Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Image Pop Ups For Various Programs


  • Please log in to reply
18 replies to this topic

#1 Swizzle1223

Swizzle1223

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT,USA
  • Local time:03:50 AM

Posted 03 October 2013 - 05:01 PM

 heres a example for one of the errors 

taskmgr.exe-Bad Image

C:/PROGRA~2/WI3C8A/Datamngr/x64/datamngr.dll is either not designed to run on Windows or it contains and error. Try installing the program again using original installation media or contact you system administrator or the software vendor for support.


Edited by Swizzle1223, 03 October 2013 - 07:12 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 sflatechguy

sflatechguy

  • BC Advisor
  • 2,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 AM

Posted 03 October 2013 - 05:12 PM

Chances are your system has been infected with malware. Have the forum moderator move this topic over to the Am I infected? forum.



#3 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:50 AM

Posted 03 October 2013 - 05:25 PM

What happened prior to this issue arising?

#4 Swizzle1223

Swizzle1223
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT,USA
  • Local time:03:50 AM

Posted 03 October 2013 - 07:00 PM

nothing that i can remember of :(



#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:50 AM

Posted 03 October 2013 - 07:02 PM

Please perform the following, so that we can get the exact specs of your computer. This will better assist us in helping you more.

Publish a Snapshot using Speccy

The below is for those who cannot get online

Please take caution when attaching a text file to your post if you cannot copy/paste the link to your post, you will need to edit it to make sure that your Windows Key is not present.

Please download MiniToolBox, and save it to your desktop and run it.
Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

#6 Swizzle1223

Swizzle1223
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT,USA
  • Local time:03:50 AM

Posted 03 October 2013 - 07:09 PM

how do i attach files to this post ? 



#7 Swizzle1223

Swizzle1223
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT,USA
  • Local time:03:50 AM

Posted 03 October 2013 - 07:15 PM

My System Specs From Speccy
Operating System
Windows 7 Home Premium 64-bit SP1
CPU
Intel Pentium E5700 @ 3.00GHz 48 °C
Wolfdale 45nm Technology
RAM
8.00GB Single-Channel DDR3 @ 398MHz (6-6-6-15)
Motherboard
Dell Inc. 018D1Y (CPU 1) 36 °C
Graphics
DELL IN1920 (1366x768@60Hz)
1024MB NVIDIA GeForce GT 430 (NVIDIA) 38 °C
Hard Drives
596GB Western Digital WDC WD6400AAKS-75A7B2 (SATA) 40 °C
Optical Drives
PLDS DVD+-RW DH-16ABS
Audio
High Definition Audio Device

From The minitoolbox 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Ant (administrator) on 03-10-2013 at 20:09:06
Running from "C:\Users\Ant\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Hamachi Network Interface = Hamachi (Hardware not present)
TAP-Win32 Adapter V9 (Tunngle) = Tunngle (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=25.0.0.1 publish=Yes
set interface interface="Local Area Connection* 13-WFP LightWeight Filter-0000" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Ant-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin
 
Ethernet adapter Local Area Connection* 17:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Anchorfree HSS Adapter
   Physical Address. . . . . . . . . : 00-FF-E3-70-97-85
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Tunngle:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TAP-Win32 Adapter V9 (Tunngle)
   Physical Address. . . . . . . . . : 00-FF-31-6F-DE-41
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : B8-AC-6F-DF-3B-04
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4c80:9298:53f8:e536%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.2.3(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, October 03, 2013 5:39:37 PM
   Lease Expires . . . . . . . . . . : Monday, November 10, 2149 2:38:37 AM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 246983791
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-8F-80-8B-B8-AC-6F-DF-3B-04
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.Belkin:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter 6TO4 Adapter:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Reusable Microsoft 6To4 Adapter:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{E3709785-DC28-492B-A0A5-CCAF3FA6EF78}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{316FDE41-7342-47DF-AE83-63ACE87CC090}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 19:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:1cce:2091:3f57:fdfc(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1cce:2091:3f57:fdfc%29(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Local Area Connection* 20:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  
Address:  192.168.2.1
 
