ok
09:35:44.0318 2764  ohci1394 - ok
09:35:44.0318 2764  OpenVPNService - ok
09:35:44.0318 2764  ose - ok
09:35:44.0318 2764  osppsvc - ok
09:35:44.0333 2764  OverwolfUpdaterService - ok
09:35:44.0333 2764  p2pimsvc - ok
09:35:44.0333 2764  p2psvc - ok
09:35:44.0349 2764  Parport - ok
09:35:44.0349 2764  partmgr - ok
09:35:44.0349 2764  Parvdm - ok
09:35:44.0365 2764  PcaSvc - ok
09:35:44.0365 2764  pci - ok
09:35:44.0365 2764  pciide - ok
09:35:44.0365 2764  pcmcia - ok
09:35:44.0365 2764  pcw - ok
09:35:44.0380 2764  PEAUTH - ok
09:35:44.0380 2764  PeerDistSvc - ok
09:35:44.0396 2764  Ph3xIB32 - ok
09:35:44.0396 2764  pla - ok
09:35:44.0411 2764  PlugPlay - ok
09:35:44.0411 2764  PNRPAutoReg - ok
09:35:44.0411 2764  PNRPsvc - ok
09:35:44.0411 2764  PolicyAgent - ok
09:35:44.0427 2764  Power - ok
09:35:44.0427 2764  PptpMiniport - ok
09:35:44.0427 2764  Processor - ok
09:35:44.0427 2764  ProfSvc - ok
09:35:44.0443 2764  ProtectedStorage - ok
09:35:44.0443 2764  Psched - ok
09:35:44.0458 2764  pwdrvio - ok
09:35:44.0458 2764  pwdspio - ok
09:35:44.0458 2764  ql2300 - ok
09:35:44.0458 2764  ql40xx - ok
09:35:44.0474 2764  QWAVE - ok
09:35:44.0474 2764  QWAVEdrv - ok
09:35:44.0474 2764  RasAcd - ok
09:35:44.0474 2764  RasAgileVpn - ok
09:35:44.0489 2764  RasAuto - ok
09:35:44.0489 2764  Rasl2tp - ok
09:35:44.0489 2764  RasMan - ok
09:35:44.0489 2764  RasPppoe - ok
09:35:44.0505 2764  RasSstp - ok
09:35:44.0505 2764  rdbss - ok
09:35:44.0505 2764  rdpbus - ok
09:35:44.0505 2764  RDPCDD - ok
09:35:44.0521 2764  RDPDR - ok
09:35:44.0521 2764  RDPENCDD - ok
09:35:44.0521 2764  RDPREFMP - ok
09:35:44.0536 2764  RDPWD - ok
09:35:44.0536 2764  rdyboost - ok
09:35:44.0536 2764  RemoteAccess - ok
09:35:44.0536 2764  RemoteRegistry - ok
09:35:44.0552 2764  RpcEptMapper - ok
09:35:44.0552 2764  RpcLocator - ok
09:35:44.0552 2764  RpcSs - ok
09:35:44.0552 2764  rspndr - ok
09:35:44.0567 2764  s3cap - ok
09:35:44.0567 2764  SamSs - ok
09:35:44.0567 2764  sbp2port - ok
09:35:44.0567 2764  SCardSvr - ok
09:35:44.0567 2764  scfilter - ok
09:35:44.0583 2764  Schedule - ok
09:35:44.0583 2764  SCPolicySvc - ok
09:35:44.0583 2764  SDRSVC - ok
09:35:44.0583 2764  secdrv - ok
09:35:44.0599 2764  seclogon - ok
09:35:44.0599 2764  SENS - ok
09:35:44.0599 2764  SensrSvc - ok
09:35:44.0599 2764  Serenum - ok
09:35:44.0614 2764  Serial - ok
09:35:44.0614 2764  sermouse - ok
09:35:44.0614 2764  SessionEnv - ok
09:35:44.0630 2764  sffdisk - ok
09:35:44.0630 2764  sffp_mmc - ok
09:35:44.0630 2764  sffp_sd - ok
09:35:44.0630 2764  sfloppy - ok
09:35:44.0645 2764  Sftfs - ok
09:35:44.0645 2764  sftlist - ok
