Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Inline hook win32k.sys (rootkit maybe?), Impossible to Remove?


  • Please log in to reply
5 replies to this topic

#1 The Sodist

The Sodist

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 22 December 2013 - 03:11 AM

Using a Windows 7 computer.

 

About two weeks ago, sometimes I would not be able to access certain websites in my web browser, google chrome, and it says "This webpage is not available." I ran a diagnostic with windows which said that my DNS server is not responding so I tried some things to make sure that it would work. After that didn't work, I ran a virus scan with AVG and Avast. Avast found nothing while AVG found two things. They were:
"";"Inline hook win32k.sys EngSetPointerTag+0x190 -> 0xFFFFF95F8023D132, <unknown>";"Infected"
"";"Inline hook win32k.sys EngFntCacheLookUp+0xFFFFF95F8012A981, <unknown>";"Infected"
So then I downloaded malwarebytes and mbar, started my computer in safe mode while disconnected from the internet, scanned with both of those, avast, and AVG, and deleted everything that they found. I started my computer again and it still had the problem. I then started to search for this problem on the internet and apparently no one can really fix this. Someone even used nuke.bat in the Avenger, and it didn't get rid of it. I am at a complete loss at what to do. Please help.


Edited by The Sodist, 22 December 2013 - 03:17 AM.


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:50 PM

Posted 22 December 2013 - 09:05 AM

I ran a virus scan with AVG and Avast

 

 

 

I believe your problem is that you have two antivirus applications running at one time.

 

I suggest that you uninstall both of them.

 

Then run the removal tools and reboot after each.

 

http://www.avast.com/en-us/uninstall-utility

http://www.avg.com/us-en/utilities

 

 

After the reboot then Choose only one of them and re-install it.

 

 

 

Then follow the steps below to make sure that there is not something lurking on your machine.

Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

 


Download Security Check by screen317 from here.


  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe After the scan is finished then click on File>>>>>>>>>>>Save The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option. in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.

 

 


Update and do a quick scan with Malwarebytes remove all that it finds and reboot.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Post the log here,

  • Please download Adware cleaner from the link below.
  • http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
  • Save it to your desktop.
  • Right click run as admin.
  • Hit the scan button.
  • Allow completion.
  • Make sure all items are ticked.
  • Hit the clean button.
  • Even if no items are displayed to be ticked hit the clean button anyway.
  • The machine will reboot this is normal.
  • Post the log in your next reply.

 

Please download JRT from here & double click to start the program.

  1. Hit any key when prompted and allow it to run through it's process.

    H2HaYv4.png
  2. Post the log when it's finished.


#3 The Sodist

The Sodist
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 22 December 2013 - 04:48 PM

Results of MiniToolBox

MiniToolBox by Farbar  Version: 18-12-2013
Ran by A (administrator) on 22-12-2013 at 14:53:57
Running from "C:\Users\A\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Hamachi Network Interface = Hamachi (Connected)
NETGEAR WNA3100 N300 Wireless USB Adapter = Wireless Network Connection 4 (Connected)
Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Hardware not present)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=25.0.0.1 publish=Yes
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : A-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.mn.comcast.net.
 
Wireless LAN adapter Wireless Network Connection 4:
 
   Connection-specific DNS Suffix  . : hsd1.mn.comcast.net.
   Description . . . . . . . . . . . : NETGEAR WNA3100 N300 Wireless USB Adapter
   Physical Address. . . . . . . . . : 9C-D3-6D-16-54-EC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:2:5000:bc6:146e:6285:d457:5070(Preferred) 
   Temporary IPv6 Address. . . . . . : 2601:2:5000:bc6:69c7:c046:4ce4:50ae(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::146e:6285:d457:5070%19(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.0.3(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, December 22, 2013 2:48:05 PM
   Lease Expires . . . . . . . . . . : Sunday, December 29, 2013 2:48:05 PM
   Default Gateway . . . . . . . . . : fe80::ba9b:c9ff:feaa:29d2%19
                                       10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 463262573
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-D7-19-B3-1C-6F-65-4E-75-D3
   DNS Servers . . . . . . . . . . . : 2001:558:feed::2
                                       2001:558:feed::1
                                       208.67.222.222
                                       208.67.220.220
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Hamachi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Hamachi Network Interface
   Physical Address. . . . . . . . . : 7A-79-19-23-34-DA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2620:9b::1923:34da(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::3d2a:720f:eb3f:69ad%14(Preferred) 
   IPv4 Address. . . . . . . . . . . : 25.35.52.218(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Lease Obtained. . . . . . . . . . : Sunday, December 22, 2013 2:47:57 PM
   Lease Expires . . . . . . . . . . : Monday, December 22, 2014 2:50:04 PM
   Default Gateway . . . . . . . . . : 2620:9b::1900:1
                                       25.0.0.1
   DHCP Server . . . . . . . . . . . : 25.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 326793533
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-D7-19-B3-1C-6F-65-4E-75-D3
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{A19AC574-5AFA-4BED-A5BC-6A19D560F5AA}:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::200:5efe:25.35.52.218%11(Preferred) 
   Default Gateway . . . . . . . . . : 
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Local Area Connection* 11:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:20e6:321:f5ff:fffc(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::20e6:321:f5ff:fffc%12(Preferred) 
   Default Gateway . . . . . . . . . : 
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.hsd1.mn.comcast.net.:
 