Name:    google.com
Addresses:  2607:f8b0:4007:805::1002
 74.125.224.135
 74.125.224.136
 74.125.224.137
 74.125.224.142
 74.125.224.128
 74.125.224.129
 74.125.224.130
 74.125.224.131
 74.125.224.132
 74.125.224.133
 74.125.224.134
 
 
Pinging google.com [74.125.224.137] with 32 bytes of data:
Reply from 74.125.224.137: bytes=32 time=91ms TTL=48
Reply from 74.125.224.137: bytes=32 time=92ms TTL=48
 
Ping statistics for 74.125.224.137:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 91ms, Maximum = 92ms, Average = 91ms
Server:  
Address:  192.168.2.1
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=37ms TTL=52
Reply from 98.139.183.24: bytes=32 time=45ms TTL=52
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 37ms, Maximum = 45ms, Average = 41ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 22...00 ff e3 70 97 85 ......Anchorfree HSS Adapter
 13...00 ff 31 6f de 41 ......TAP-Win32 Adapter V9 (Tunngle)
 10...b8 ac 6f df 3b 04 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 30...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 31...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
 25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
 29...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 32...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.3     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.3    276
      192.168.2.3  255.255.255.255         On-link       192.168.2.3    276
    192.168.2.255  255.255.255.255         On-link       192.168.2.3    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.3    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.3    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0         25.0.0.1  Default 
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 29     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 29     58 2001::/32                On-link
 29    306 2001:0:5ef5:79fd:1cce:2091:3f57:fdfc/128
                                    On-link
 10    276 fe80::/64                On-link
 29    306 fe80::/64                On-link
 29    306 fe80::1cce:2091:3f57:fdfc/128
                                    On-link
 10    276 fe80::4c80:9298:53f8:e536/128
                                    On-link
  1    306 ff00::/8                 On-link
 29    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
===========================================================================
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (10/03/2013 05:40:38 PM) (Source: BstHdAndroidSvc) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (10/03/2013 05:40:17 PM) (Source: SetupARService) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (10/03/2013 05:39:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x511246e7
Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x511246e7
Exception code: 0xc0000005
Fault offset: 0x00002c60
Faulting process id: 0x788
Faulting application start time: 0xDefaultTabSearch.exe0
Faulting application path: DefaultTabSearch.exe1
Faulting module path: DefaultTabSearch.exe2
Report Id: DefaultTabSearch.exe3
 
Error: (10/03/2013 00:30:19 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (10/02/2013 09:29:21 PM) (Source: Application Hang) (User: )
Description: The program ArmA2OA.exe version 1.62.95.248 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 3294
 
Start Time: 01cebfd7f295fe8a
 
Termination Time: 1
 
Application Path: C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
 
Report Id: 3573b6ea-2bcb-11e3-b8da-b8ac6fdf3b04
 
Error: (10/02/2013 09:24:05 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (10/02/2013 09:24:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (10/02/2013 08:23:12 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (10/02/2013 08:23:12 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (10/02/2013 00:32:11 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
 
System errors:
=============
Error: (10/03/2013 06:10:06 PM) (Source: DCOM) (User: )
Description: C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}2{06622D85-6856-4460-8DE1-A81921B41C4B}
 
Error: (10/03/2013 05:55:40 PM) (Source: DCOM) (User: )
Description: C:\Windows\SysWOW64\DllHost.exe /Processid:{AD3EDBCA-0901-415B-82E9-C16D3B65E38C}2{3519154C-227E-47F3-9CC9-12C3F05817F1}
 
Error: (10/03/2013 05:42:30 PM) (Source: Service Control Manager) (User: )
Description: The DefaultTabSearch service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/03/2013 05:42:12 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service failed to start due to the following error: 
%%1053
 
Error: (10/03/2013 05:42:12 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.
 