09:35:44.0645 2764  Sftplay - ok
09:35:44.0645 2764  Sftredir - ok
09:35:44.0661 2764  Sftvol - ok
09:35:44.0661 2764  sftvsa - ok
09:35:44.0661 2764  ShellHWDetection - ok
09:35:44.0677 2764  sisagp - ok
09:35:44.0677 2764  SiSRaid2 - ok
09:35:44.0677 2764  SiSRaid4 - ok
09:35:44.0677 2764  Smb - ok
09:35:44.0692 2764  SNMPTRAP - ok
09:35:44.0692 2764  spldr - ok
09:35:44.0692 2764  Spooler - ok
09:35:44.0692 2764  sppsvc - ok
09:35:44.0708 2764  sppuinotify - ok
09:35:44.0708 2764  srv - ok
09:35:44.0708 2764  srv2 - ok
09:35:44.0708 2764  srvnet - ok
09:35:44.0708 2764  ssadbus - ok
09:35:44.0723 2764  ssadmdfl - ok
09:35:44.0739 2764  ssadmdm - ok
09:35:44.0739 2764  SSDPSRV - ok
09:35:44.0739 2764  SstpSvc - ok
09:35:44.0739 2764  Stereo Service - ok
09:35:44.0755 2764  stexstor - ok
09:35:44.0755 2764  StiSvc - ok
09:35:44.0755 2764  storflt - ok
09:35:44.0770 2764  storvsc - ok
09:35:44.0770 2764  swenum - ok
09:35:44.0770 2764  swprv - ok
09:35:44.0770 2764  SysMain - ok
09:35:44.0770 2764  TabletInputService - ok
09:35:44.0786 2764  tap0901 - ok
09:35:44.0786 2764  TapiSrv - ok
09:35:44.0786 2764  TBS - ok
09:35:44.0786 2764  Tcpip - ok
09:35:44.0801 2764  TCPIP6 - ok
09:35:44.0801 2764  tcpipreg - ok
09:35:44.0801 2764  TDPIPE - ok
09:35:44.0801 2764  TDTCP - ok
09:35:44.0817 2764  tdx - ok
09:35:44.0817 2764  TeamViewer6 - ok
09:35:44.0817 2764  TeamViewer7 - ok
09:35:44.0833 2764  TermDD - ok
09:35:44.0833 2764  TermService - ok
09:35:44.0833 2764  Themes - ok
09:35:44.0833 2764  THREADORDER - ok
09:35:44.0848 2764  TrkWks - ok
09:35:44.0848 2764  truecrypt - ok
09:35:44.0848 2764  TrustedInstaller - ok
09:35:44.0848 2764  tssecsrv - ok
09:35:44.0864 2764  tunnel - ok
09:35:44.0864 2764  uagp35 - ok
09:35:44.0864 2764  udfs - ok
09:35:44.0879 2764  UI0Detect - ok
09:35:44.0879 2764  uliagpkx - ok
09:35:44.0879 2764  umbus - ok
09:35:44.0879 2764  UmPass - ok
09:35:44.0895 2764  UmRdpService - ok
09:35:44.0895 2764  upnphost - ok
09:35:44.0895 2764  USBAAPL - ok
09:35:44.0895 2764  usbccgp - ok
09:35:44.0911 2764  usbcir - ok
09:35:44.0911 2764  usbehci - ok
09:35:44.0911 2764  usbhub - ok
09:35:44.0911 2764  usbohci - ok
09:35:44.0911 2764  usbprint - ok
09:35:44.0926 2764  usbscan - ok
09:35:44.0926 2764  USBSTOR - ok
09:35:44.0942 2764  usbuhci - ok
09:35:44.0942 2764  UxSms - ok
09:35:44.0942 2764  VaultSvc - ok
09:35:44.0942 2764  vdrvroot - ok
09:35:44.0957 2764  vds - ok
09:35:44.0957 2764  vga - ok
09:35:44.0957 2764  VgaSave - ok
09:35:44.0957 2764  vhdmp - ok
09:35:44.0973 2764  viaagp - ok
09:35:44.0973 2764  ViaC7 - ok
09:35:44.0973 2764  viaide - ok
09:35:44.0973 2764  vmbus - ok