   Connection-specific DNS Suffix  . : hsd1.mn.comcast.net.
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5efe:10.0.0.3%21(Preferred) 
   Default Gateway . . . . . . . . . : 
   DNS Servers . . . . . . . . . . . : 2001:558:feed::2
                                       2001:558:feed::1
                                       208.67.222.222
                                       208.67.220.220
   NetBIOS over Tcpip. . . . . . . . : Disabled
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  2001:558:feed::2
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
 
Pinging google.com [2607:f8b0:4009:806::1005] with 32 bytes of data:
Request timed out.
Request timed out.
 
Ping statistics for 2607:f8b0:4009:806::1005:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  2001:558:feed::2
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=57ms TTL=51
Reply from 98.139.183.24: bytes=32 time=70ms TTL=51
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 57ms, Maximum = 70ms, Average = 63ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=10ms TTL=128
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 3ms, Maximum = 10ms, Average = 6ms
===========================================================================
Interface List
 19...9c d3 6d 16 54 ec ......NETGEAR WNA3100 N300 Wireless USB Adapter
 14...7a 79 19 23 34 da ......Hamachi Network Interface
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         25.0.0.1     25.35.52.218   9256
          0.0.0.0          0.0.0.0         10.0.0.1         10.0.0.3     25
         10.0.0.0    255.255.255.0         On-link          10.0.0.3    281
         10.0.0.3  255.255.255.255         On-link          10.0.0.3    281
       10.0.0.255  255.255.255.255         On-link          10.0.0.3    281
         25.0.0.0        255.0.0.0         On-link      25.35.52.218   9256
     25.35.52.218  255.255.255.255         On-link      25.35.52.218   9256
   25.255.255.255  255.255.255.255         On-link      25.35.52.218   9256
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      25.35.52.218   9256
        224.0.0.0        240.0.0.0         On-link          10.0.0.3    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      25.35.52.218   9256
  255.255.255.255  255.255.255.255         On-link          10.0.0.3    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0         25.0.0.1  Default 
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 19    281 ::/0                     fe80::ba9b:c9ff:feaa:29d2
 14   9020 ::/0                     2620:9b::1900:1
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:9d38:90d7:20e6:321:f5ff:fffc/128
                                    On-link
 19     33 2601:2:5000:bc6::/64     On-link
 19    281 2601:2:5000:bc6:146e:6285:d457:5070/128
                                    On-link
 19    281 2601:2:5000:bc6:69c7:c046:4ce4:50ae/128
                                    On-link
 19    281 2601:2:5000:bc6:fb35:22de:6752:bde1/128
                                    On-link
 14    276 2620:9b::/96             On-link
 14    276 2620:9b::1923:34da/128   On-link
 14    276 fe80::/64                On-link
 19    281 fe80::/64                On-link
 12    306 fe80::/64                On-link
 21    281 fe80::5efe:10.0.0.3/128  On-link
 11    281 fe80::200:5efe:25.35.52.218/128
                                    On-link
 19    281 fe80::146e:6285:d457:5070/128
                                    On-link
 12    306 fe80::20e6:321:f5ff:fffc/128
                                    On-link
 14    276 fe80::3d2a:720f:eb3f:69ad/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 14    276 ff00::/8                 On-link
 19    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
===========================================================================
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/22/2013 02:47:04 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (12/22/2013 02:47:04 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (12/22/2013 02:47:04 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (12/22/2013 02:47:04 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (12/22/2013 02:47:04 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (12/22/2013 02:47:03 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (12/22/2013 02:47:03 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)
 
Error: (12/22/2013 02:47:03 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (12/22/2013 02:47:03 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
 
Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))
 
Error: (12/22/2013 02:32:21 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed AVG 2014; Error = 0x8007043c).
 
 
System errors:
=============
Error: (12/22/2013 02:47:04 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (12/22/2013 02:47:04 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
 
Error: (12/22/2013 02:46:55 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (12/22/2013 02:46:54 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (12/22/2013 02:42:32 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (12/22/2013 02:42:32 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (12/22/2013 02:42:32 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (12/22/2013 02:40:26 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (12/22/2013 02:40:26 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (12/22/2013 02:40:26 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (12/22/2013 02:47:04 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
 
Error: (12/22/2013 02:47:04 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (12/22/2013 02:47:04 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (12/22/2013 02:47:04 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (12/22/2013 02:47:04 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
 
Error: (12/22/2013 02:47:03 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
 
Error: (12/22/2013 02:47:03 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)
 
Error: (12/22/2013 02:47:03 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
1100
 
Error: (12/22/2013 02:47:03 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))
 
Error: (12/22/2013 02:32:21 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VInstalled AVG 20140x8007043c
 