Error: (10/03/2013 05:40:38 PM) (Source: Service Control Manager) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (10/03/2013 05:39:48 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3
 
Error: (10/03/2013 05:39:48 PM) (Source: Service Control Manager) (User: )
Description: The LibUsb-Win32 - Daemon, Version 0.1.10.1 service failed to start due to the following error: 
%%2
 
Error: (10/03/2013 05:39:19 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (10/03/2013 05:39:15 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
 
Microsoft Office Sessions:
=========================
Error: (10/03/2013 05:40:38 PM) (Source: BstHdAndroidSvc)(User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (10/03/2013 05:40:17 PM) (Source: SetupARService)(User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (10/03/2013 05:39:57 PM) (Source: Application Error)(User: )
Description: DefaultTabSearch.exe0.0.0.0511246e7DefaultTabSearch.exe0.0.0.0511246e7c000000500002c6078801cec08111c86c8cC:\Program Files (x86)\DefaultTab\DefaultTabSearch.exeC:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe58d6c3e1-2c74-11e3-994d-b8ac6fdf3b04
 
Error: (10/03/2013 00:30:19 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE
 
Error: (10/02/2013 09:29:21 PM) (Source: Application Hang)(User: )
Description: ArmA2OA.exe1.62.95.248329401cebfd7f295fe8a1C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe3573b6ea-2bcb-11e3-b8da-b8ac6fdf3b04
 
Error: (10/02/2013 09:24:05 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE
 
Error: (10/02/2013 09:24:01 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Epson Software\Download Navigator\EPSDNAVI.EXE
 
Error: (10/02/2013 08:23:12 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE
 
Error: (10/02/2013 08:23:12 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE
 