09:35:44.0989 2764  VMBusHID - ok
09:35:44.0989 2764  volmgr - ok
09:35:44.0989 2764  volmgrx - ok
09:35:44.0989 2764  volsnap - ok
09:35:45.0004 2764  vsmraid - ok
09:35:45.0004 2764  VSS - ok
09:35:45.0004 2764  vtany - ok
09:35:45.0004 2764  vwifibus - ok
09:35:45.0020 2764  vwififlt - ok
09:35:45.0020 2764  vwifimp - ok
09:35:45.0020 2764  W32Time - ok
09:35:45.0020 2764  WacomPen - ok
09:35:45.0035 2764  WANARP - ok
09:35:45.0035 2764  Wanarpv6 - ok
09:35:45.0035 2764  WatAdminSvc - ok
09:35:45.0035 2764  wbengine - ok
09:35:45.0051 2764  WbioSrvc - ok
09:35:45.0051 2764  wcncsvc - ok
09:35:45.0051 2764  WcsPlugInService - ok
09:35:45.0051 2764  Wd - ok
09:35:45.0051 2764  Wdf01000 - ok
09:35:45.0067 2764  WdiServiceHost - ok
09:35:45.0067 2764  WdiSystemHost - ok
09:35:45.0067 2764  WebClient - ok
09:35:45.0067 2764  Wecsvc - ok
09:35:45.0082 2764  wercplsupport - ok
09:35:45.0082 2764  WerSvc - ok
09:35:45.0082 2764  WfpLwf - ok
09:35:45.0082 2764  WIMMount - ok
09:35:45.0098 2764  WinHttpAutoProxySvc - ok
09:35:45.0098 2764  Winmgmt - ok
09:35:45.0098 2764  WinRM - ok
09:35:45.0113 2764  WinUsb - ok
09:35:45.0113 2764  Wlansvc - ok
09:35:45.0113 2764  WmiAcpi - ok
09:35:45.0113 2764  wmiApSrv - ok
09:35:45.0129 2764  WMPNetworkSvc - ok
09:35:45.0129 2764  WPCSvc - ok
09:35:45.0129 2764  WPDBusEnum - ok
09:35:45.0145 2764  ws2ifsl - ok
09:35:45.0145 2764  WSearch - ok
09:35:45.0145 2764  wuauserv - ok
09:35:45.0145 2764  WudfPf - ok
09:35:45.0160 2764  WUDFRd - ok
09:35:45.0160 2764  wudfsvc - ok
09:35:45.0160 2764  WwanSvc - ok
09:35:45.0160 2764  xhunter1 - ok
09:35:45.0176 2764  xsherlock - ok
09:35:45.0176 2764  XUIF - ok
09:35:45.0191 2764  ================ Scan global ===============================
09:35:45.0191 2764  [Global] - ok
09:35:45.0191 2764  ================ Scan MBR ==================================
09:35:45.0207 2764  [ B7310D12FF8857D5B67EAA63423EDB33 ] \Device\Harddisk0\DR0
09:35:45.0613 2764  \Device\Harddisk0\DR0 - ok
09:35:45.0628 2764  [ F9C947AB9059C052B9E35E52F7902BAF ] \Device\Harddisk4\DR4
09:35:45.0800 2764  \Device\Harddisk4\DR4 - ok
09:35:45.0800 2764  ================ Scan VBR ==================================
09:35:45.0800 2764  [ 0AB0B7C1E26DFA13D5322614942FF0EB ] \Device\Harddisk0\DR0\Partition1
09:35:45.0800 2764  \Device\Harddisk0\DR0\Partition1 - ok
09:35:45.0800 2764  ============================================================
09:35:45.0800 2764  Scan finished
09:35:45.0800 2764  ============================================================
09:35:45.0815 1344  Detected object count: 0
09:35:45.0815 1344  Actual detected object count: 0
 