 
=========================== Installed Programs ============================
 
@BIOS Ver.2.06 (Version: 2.06)
µTorrent (Version: 3.3.2.30303)
64 Bit HP CIO Components Installer (Version: 6.2.1)
7-Zip 9.21 (Version: 9.21.00.0)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Reader X (10.1.8) (Version: 10.1.8)
ADRIFT Runner
ARMA 2: Operation Arrowhead Beta
Audacity 2.0.2 (Version: 2.0.2)
AVG Security Toolbar (Version: 17.2.0.38)
Battle.net
BattlEye for OA Uninstall
BattlEye Uninstall
BufferChm (Version: 130.0.331.000)
C3 (Version: 0.5.2143)
C4600 (Version: 130.0.425.000)
Cain & Abel v4.9.43
CCleaner (Version: 4.08)
Church Of Change DEMO Game (Version: 1.00)
Clownfish for Skype
Contagion
Cube World version 0.0.1 (Version: 0.0.1)
D3DX10 (Version: 15.4.2368.0902)
Destinations (Version: 130.0.0.0)
Dev-C++ 5 beta 9 release (4.9.9.2)
DeviceDiscovery (Version: 130.0.372.000)
Dota 2
Fallout 3 - Game of the Year Edition
Fraps (remove only)
Freemake Video Downloader (Version: 3.5.3)
Game Dev Tycoon version 1.3.9 (Version: 1.3.9)
Garry's Mod
GeForce Experience NvStream Client Components (Version: 1.6.28)
Google Chrome (Version: 31.0.1650.63)
Google Update Helper (Version: 1.3.22.3)
GPBaseService2 (Version: 130.0.371.000)
Guild Wars 2
Half-Life Dedicated Server Update Tool
Hearthstone
Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5 (Version: 13.0)
HP Print Projects 1.0 (Version: 1.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 4.000.011.006)
HPPhotoGadget (Version: 130.0.282.000)
hpPrintProjects (Version: 130.0.303.000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
hpWLPGInstaller (Version: 130.0.303.000)
HTML TADS Player Kit
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java SE Development Kit 7 Update 5 (64-bit) (Version: 1.7.0.50)
Java™ 7 Update 5 (64-bit) (Version: 7.0.50)
JavaFX 2.1.1 (64-bit) (Version: 2.1.1)
JavaFX 2.1.1 (Version: 2.1.1)
JavaFX 2.1.1 SDK (64-bit) (Version: 2.1.1)
Junk Mail filter update (Version: 15.4.3502.0922)
LogMeIn Hamachi (Version: 2.2.0.109)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 130.0.374.000)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 2.0.672.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (Version: 11.0.60610.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (Version: 11.0.60610.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Might & Magic: Duel of Champions
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mumble 1.2.4 (Version: 1.2.4)
NETGEAR WNA3100 wireless USB 2.0 adapter (Version: 1.01.206)
Nexus Mod Manager (Version: 0.45.2)
Notepad++ (Version: 6.3)
NVIDIA 3D Vision Controller Driver 331.82 (Version: 331.82)
NVIDIA 3D Vision Driver 331.82 (Version: 331.82)
NVIDIA Control Panel 331.82 (Version: 331.82)
NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1)
NVIDIA Graphics Driver 331.82 (Version: 331.82)
NVIDIA Install Application (Version: 2.1002.142.992)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA Network Service (Version: 1.0)
NVIDIA PhysX (Version: 9.13.0725)
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3182)
NVIDIA Update 10.11.15 (Version: 10.11.15)
NVIDIA Update Core (Version: 10.11.15)
NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19)
OpenOffice.org 3.4 (Version: 3.4.9590)
Pando Media Booster (Version: 2.6.0.7)
Path of Exile (Version: 0.11.3.26690)
Portal
Portal 2
PowerISO (Version: 5.8)
PS_AIO_05_C4600_Software_Min (Version: 130.0.425.000)
PunkBuster Services (Version: 0.993)
Rags Suite (Version: 2.4.0)
RaidCall (Version: 7.2.6-1.0.8500.17)
Realtek High Definition Audio Driver (Version: 6.0.1.6449)
Scan (Version: 13.0.0.0)
Scratch (Version: 1.4.0.0)
Sharpened Steel
SHIELD Streaming (Version: 1.6.85)
Shop for HP Supplies (Version: 13.0)
Skype™ 6.11 (Version: 6.11.102)
SmartWebPrinting (Version: 130.0.373.000)
Smite (Version: 0.1.1706.0)
SolutionCenter (Version: 130.0.373.000)
Source SDK Base 2007
Status (Version: 130.0.373.000)
Steam (Version: 1.0.0.0)
Super Hexagon
TeamSpeak 3 Client (Version: 3.0.11)
TeamViewer 8 (Version: 8.0.22298)
Terraria
The Binding of Isaac
The Elder Scrolls III: Morrowind
The Elder Scrolls Online Beta (Version: 0.3.4)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
Tribes Ascend (Version: 1.0.1268.1)
Unity Web Player (Version: )
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
War Thunder Launcher 1.0.1.171
WebReg (Version: 130.0.132.017)
Winamp (Version: 5.63 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Yontoo 1.10.02 (Version: 1.10.02)
 