Error: (10/02/2013 00:32:11 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-07-24 22:55:09.869
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-24 22:54:37.287
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-24 22:54:30.957
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-24 22:53:54.645
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-24 22:53:18.392
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-24 22:52:38.377
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-24 22:07:46.661
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-24 22:05:49.477
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-24 21:58:23.369
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-24 21:56:04.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
4shared Desktop
Adobe Flash Player 10 ActiveX (Version: 10.1.85.3)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Reader 9.4.3 (Version: 9.4.3)
Aeria Ignite (Version: 1.12.2553)
Aeria Ignite (Version: 1.13.3296)
Age of Empires III - The WarChiefs (Version: 1.00.0000)
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Arma 2
ArmA 2 Free Uninstall
Arma 2: Operation Arrowhead
Ask Toolbar for Epson (Version: 12.3.0.981)
Audacity 1.2.6
AutoKeyPresser (Version: 0.0.0.2)
AVG 2012 (Version: 12.0.3222)
AVG 2012 (Version: 12.1.2242)
AVG 2012 (Version: 2012.1.2242)
AVS Image Converter 2.0.2.160
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Editor 6
AVS Video Recorder 2.4
AVS4YOU Software Navigator 1.4
BabyMaker v1.5 (Version: 1.5)
Bandicam
Bandisoft MPEG-1 Decoder
Battle.net
Battlefield 3™ (Version: 1.6.0.0)
Battlefield 4™ Beta (Version: 1.0.0.0)
Battlelog Web Plugins (Version: 2.3.0)
BattlEye (A2Free) Uninstall
BattlEye for OA Uninstall
Belkin Setup and Router Monitor
Big Fish Games: Game Manager (Version: 2.0.1.43)
BitTorrent (Version: 7.6.1)
BlueStacks App Player (Version: 0.7.10.869)
BlueStacks Notification Center (Version: 0.7.10.869)
Bonjour (Version: 3.0.0.10)
BrotherSoft Extreme Toolbar (Version: 6.3.2.90)
CamStudio
Camtasia Studio 8 (Version: 8.0.2.918)
CCleaner (Version: 3.02)
CleanUp!
Conduit Engine (Version: 6.3.2.17)
Curse Client (Version: 5.1.1.792)
D3DX10 (Version: 15.4.2368.0902)
DayZ Commander (Version: 0.92.90)
DC Universe Online Live
DefaultTab (Version: 2.2.3.0)
Dell Edoc Viewer (Version: 1.0.0)
Diablo III
Diner Dash
DivX Setup (Version: 2.2.0.24)
Dolby Axon - 1.5.1.0 (Version: 1.5.1.0)
Download Updater (AOL LLC)
Duel of Champions
Empire Earth II - Gold Edition (Version: 1.00.0000)
Epson Connect Printer Setup (Version: 1.1.1)
EPSON Connect version 1.0 (Version: 1.0)
Epson Customer Participation (Version: 1.6.0.0)
Epson Event Manager (Version: 3.10.0017)
EPSON Scan
EPSON XP-310 Series Printer Uninstall
EpsonNet Print (Version: 2.6.0)
ESN Sonar (Version: 0.70.4)
Far Cry 3 (Version: 1.04)
FoxTab PDF Creator
Fraps (remove only)
FrostWire 5.6.2 (Version: 5.6.2.1)
GameRanger
GeForce Experience NvStream Client Components (Version: 0.1.87)
Ghost Recon Online (NCSA-Live) (Version: 1.25.2612.2)
Google Chrome (Version: 29.0.1547.76)
Google Drive (Version: 1.11.4865.2530)
Google Update Helper (Version: 1.3.21.153)
GoToAssist 8.0.0.514
Guns of Icarus Online
Gyazo 1.0
Happy Cloud Client (Version: 1.293)
HiJackThis (Version: 1.0.0)
Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0)
HP Deskjet 3050 J610 series Basic Device Software (Version: 22.0.334.0)
HP Deskjet 3050 J610 series Help (Version: 140.0.63.63)
HP Deskjet 3050 J610 series Product Improvement Study (Version: 22.0.334.0)
HP Photo Creations (Version: 1.0.0.3341)
HP Update (Version: 5.002.005.003)
iLivid (Version: 1.80.0.106596)
iMesh (Version: 11.0.0.128628)
InstallIQ Updater (Version: 1.4.2.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
Internet Explorer (Version: 8)
iTunes (Version: 10.7.0.21)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 21 (64-bit) (Version: 6.0.210)
Java™ 6 Update 29 (Version: 6.0.290)
JungleTimer (Version: 4.0.0.5)
Junk Mail filter update (Version: 15.4.3502.0922)
Killing Floor
League of Legends (Version: 1.3)
LibUSB-Win32-0.1.10.1 (Version: 0.1.10.1)
LivingPlay
LogMeIn Hamachi (Version: 2.1.0.284)
LOLReplay (Version: 0.8.1.4)
LTCM Client (Version: 1.20.3792)
MechWarrior Online (Version: 1.4.1.0)
MediaFire Express (beta) (Version: 0.11.0.3001)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Expression Encoder 4 (Version: 4.0.3205.0)
Microsoft Expression Encoder 4 Screen Capture Codec (Version: 4.0.3205.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (Version: 11.0.60610.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
MorphVOX Pro (Version: 4.3.13)
MotioninJoy Gamepad tool 0.7.1001 (Version: 0.7.1001)
Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mumble 1.2.3 (Version: 1.2.3)
Notepad++ (Version: 5.9.3)
NVIDIA 3D Vision Controller Driver 326.01 (Version: 326.01)
NVIDIA 3D Vision Driver 327.23 (Version: 327.23)
NVIDIA Control Panel 327.23 (Version: 327.23)
NVIDIA GeForce Experience 1.6.1 (Version: 1.6.1)
NVIDIA Graphics Driver 327.23 (Version: 327.23)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.133.902)
NVIDIA PhysX (Version: 9.13.0725)
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2723)
NVIDIA Update 8.3.14 (Version: 8.3.14)
NVIDIA Update Components (Version: 8.3.14)
NVIDIA Virtual Audio 1.2.5 (Version: 1.2.5)
ooVoo (Version: 3.0.7008)
Origin (Version: 8.5.0.4554)
osu! (Version: 0.0.0.0)
Overwolf (Version: 0.44.256)
PlanetSide 2
Plants vs. Zombies™
PlayClaw (Version: 2.1.0.1492)
PowerISO (Version: 4.8)
Project64 1.6 (Version: 1.6)
PunkBuster Services (Version: 0.993)
Quake Live Mozilla Plugin (Version: 1.0.520)
QuickTime (Version: 7.69.80.9)
RaidCall (Version: 7.1.0-1.0.4066.93)
Razer Comms (Version: 1.40.0)
Razer Core (Version: 1.0.1.17)
Razer Game Booster (Version: 3.7)
REACTOR (Version: 1.00.0000)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealUpgrade 1.1 (Version: 1.1.0)
Revo Uninstaller 1.94 (Version: 1.94)
Revo Uninstaller Pro 3.0.5 (Version: 3.0.5)
RingtoneJunkiez Desktop (Version: 1.0.0)
RockMelt (Version: 0.16.91.483)
Roxio Burn (Version: 1.01)
Shape Collage
SHIELD Streaming (Version: 1.05.28)
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.5 (Version: 6.5.158)
Smite (Version: 0.1.1706.0)
Software Updater (Version: 4.1.4)
Software Version Updater (Version: 1.1.3.6)
Speccy (Version: 1.23)
Star Wars JK II Jedi Outcast (Version: 1.0)
Star Wars: The Old Republic (Version: 1.00)
Steam (Version: 1.0.0.0)
System Requirements Lab CYRI (Version: 6.0.7.0)
TeamSpeak 3 Client
TeamSpeak 3 Client (Version: 3.0.13)
TeamViewer 8 (Version: 8.0.22298)
Terraria
The Weather Channel App
TuneUp Utilities (Version: 9.0.2020.1)
TuneUp Utilities Language Pack (en-US) (Version: 9.0.2020.1)
Tunngle beta
TweetDeck (Version: 1.3.0)
Ulead VideoStudio SE DVD (Version: 10.0)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Uplay (Version: 2.0)
USB2.0 ATV
USB2.0 ATV (Version: 6.10.000.001)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Voxal Voice Changer (Version: 1.02)
War of the Roses
WildTangent Games (Version: 1.0.0.71)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.00 (32-bit) (Version: 4.00.0)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
Wolfteam
World of Battles (Version: 1.2.6)
World of Tanks
Yontoo Layers Runtime 1.10.01 (Version: 1.10.01)
ZD Soft Screen Recorder 4.1.3.0 (Version: 4.1.3.0)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 40%
Total physical RAM: 8190.98 MB
Available physical RAM: 4903.24 MB
Total Pagefile: 16380.15 MB
Available Pagefile: 13122.68 MB
Total Virtual: 4095.88 MB
Available Virtual: 3961.91 MB
 