#6 vatos

vatos
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 28 June 2013 - 02:44 AM

This is ADWCleaner:

 

# AdwCleaner v2.303 - Logfile created 06/28/2013 at 09:38:20
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Ultimate  (32 bits)
# User : Siyar - SIYAR-PC
# Boot Mode : Normal
# Running from : D:\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Siyar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_images.search.conduit.com_0.localstorage
File Deleted : C:\Users\Siyar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_images.search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Siyar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Siyar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Siyar\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Siyar\AppData\Local\APN
Folder Deleted : C:\Users\Siyar\AppData\Local\AVG Security Toolbar
Folder Deleted : C:\Users\Siyar\AppData\Local\Babylon
Folder Deleted : C:\Users\Siyar\AppData\Local\Conduit
Folder Deleted : C:\Users\Siyar\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Siyar\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Siyar\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Siyar\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Siyar\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Siyar\AppData\Roaming\Babylon
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2481020
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2697549
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00F1A65D97AD1E11D8D76334268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\029DEE7E67AD1E113852DB04268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03576BC0A7AD1E1188A9A434268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04CFD72C0A6D1E1179AC85E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07B0B68797AD1E118A6A4E24268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0828D86187AD1E1129764B14268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\088A41FE97AD1E114BD41434268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\090E991ED42E1E11D93A5C2F168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0F968E620A6D1E11B999E6D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF1D43997AD1E11FA430034268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2010C0B997AD1E111983F034268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\20414E2897AD1E116B041F24268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\241E1DAF97AD1E11CBD65434268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D5CB10287AD1E112AF1CB14268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41B9E26133CD1E114A4E096D168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42B7416F0A6D1E112971B6E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\435ED11E0A6D1E1138C146E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\466B1A160A6D1E11DAFD1AD3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\600642CA97AD1E11EB30A134268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61C07F78D42E1E113849882F168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\638A55350A6D1E114AE6C9D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\63C6A3960A6D1E1199A78AD3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65BE09BB77AD1E1129594214268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\67F9C62077AD1E11BA0CBC04268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6967575E4ADD1E11E9E591AF068807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A0601CF0A6D1E11EA66D6E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D34269C97AD1E11DAE42334268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DE790BA0A6D1E111B7A93E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F874FC077AD1E11FB2CCC04268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\72D3312E1E95E8C4AAA81BADB30D5FC0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\74E6A1B4EEAA8A942B405B51643FD2FC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\800967B40A6D1E1129B8C8D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\814DDE340A6D1E11B833B8D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\818F60F20A6D1E1149E987D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8225E07F67AD1E1138657C04268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\83011A2A97AD1E1139DD6134268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85D3F53D0A6D1E112BC9F5E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\860F3B99848D1E119B5569D6168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87B1CC30A7AD1E117BC59434268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8849E84D67AD1E11A8881B04268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8A7FEEA8848D1E11D8ABF7D6168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B065BD72ADD1E116B25978F068807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B58DAA50A6D1E11C924D9D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B8DC47DD42E1E119948EB2F168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8BCF643B0A6D1E113A80C4E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C52E23087AD1E11BB364914268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980D2637EBB4E31449BDFE2D7447AE03
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D0E499F53381f84992C7A212CF1D8F5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A301910E5ADD1E11CBD5C1BF068807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A51CAA4F77AD1E116923D714268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6EA75AD0A6D1E116B9506E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A81E6B410A6D1E11B98E66D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD31AEF90A6D1E112B67A2E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF79D8530A6D1E11296968D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA82713BF2918244BB38D4D3626E2F31
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C5A5C56BD42E1E11AA061B2F168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C61425DC0A6D1E11488AE5E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6D6135E97AD1E11783A0434268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6D68CEE0A6D1E1129B096E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB5F24F10A6D1E118B7AD6D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBE5FFA897AD1E11CA349F24268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC46BC9AD42E1E11B93ADA2F168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E0B84F7CD42E1E113A65AB2F168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E0C668D287AD1E117AAAFB14268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E318FDD30A6D1E115956A8D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E58C26300A6D1E11EBCF16D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E81243990A6D1E117B9C52E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E90A558E0A6D1E111A4356E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E942FF4ABC342DA42A4C40617E8ADC8C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF874E5B67AD1E113A7B2A04268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\Software\OpenCandy NSIS SDK
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Google Chrome v28.0.1500.63

File : C:\Users\Siyar\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.27] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Deleted [l.30] : keyword = "isearch.avg.com",
Deleted [l.34] : search_url = "hxxp://isearch.avg.com/search?cid={065DD786-EC85-43E6-89D6-4FDF14DFD372}&mid=47[...]
Deleted [l.2126] : homepage = "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE",

*************************

AdwCleaner[S1].txt - [23374 octets] - [28/06/2013 09:38:20]

########## EOF - C:\AdwCleaner[S1].txt - [23435 octets] ##########



#7 vatos

vatos
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 28 June 2013 - 02:51 AM

I had a problem with aswMBR. I followed your instructions, but when I clicked scan, the window popped up "The program does not respond. I just can choose "close the program" or "check online for a solution". But there was no solution.