========================= Devices: ================================
 
Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Description: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 27%
Total physical RAM: 8189.55 MB
Available physical RAM: 5901.28 MB
Total Pagefile: 16377.29 MB
Available Pagefile: 14031.01 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.07 MB
 
========================= Partitions: =====================================
 
2 Drive c: () (Fixed) (Total:232.88 GB) (Free:14.97 GB) NTFS
3 Drive d: (GW2_DVD2) (CDROM) (Total:5.73 GB) (Free:0 GB) UDF
 
========================= Users: ========================================
 
User accounts for \\A-PC
 
A                        Administrator            Guest                    
 
 
**** End of log ****
 
Results of Security Check
 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 JavaFX 2.1.1    
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.170  
 Adobe Reader 10.1.8 Adobe Reader out of Date!
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log``````````````````````
 
Results of Autoruns
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "11/26/2013 3:21 AM"
+ "NvBackend" "NVIDIA GeForce Experience Backend" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\update core\nvbackend.exe" "12/9/2013 8:07 PM"
+ "Nvtmru" "NVIDIA NvTmru Application" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\nvidia update core\nvtmru.exe" "11/8/2013 1:21 AM"
+ "RtHDVCpl" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravcpl64.exe" "8/26/2011 4:00 AM"
+ "ShadowPlay" "NVIDIA Capture Server Proxy" "NVIDIA Corporation" "c:\windows\system32\nvspcap64.dll" "12/9/2013 8:01 PM"
+ "Skytel" "Realtek Voice  Manager" "Realtek Semiconductor Corp." "c:\program files\realtek\audio\hda\skytel.exe" "11/24/2008 12:15 AM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" "" "12/22/2013 2:47 PM"
+ "20131121" "" "" "File not found: C:\Program Files\AVAST Software\Avast\setup\emupdate\82823d6c-afc2-46c3-b00d-216cc0a33187.exe /check" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe" "4/4/2013 3:05 PM"
+ "LogMeIn Hamachi Ui" "Hamachi Client Application" "LogMeIn Inc." "c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe" "11/29/2013 9:07 AM"
+ "PWRISOVM.EXE" "PowerISO Virtual Drive Manager" "Power Software Ltd" "c:\program files (x86)\poweriso\pwrisovm.exe" "10/23/2013 7:52 AM"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Oracle Corporation" "c:\program files (x86)\common files\java\java update\jusched.exe" "7/2/2013 10:16 AM"
+ "vProt" "" "" "File not found: C:\Program Files (x86)\AVG Secure Search\vprot.exe" ""
+ "WinampAgent" "Winamp Agent" "Nullsoft, Inc." "c:\program files (x86)\winamp\winampa.exe" "6/28/2012 9:40 AM"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "6/11/2013 7:36 PM"
+ "HP Digital Imaging Monitor.lnk" "HP Digital Imaging Monitor" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe" "5/21/2009 11:12 PM"
+ "NETGEAR WNA3100 Genie.lnk" "Netgear" "" "c:\program files (x86)\netgear\wna3100\wna3100.exe" "12/1/2011 5:18 AM"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "1/6/2010 10:18 PM"
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "7/13/2009 5:58 PM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" "12/18/2013 9:30 PM"
+ "Internet Explorer" "" "" "File not found: C:\Windows\system32\ie4uinit.exe" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe" "7/13/2009 5:42 PM"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" "" "12/12/2013 7:14 AM"
+ "C3" "C3" "Vivox" "c:\program files (x86)\vivox\c3\c3.exe" "6/25/2013 9:29 AM"
+ "Clownfish" "Clownfish for Skype" "Bogdan Sharkov" "c:\program files (x86)\clownfish\clownfish.exe" "11/15/2013 7:29 AM"
+ "DW6" "" "" "File not found: C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" ""
+ "Google Update" "Google Installer" "Google Inc." "c:\users\a\appdata\local\google\update\googleupdate.exe" "2/15/2012 8:43 PM"
+ "msnmsgr" "" "" "File not found: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" ""
+ "Skype" "Skype " "Skype Technologies S.A." "c:\program files (x86)\skype\phone\skype.exe" "11/14/2013 10:33 AM"
+ "Steam" "Steam Client Bootstrapper (buildbot_winslave04_steam_steam_rel_client_win32@winslave04)" "Valve Corporation" "c:\program files (x86)\steam\steam.exe" "12/11/2013 12:59 PM"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 10:53 PM"
+ "ANotepad++64" "ShellHandler for Notepad++ (64 bit)" "" "c:\program files (x86)\notepad++\nppshell_05.dll" "6/18/2012 9:24 AM"
+ "PowerISO" "PowerISOShell DLL" "Power Software Ltd" "c:\program files (x86)\poweriso\pwrisosh.dll" "10/23/2013 8:07 AM"
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll" "6/9/2012 7:20 AM"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 10:53 PM"
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files (x86)\7-zip\7-zip.dll" "4/11/2011 12:13 AM"
+ "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext32.dll" "6/9/2012 7:20 AM"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 10:53 PM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll" "2/28/2013 2:39 PM"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "8/5/2012 9:45 PM"
+ "PowerISO" "PowerISOShell DLL" "Power Software Ltd" "c:\program files (x86)\poweriso\pwrisosh.dll" "10/23/2013 8:07 AM"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "8/5/2012 9:45 PM"
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files (x86)\7-zip\7-zip.dll" "4/11/2011 12:13 AM"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" "" "8/5/2012 9:45 PM"