========================= Partitions: =====================================
 
1 Drive c: (C DRIVE JAJAJA) (Fixed) (Total:583.32 GB) (Free:226.72 GB) NTFS
7 Drive i: (storage drive) (Fixed) (Total:149.04 GB) (Free:144.67 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\ANT-PC
 
Administrator            Ant                      Anthony's Game's         
ASPNET                   Guest                    UpdatusUser              
 
 
**** End of log ****


#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:50 AM

Posted 03 October 2013 - 07:29 PM

Please remove the following:

4shared Desktop
CCleaner (Version: 3.02)
CleanUp!
GoToAssist 8.0.0.514
HiJackThis (Version: 1.0.0)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 21 (64-bit) (Version: 6.0.210)
Java™ 6 Update 29 (Version: 6.0.290)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealUpgrade 1.1 (Version: 1.1.0)
TuneUp Utilities (Version: 9.0.2020.1)
TuneUp Utilities Language Pack (en-US) (Version: 9.0.2020.1)
WildTangent Games (Version: 1.0.0.71)


Run this tool JavaRA to remove all versions of Java then reinstall Java.

After that run the following tools:

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware
 

Please download Malwarebytes Anti-Malware
and save it to your desktop.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



SUPERAntiSpyware:
 
 

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Now GMER
 
 

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



#9 Swizzle1223

Swizzle1223
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT,USA
  • Local time:03:50 AM

Posted 03 October 2013 - 07:52 PM

alwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.03.06
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Ant :: ANT-PC [administrator]
 
10/3/2013 2:49:48 PM
mbam-log-2013-10-03 (14-49-48).txt
 
Scan type: Full scan (C:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 656352
Time elapsed: 2 hour(s), 46 minute(s), 33 second(s)
 