Thats why I just got this small log:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-28 09:48:51
-----------------------------
09:48:51.068    OS Version: Windows 6.1.7600
09:48:51.068    Number of processors: 4 586 0xF0B
09:48:51.068    ComputerName: SIYAR-PC  UserName: Siyar
09:49:03.688    Initialize success
09:49:16.948    The log file has been saved successfully to "C:\Users\Siyar\Desktop\aswMBR.txt"



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:22 AM

Posted 28 June 2013 - 08:49 PM

Ok, there are some system errors which may be causing these problems.
Please back up any important data.


Please run the chkdsk utility on the volume OS.



Please run chkdsk /r and sfc /scannow

Click on the Start orb startorb_zps06e1f985.png , type in cmd in the Search programs and files box. When cmd is seen in Programs right click on it, then click on Run as administrator.

You will see a screen similar to the one below.

Screenshot2.jpg


Type in chkdsk c:/r then press Enter.

You will receieve the message "CHKDSK cannot be run because it is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? <Y/N>".

Type in Y and press Enter.

Restart your computer to start the scan.

This will take a while to run, please be patient and allow it to complete the scan.

The sfc /scannow command scans all protected system files and replaces corrupted and incorrect versions with correct Microsoft versions.

Click on the Start orb startorb_zps06e1f985.png, the type in cmd in the Search programs and files.

cmd will appear in Programs above, right click on it, then click on Run as administrator.

If you are prompted for an administrator password or for a confirmation, enter the password, or click Allow.

A page similar to the one below will open.

Screenshot2.jpg

Type in sfc /scannow and then press Enter to start the scan.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 vatos

vatos
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 29 June 2013 - 12:53 PM

Thanks alot for your help, boopme. I followed all your instructions and it took me like 4 hours completely. At the last scan after, it said "No violations found". I guess, unfortunately it hasn't found the virus :(



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:22 AM

Posted 29 June 2013 - 08:40 PM

Lets try one more thing here.
 
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 vatos

vatos
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 30 June 2013 - 05:40 AM

Thanks again for the help, boopme.

Here is the log:

 

Farbar Service Scanner Version: 27-06-2013
Ran by Siyar (administrator) on 30-06-2013 at 12:40:18
Running from "C:\Users\Siyar\Desktop"
Windows 7 Ultimate  (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs".
The ServiceDll of winmgmt: "C:\Users\Siyar\wgsdgsdgdsgsd.exe".

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-02-13 18:19] - [2013-01-04 06:55] - 1287528 ____A (Microsoft Corporation) BBCEAEFF1FD72A026F827CBB2F4AA8AD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll
[2011-04-04 07:27] - [2010-12-21 07:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-10-10 11:03] - [2012-06-02 06:45] - 0139264 ____A (Microsoft Corporation) F2FDE6C8DBAAD44CC58D1E07E4AF4EED

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****



#12 vatos

vatos
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 30 June 2013 - 10:04 AM

When I try to install AVG it says "AVG Setup Self Extractor based on 7 Zip has stopped working". This happens alot when I try to install programs since I got that infection. I really dont know what this could be. Like I said, I installed some stuff before (1-2 days before this infection) but I deleted them (i dont know if completely or if I got a virus) cause I cant install any antivirus program.



#13 vatos

vatos
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 30 June 2013 - 02:37 PM

I solved it now. I started windows in safe mode and installed anti virus program because it wasnt possible when I logged in normally without safe mode. Then I restarted the computer, started the system normally and started antivirus. One virus was found and since then, everything is ok :D



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:22 AM

Posted 30 June 2013 - 08:53 PM

Excellent! thanks for the update.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users