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files (x86)\7-zip\7-zip.dll" "4/11/2011 12:13 AM"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 10:53 PM"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll" "7/13/2009 7:32 PM"
+ "NvCplDesktopContext" "NVIDIA Display Shell Extension" "NVIDIA Corporation" "c:\windows\system32\nvshext.dll" "11/11/2013 8:44 AM"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 10:53 PM"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll" "7/13/2009 7:09 PM"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "6/16/2012 8:41 AM"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "" "File not found: C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll" ""
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "6/16/2012 8:41 AM"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll" "9/3/2013 6:24 AM"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "Apache Software Foundation" "c:\program files (x86)\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll" "4/13/2012 4:04 AM"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "6/16/2012 8:41 AM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll" "2/28/2013 2:39 PM"
+ "PowerISO" "PowerISOShell DLL" "Power Software Ltd" "c:\program files (x86)\poweriso\pwrisosh.dll" "10/23/2013 8:07 AM"
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll" "6/9/2012 7:20 AM"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "6/16/2012 8:41 AM"
+ "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext32.dll" "6/9/2012 7:20 AM"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "6/16/2012 8:41 AM"
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll" "6/9/2012 7:20 AM"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "6/16/2012 8:41 AM"
+ "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext32.dll" "6/9/2012 7:20 AM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "12/7/2013 8:19 PM"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll" "5/4/2012 3:10 PM"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll" "5/4/2012 3:11 PM"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll" "3/28/2011 10:12 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "12/22/2013 3:02 PM"
+ "HP Print Enhancer" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll" "5/19/2009 10:23 PM"
+ "HP Smart BHO Class" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll" "5/19/2009 10:23 PM"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll" "10/8/2013 8:43 AM"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll" "10/8/2013 8:43 AM"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll" "3/28/2011 9:32 PM"
+ "Windows Live Messenger Companion Helper" "Windows Live Messenger Companion Core" "Microsoft Corporation" "c:\program files (x86)\windows live\companion\companioncore.dll" "3/8/2012 8:13 PM"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" "" "12/18/2013 9:30 PM"
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll" "3/8/2012 8:13 PM"
+ "Messenger Companion (Ctrl+Shift+C)" "Windows Live Messenger Companion Core" "Microsoft Corporation" "c:\program files (x86)\windows live\companion\companioncore.dll" "3/8/2012 8:13 PM"
+ "Show or hide HP Smart Web Printing" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll" "5/19/2009 10:23 PM"
"Task Scheduler" "" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.9 r900" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe" "12/1/2013 12:09 PM"
+ "\Adobe online update program" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe" "4/4/2013 3:05 PM"
+ "\avast! Emergency Update" "" "" "File not found: C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe" ""
+ "\AVG-Secure-Search-Update_JUNE2013_HP_rmv" "" "" "File not found: C:\Windows\TEMP\{7739FD58-67BF-4A02-BDAE-AB3EBF00B296}.exe" ""
+ "\AVG-Secure-Search-Update_JUNE2013_TB_rmv" "" "" "File not found: C:\Windows\TEMP\{48EDC87F-A735-445E-8CB1-AE9F8743C29A}.exe" ""
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe" "11/21/2013 9:55 PM"
+ "\Google Updater and Installer" "Google Installer" "Google Inc." "c:\users\a\appdata\local\google\update\googleupdate.exe" "2/15/2012 8:43 PM"
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "2/15/2012 8:43 PM"
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "2/15/2012 8:43 PM"
+ "\GoogleUpdateTaskUserS-1-5-21-1094168904-4271760461-690734051-1000Core" "Google Installer" "Google Inc." "c:\users\a\appdata\local\google\update\googleupdate.exe" "2/15/2012 8:43 PM"
+ "\GoogleUpdateTaskUserS-1-5-21-1094168904-4271760461-690734051-1000UA" "Google Installer" "Google Inc." "c:\users\a\appdata\local\google\update\googleupdate.exe" "2/15/2012 8:43 PM"
+ "\HP online update program" "hpwuSchd Application" "Hewlett-Packard" "c:\program files (x86)\hp\hp software update\hpwuschd2.exe" "5/8/2007 3:24 PM"
+ "\Java Update Scheduler" "Java™ Update Scheduler" "Oracle Corporation" "c:\program files (x86)\common files\java\java update\jusched.exe" "7/2/2013 10:16 AM"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll" "3/8/2012 8:13 PM"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "6/10/2009 2:36 PM"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "7/13/2009 6:24 PM"
+ "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe" "11/20/2010 4:24 AM"
+ "\{6276C6B3-9F21-4D52-90D9-E8918EA5AAE4}" "" "" "File not found: C:\Program Files (x86)\Xfire\Xfire.exe" ""