Memory Processes Detected: 2
C:\Users\Anthony's Game's\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab.A) -> 1980 -> No action taken.
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (PUP.Optional.InstallIQ.A) -> 11516 -> No action taken.
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 34
HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab) -> No action taken.
HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab) -> No action taken.
HKCR\DefaultTabBHO.DefaultTabBrowser.1 (PUP.Optional.DefaultTab) -> No action taken.
HKCR\DefaultTabBHO.DefaultTabBrowser (PUP.Optional.DefaultTab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} (PUP.Optional.BabylonToolBar.A) -> No action taken.
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> No action taken.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> No action taken.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> No action taken.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> No action taken.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> No action taken.
HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX.1 (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabSearch (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\iMeshIEHelper.DNSGuard (PUP.Optional.iMeshMusicBoxTB.A) -> No action taken.
HKCR\iMeshIEHelper.DNSGuard.1 (PUP.Optional.iMeshMusicBoxTB.A) -> No action taken.
HKCR\AppID\DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> No action taken.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> No action taken.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> No action taken.
HKCU\Software\AppDataLow\Software\DefaultTab (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabUpdate (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|InstallIQUpdater (PUP.Optional.InstallIQ.A) -> Data: "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun -> No action taken.
HKLM\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.3.0 -> No action taken.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 23
C:\Users\Anthony's Game's\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken.
C:\Program Files (x86)\DefaultTab (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Local\Temp\installdt.tmp (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Local\Temp\installdt.tmp\XPI (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Local\Temp\installdt.tmp\XPI\defaulttab (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\components (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale\en-US (PUP.Optional.DefaultTab.A) -> No action taken.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9} (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Cache (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache (PUP.Optional.Tarma.A) -> No action taken.
C:\Users\Ant\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Ant\AppData\Roaming\OpenCandy\OpenCandy_1B10388569F3480A88D4CBBB72FE4331 (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Ant\AppData\Roaming\OpenCandy\OpenCandy_4A0DA1B363E6404EB272025CEC42D9E4 (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Ant\AppData\Roaming\OpenCandy\OpenCandy_97A608475DE34A0FAE904E677033BB7A (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\OpenCandy\68EBE1C134114657982F358409CB856F (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\OpenCandy\CD264E0D5ABC415A89CB6BC0D3CFB303 (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\OpenCandy\OpenCandy_68EBE1C134114657982F358409CB856F (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\OpenCandy\OpenCandy_CD264E0D5ABC415A89CB6BC0D3CFB303 (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\DefaultTab\DefaultTab (PUP.Optional.DefaultTab.A) -> No action taken.
 
Files Detected: 80
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (PUP.Optional.InstallIQ.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (PUP.Optional.DefaultTab) -> No action taken.
C:\Users\Anthony's Game's\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> No action taken.
C:\Program Files (x86)\4shared Desktop\checkUpdate.exe (PUP.Optional.4Squared) -> No action taken.
C:\Program Files (x86)\4shared Desktop\desktop.exe (PUP.Optional.4Squared) -> No action taken.
C:\Program Files (x86)\FrostWire 5\frostwire-installer.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Program Files (x86)\FrostWire 5\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> No action taken.
C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\WeCareReminder\ReminderHelper.exe (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\WCAutoUpdate.exe (PUP.Optional.WeCare.A) -> No action taken.
C:\Users\Ant\.frostwire5\updates\frostwire-5.6.4.windows.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Ant\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.5.windows.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Ant\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Ant\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Ant\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.0.8.windows.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Ant\AppData\Roaming\OpenCandy\OpenCandy_1B10388569F3480A88D4CBBB72FE4331\LatestDLMgr.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Ant\AppData\Roaming\OpenCandy\OpenCandy_4A0DA1B363E6404EB272025CEC42D9E4\LatestDLMgr.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Ant\AppData\Roaming\OpenCandy\OpenCandy_97A608475DE34A0FAE904E677033BB7A\DLMgr_3_1.6.87.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Ant\Downloads\frostwire-4.21.1.windows(2).exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Ant\Downloads\frostwire-4.21.1.windows.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Ant\Downloads\frostwire-5.6.2.windows.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Ant\Downloads\VLC_32.exe (PUP.Optional.InstallIQ.A) -> No action taken.
C:\Users\Anthony's Game's\.frostwire5\updates\frostwire-5.5.5.windows.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Anthony's Game's\AppData\Local\Temp\Updater.exe (PUP.Optional.Amonetize.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe (PUP.Optional.DefaultTab) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe (PUP.Optional.DefaultTab) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll (PUP.Optional.DefaultTab) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll (PUP.Optional.DefaultTab) -> No action taken.
C:\Users\Anthony's Game's\Downloads\SoftonicDownloader_for_hamachi (1).exe (PUP.Optional.Softonic.A) -> No action taken.
C:\Users\Anthony's Game's\Downloads\SoftonicDownloader_for_hamachi.exe (PUP.Optional.Softonic.A) -> No action taken.
C:\Windows\Installer\68c108b.msi (PUP.Optional.WeCare.A) -> No action taken.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken.
C:\Program Files (x86)\DefaultTab\DefaultTab.crx (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Program Files (x86)\DefaultTab\uid (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (PUP.Optional.Searchqu.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Local\Temp\installdt.tmp\DefaultTab.xpi (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale\en-US\defaulttab.properties (PUP.Optional.DefaultTab.A) -> No action taken.
C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\Users\Ant\AppData\Roaming\OpenCandy\OpenCandy_1B10388569F3480A88D4CBBB72FE4331\1645.ico (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Ant\AppData\Roaming\OpenCandy\OpenCandy_1B10388569F3480A88D4CBBB72FE4331\AOL_Wrapper_p1v3Installer.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Ant\AppData\Roaming\OpenCandy\OpenCandy_4A0DA1B363E6404EB272025CEC42D9E4\1997.ico (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Ant\AppData\Roaming\OpenCandy\OpenCandy_4A0DA1B363E6404EB272025CEC42D9E4\RealPlayer_R61POC2_p13v1.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Ant\AppData\Roaming\OpenCandy\OpenCandy_97A608475DE34A0FAE904E677033BB7A\PPIRegistryReviverSetup.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Ant\AppData\Roaming\OpenCandy\OpenCandy_97A608475DE34A0FAE904E677033BB7A\PPIRegistryReviver_p21v1.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Ant\AppData\Roaming\OpenCandy\OpenCandy_97A608475DE34A0FAE904E677033BB7A\RevStarter.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\OpenCandy\68EBE1C134114657982F358409CB856F\driverscannerUSOPTOUTWin7.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\OpenCandy\68EBE1C134114657982F358409CB856F\driverscannerwin7USPOptOut_p1v6.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\OpenCandy\CD264E0D5ABC415A89CB6BC0D3CFB303\2516.ico (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\OpenCandy\CD264E0D5ABC415A89CB6BC0D3CFB303\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\OpenCandy\CD264E0D5ABC415A89CB6BC0D3CFB303\games_toolbar.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\OpenCandy\CD264E0D5ABC415A89CB6BC0D3CFB303\games_toolbar_p1v1.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\OpenCandy\CD264E0D5ABC415A89CB6BC0D3CFB303\OCBrowserHelper_1.0.2.73.dll (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\DefaultTab\DefaultTab\addon.ico (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\DefaultTab\DefaultTab\DT.ico (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\DefaultTab\DefaultTab\ebay_ie.ico (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\DefaultTab\DefaultTab\search_ie.ico (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\DefaultTab\DefaultTab\update.exe (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Anthony's Game's\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab.A) -> Delete on reboot.
C:\Users\Ant\Downloads\FrostWireInstaller.exe (Spyware.ZeuS) -> Quarantined and deleted successfully.
C:\Users\Anthony's Game's\Downloads\skype_06102012_image (1).zip (Trojan.FakeSkype) -> Quarantined and deleted successfully.
C:\Users\Anthony's Game's\Downloads\skype_06102012_image.zip (Trojan.FakeSkype) -> Quarantined and deleted successfully.
 
(end)


#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:50 AM

Posted 03 October 2013 - 08:02 PM

Go back through Malwarebytes and remove all those entries.

#11 Swizzle1223

Swizzle1223
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT,USA
  • Local time:03:50 AM

Posted 04 October 2013 - 02:41 PM

ok i just removed them all



#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:50 AM

Posted 04 October 2013 - 02:43 PM

Still getting the bad image on programs?

Can you also run Super Anti-Spyware and GMER

Edited by cryptodan, 04 October 2013 - 02:44 PM.


#13 Swizzle1223

Swizzle1223
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT,USA
  • Local time:03:50 AM

Posted 04 October 2013 - 02:44 PM

yes all programs still sadly most offen one is splwow6

 

 

 

 

 

scanning right now will post the logs in another post 


Edited by Swizzle1223, 04 October 2013 - 02:50 PM.