+ "\{E9CA3D33-F8EB-4EC4-B850-AFD8E01B02CC}" "" "" "File not found: C:\Program Files (x86)\Xfire\Xfire.exe" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "7/27/2013 6:35 PM"
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe" "4/4/2013 3:05 PM"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe" "12/1/2013 12:09 PM"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe" "4/19/2011 8:04 PM"
+ "FreemakeVideoCapture" "CaptureLibService" "Ellora Assets Corp." "c:\program files (x86)\freemake\capturelib\capturelibservice.exe" "7/27/2013 12:54 AM"
+ "fsssvc" "This service enables Family Safety on the computer. If this service is not running, Family Safety will not work." "Microsoft Corporation" "c:\program files (x86)\windows live\family safety\fsssvc.exe" "3/8/2012 8:21 PM"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "2/15/2012 8:43 PM"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "2/15/2012 8:43 PM"
+ "Hamachi2Svc" "Hamachi Client Tunneling Engine" "LogMeIn Inc." "c:\program files (x86)\logmein hamachi\hamachi-2.exe" "11/29/2013 9:14 AM"
+ "HiPatchService" "HiPatchService" "Hi-Rez Studios" "c:\program files (x86)\hi-rez studios\hipatchservice.exe" "8/13/2013 1:32 PM"
+ "hpqcxs08" "HP CUE Context Manager Objects" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll" "5/21/2009 7:21 PM"
+ "hpqddsvc" "This service detects and monitors CUE devices on the system." "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll" "5/21/2009 11:02 PM"
+ "LMIGuardianSvc" "Support LogMeIn processes with quality assurance feedback" "LogMeIn, Inc." "c:\program files (x86)\logmein hamachi\lmiguardiansvc.exe" "10/11/2013 4:38 AM"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe" "2/28/2013 2:38 PM"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe" "2/28/2013 2:38 PM"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll" "12/3/2008 8:35 AM"
+ "NvNetworkService" "NVIDIA Network Service" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe" "12/6/2013 9:09 AM"
+ "NvStreamSvc" "Service for SHIELD Streaming" "NVIDIA Corporation" "c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe" "12/9/2013 8:19 AM"
+ "nvsvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvvsvc.exe" "11/11/2013 8:44 AM"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll" "12/3/2008 8:35 AM"
+ "PnkBstrA" "PunkBuster Service Component [v1036] http://www.evenbalance.com" "" "c:\windows\syswow64\pnkbstra.exe" "12/19/2011 2:53 PM"
+ "rpcapd" "Allows to capture traffic on this machine from a remote machine." "" "File not found: C:\Program Files (x86)\WinPcap\rpcapd.exe -d -f C:\Program Files (x86)\WinPcap\rpcapd.ini" ""
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe" "9/5/2013 3:31 AM"
+ "Steam Client Service" "Steam Client Service monitors and updates Steam content" "Valve Corporation" "c:\program files (x86)\common files\steam\steamservice.exe" "12/11/2013 12:57 PM"
+ "Stereo Service" "Provides system support for NVIDIA Stereoscopic 3D driver" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe" "11/11/2013 8:35 AM"
+ "TeamViewer8" "TeamViewer Remote Software" "TeamViewer GmbH" "c:\program files (x86)\teamviewer\version8\teamviewer_service.exe" "10/1/2013 6:13 AM"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll" "5/26/2013 11:51 PM"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe" "3/28/2011 10:11 PM"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe" "11/20/2010 5:18 AM"
+ "WSWNA3100" "Wifi Service" "" "c:\program files (x86)\netgear\wna3100\wifisvc.exe" "12/7/2011 3:54 AM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "7/27/2013 6:35 PM"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys" "12/5/2008 5:54 PM"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys" "5/1/2007 11:30 AM"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys" "2/27/2007 6:04 PM"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys" "7/13/2009 5:19 PM"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys" "4/19/2011 7:53 PM"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys" "4/19/2011 7:22 PM"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys" "3/18/2010 6:45 PM"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys" "3/20/2009 12:36 PM"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys" "3/19/2010 10:18 AM"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys" "5/24/2007 3:27 PM"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys" "1/14/2009 1:27 PM"
+ "Avgdiska" "AVG File Vault Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgdiska.sys" "11/5/2013 2:55 PM"
+ "avgtp" "" "AVG Technologies" "c:\windows\system32\drivers\avgtpx64.sys" "8/29/2013 1:25 AM"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys" "2/13/2009 4:18 PM"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys" "4/26/2009 5:14 AM"
+ "BCMH43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwlhigh664.sys" "4/19/2011 1:13 AM"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys" "8/6/2006 7:51 PM"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys" "8/6/2006 7:51 PM"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys" "8/6/2006 7:51 PM"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys" "8/6/2006 7:51 PM"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys" "8/6/2006 7:51 PM"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys" "8/9/2006 6:11 AM"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys" "7/13/2009 5:19 PM"
+ "EagleX64" "" "" "File not found: C:\Windows\system32\drivers\EagleX64.sys" ""
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys" "12/31/2008 10:29 AM"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys" "2/3/2009 4:52 PM"
+ "gdrv" "" "" "File not found: C:\Windows\gdrv.sys" ""
+ "hamachi" "Hamachi Virtual Network Interface Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\hamachi.sys" "2/19/2009 4:36 AM"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys" "5/11/2009 2:26 AM"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys" "4/20/2010 12:32 PM"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys" "6/10/2010 6:46 PM"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys" "12/13/2005 3:47 PM"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys" "8/30/2011 3:24 AM"
+ "Linksys_adapter_H" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\ae2500w764.sys" "3/28/2011 6:22 PM"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys" "12/9/2008 4:46 PM"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys" "5/18/2009 6:20 PM"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys" "5/18/2009 6:31 PM"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys" "4/16/2009 4:13 PM"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys" "2/28/2013 2:33 PM"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys" "5/18/2009 7:09 PM"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys" "5/18/2009 7:25 PM"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys" "6/6/2006 3:11 PM"
+ "npf" "npf.sys (NT5/6 AMD64) Kernel Driver" "CACE Technologies, Inc." "c:\windows\system32\drivers\npf.sys" "6/25/2010 10:50 AM"
+ "nvlddmkm" "NVIDIA Windows Kernel Mode Driver, Version 331.82 " "NVIDIA Corporation" "c:\windows\system32\drivers\nvlddmkm.sys" "11/11/2013 7:24 AM"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys" "3/19/2010 2:59 PM"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys" "3/19/2010 2:45 PM"
+ "nvvad_WaveExtensible" "NVIDIA Virtual Audio Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvvad64v.sys" "12/4/2013 5:10 PM"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys" "1/22/2009 5:05 PM"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys" "5/18/2009 7:18 PM"
+ "RTL8167" "Realtek 8101E/8168/8169 NDIS 6.20 64-bit Driver                " "Realtek Corporation                                            " "c:\windows\system32\drivers\rt64win7.sys" "2/26/2009 3:04 AM"
+ "SCDEmu" "PowerISO Virtual Drive" "Power Software Ltd" "c:\windows\system32\drivers\scdemu.sys" "10/23/2013 8:10 AM"
+ "SCMNdisP" "General NDIS Protocol Driver" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\scmndisp.sys" "5/27/2011 4:30 AM"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys" "9/13/2006 7:18 AM"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys" "9/24/2008 12:28 PM"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys" "10/1/2008 3:56 PM"
+ "stexstor" "Promise  SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys" "2/17/2009 5:03 PM"
+ "Synth3dVsc" "" "" "File not found: System32\drivers\synth3dvsc.sys" ""
+ "tsusbhub" "@%SystemRoot%\system32\drivers\tsusbhub.sys,-2" "" "File not found: system32\drivers\tsusbhub.sys" ""
+ "VGPU" "" "" "File not found: System32\drivers\rdvgkmd.sys" ""
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys" "7/13/2009 5:19 PM"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys" "1/30/2009 7:18 PM"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "12/7/2013 8:18 PM"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "7/13/2009 7:28 PM"
+ "VIDC.FPS1" "Fraps" "Beepa P/L" "c:\windows\system32\frapsv64.dll" "5/28/2011 6:26 AM"
+ "VIDC.XFR1" "Xfire Video Codec" "" "c:\windows\system32\xfcodec64.dll" "7/25/2012 4:47 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "12/22/2013 2:47 PM"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm" "7/13/2009 7:06 PM"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll" "11/20/2010 5:59 AM"
+ "VIDC.FPS1" "Fraps" "Beepa P/L" "c:\windows\syswow64\frapsvid.dll" "5/28/2011 6:26 AM"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "7/13/2009 10:53 PM"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "3/8/2012 8:32 PM"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "3/8/2012 8:32 PM"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "3/8/2012 8:32 PM"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "3/8/2012 8:32 PM"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "3/8/2012 8:32 PM"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "3/8/2012 8:32 PM"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "3/8/2012 8:32 PM"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "3/8/2012 8:32 PM"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" "" "12/22/2013 2:47 PM"
+ " /sync /restart" "" "" "File not found: /sync" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" "" "7/13/2009 10:53 PM"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll" "3/28/2011 10:12 PM"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" "" "6/16/2012 7:29 PM"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll" "3/28/2011 9:31 PM"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll" "3/28/2011 9:31 PM"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" "" "6/16/2012 7:29 PM"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll" "3/28/2011 10:10 PM"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll" "3/28/2011 10:10 PM"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" "" "12/22/2013 2:48 PM"
+ "hpf3l083.dll" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpf3l083.dll" "10/6/2008 4:09 AM"
 