#14 Swizzle1223

Swizzle1223
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT,USA
  • Local time:03:50 AM

Posted 04 October 2013 - 03:33 PM

GMER LOG 

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-05 04:32:08
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596.17GB
Running: 179u8s7k.exe; Driver: C:\Users\Ant\AppData\Local\Temp\pfldrpow.sys
 
 
---- Kernel code sections - GMER 2.1 ----
 
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544                                                                                     fffff80003803000 63 bytes [00, 00, 51, 02, 54, 68, 72, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 610                                                                                     fffff80003803042 4 bytes [00, 00, 00, 00]
 
---- User code sections - GMER 2.1 ----
 
.text     C:\Windows\SysWOW64\svchost.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                          0000000075ef1465 2 bytes [EF, 75]
.text     C:\Windows\SysWOW64\svchost.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                         0000000075ef14bb 2 bytes [EF, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          0000000075ef1465 2 bytes [EF, 75]
.text     C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                         0000000075ef14bb 2 bytes [EF, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 0000000075ef1465 2 bytes [EF, 75]
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                0000000075ef14bb 2 bytes [EF, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2596] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                0000000072b31a22 2 bytes [B3, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2596] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                0000000072b31ad0 2 bytes [B3, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2596] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                0000000072b31b08 2 bytes [B3, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2596] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                0000000072b31bba 2 bytes [B3, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2596] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                0000000072b31bda 2 bytes [B3, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                         0000000075ef1465 2 bytes [EF, 75]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                        0000000075ef14bb 2 bytes [EF, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075ef1465 2 bytes [EF, 75]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075ef14bb 2 bytes [EF, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000075ef1465 2 bytes [EF, 75]
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 0000000075ef14bb 2 bytes [EF, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Users\Ant\AppData\Local\Akamai\netsession_win.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                     0000000075ef1465 2 bytes [EF, 75]
.text     C:\Users\Ant\AppData\Local\Akamai\netsession_win.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    0000000075ef14bb 2 bytes [EF, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         0000000075ef1465 2 bytes [EF, 75]
.text     C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        0000000075ef14bb 2 bytes [EF, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Users\Ant\AppData\Local\Akamai\netsession_win.exe[3828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                     0000000075ef1465 2 bytes [EF, 75]
.text     C:\Users\Ant\AppData\Local\Akamai\netsession_win.exe[3828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    0000000075ef14bb 2 bytes [EF, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    0000000075ef1465 2 bytes [EF, 75]
.text     C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                   0000000075ef14bb 2 bytes [EF, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000075ef1465 2 bytes [EF, 75]
.text     C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 0000000075ef14bb 2 bytes [EF, 75]
.text     ...                                                                                                                                                    * 2
 
---- User IAT/EAT - GMER 2.1 ----
 
IAT       C:\Windows\system32\winlogon.exe[836] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress]                                                   [55580002830] c:\windows\system32\uxtuneup.dll
IAT       C:\Windows\system32\winlogon.exe[836] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!ReadFile]                                                         [55580002710] c:\windows\system32\uxtuneup.dll
IAT       C:\Windows\system32\svchost.exe[1160] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress]                                                   [55580002830] c:\windows\system32\uxtuneup.dll
IAT       C:\Windows\system32\svchost.exe[1160] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!ReadFile]                                                         [55580002710] c:\windows\system32\uxtuneup.dll
 
---- Threads - GMER 2.1 ----
 
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [5300:5408]                                                                                         000007fefa042a7c
 
---- Registry - GMER 2.1 ----
 
Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{71B73E2C-BB5D-2DB2-7201-BA7A188E93EA}                                        
Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{71B73E2C-BB5D-2DB2-7201-BA7A188E93EA}@hafgikkpfkjeheoi                       0x6A 0x61 0x6D 0x6F ...
Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{71B73E2C-BB5D-2DB2-7201-BA7A188E93EA}@iapfoiblliggneclba                     0x6A 0x61 0x6D 0x6F ...
 
---- EOF - GMER 2.1 ----


#15 Swizzle1223

Swizzle1223
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT,USA
  • Local time:03:50 AM

Posted 04 October 2013 - 10:47 PM

for super anti i got rid of all the threats but i still have the bad imaged pop ups 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users