Results of Malwarebytes
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.22.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
A :: A-PC [administrator]
 
Protection: Enabled
 
12/22/2013 3:05:37 PM
mbam-log-2013-12-22 (15-05-37).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236727
Time elapsed: 4 minute(s), 16 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
Results of Adware Cleaner
# AdwCleaner v3.015 - Report created 22/12/2013 at 15:13:54
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : A - A-PC
# Running from : C:\Users\A\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\xfirexo
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\A\AppDAtA\LocAl\apn
Folder Deleted : C:\Users\A\AppDAtA\LocAl\AVG Secure Search
Folder Deleted : C:\Users\A\AppDAtA\LocAl\Conduit
Folder Deleted : C:\Users\A\AppDAtA\LocAl\GigglingGamesSA
Folder Deleted : C:\Users\A\AppDAtA\LocAlLow\AVG Secure Search
Folder Deleted : C:\Users\A\AppDAtA\LocAlLow\Conduit
Folder Deleted : C:\Users\A\AppDAtA\LocAlLow\PriceGong
Folder Deleted : C:\Users\A\AppDAtA\LocAlLow\searchresultstb
Folder Deleted : C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna
File Deleted : C:\END
File Deleted : C:\Users\A\AppDAtA\LocAl\Temp\Uninstall.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2304157
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3198785
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_audacity_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_audacity_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\SearchquSRTB
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\A\AppDAtA\RoAming\MozillA\Firefox\Profiles\75467yzd.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [9074 octets] - [22/12/2013 15:11:52]
AdwCleaner[S0].txt - [8852 octets] - [22/12/2013 15:13:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8912 octets] ##########
 
Results of JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by A on Sun 12/22/2013 at 15:19:58.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\MaskMyIP_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\MaskMyIP_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501158}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\MaskMyIP_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\MaskMyIP_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B8AAC081-75F2-442D-915F-C41A2A566C2A}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\A\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\A\appdata\local\shopping sidekick"
Successfully deleted: [Folder] "C:\Users\A\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{007C3258-AC90-4788-9499-E30A60C8B764}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{0582A51D-FAD4-4300-A3CF-DECB12EDD039}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{09740BEC-BB6B-41A8-BDDB-B644D8D8DAC1}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{0A7C2FAC-F1D5-418B-ACAE-CC5723BAC111}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{0BBDE7BD-1A34-4091-AEAF-6F80A693E708}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{1CEE672D-C7BF-40C5-BE1D-5C8C11480411}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{1E442EA6-4E7B-43BF-BD3C-15FFAEE42FB5}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{2945F123-92F2-4A99-B3F5-0B85843903E5}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{34A4DF17-6F33-4175-BA8A-E30539A41B6D}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{34E57C87-B69A-455F-B275-AA9B3BC5D426}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{40AAB8AE-4F20-428C-9D5E-25A1D76FB8A7}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{4F45BAF1-7F17-49B4-B84E-D358A8BF03BF}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{50925DC9-C1C3-4C5F-80CF-8FB4080AD807}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{537DFB29-9F8F-49C5-BF6E-19342191D859}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{5BB6F68D-C596-4961-BA50-C9877CEB3DB6}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{5DEA333C-1962-48CF-9765-C4C44B276AE1}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{6557E97C-A8EE-4CFD-B132-8366834F4736}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{65C6E54A-E664-4505-AEBA-5E9AD341F3EE}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{6923B6D2-0C23-473A-B748-E0168862BC2C}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{6E3601D6-C4CD-4B1C-8102-423330B6ACAD}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{709A5178-D809-4797-AC3B-42F0563CBB30}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{717F831A-625E-499B-B06E-838AC85E9393}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{7A169A4E-36F7-4789-B0D7-A6ED73CA3E4B}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{806CD252-F5CF-470D-B1CE-A7B89D209C61}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{895A33A6-148E-472D-A529-26BB6738C9EB}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{8EFC2B7C-0104-4AE3-B26C-29296E05C8E8}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{97A8B553-68A6-48AE-81A1-52251ED222D4}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{A41D267A-4456-4B31-94CD-E0BA5EEBF3B6}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{A9A09931-3D85-47A9-BE52-E770EA6F945F}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{AE8B6E91-2F85-4C44-89BE-02F60A9FC672}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{B805B9EB-0AEB-4060-B4F4-58923145652A}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{B9F5DF76-86CA-48FF-8806-3F74B03F9725}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{C88E3AF1-E5B0-4984-BC04-63237D130679}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{CC17C15F-0298-4695-9075-F89305A78AB0}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{D34887C2-E962-4DEE-AF09-920009C17F8F}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{E4E8A187-73BE-455D-8F3F-349C28F12800}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{EA3E3084-F16A-4ADA-AF4E-ACA79B78DAAC}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{EA68B1D6-199E-40C8-BCFB-968BB65D7ABE}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{EC55697A-0F04-48B9-A62E-C968094DA546}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{ECCC81BA-B252-4CE1-A412-3DA72C51DD92}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{EE96908D-E717-499A-BED7-B24C8567D758}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{F242D859-718E-4B7E-8828-54ECA282ACF8}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{F2447922-1F5B-4358-AEF2-BD43B63FBE8C}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{F93F6137-A190-4C16-97CD-CB6D4BF5697F}
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/22/2013 at 15:26:28.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:50 PM

Posted 22 December 2013 - 06:25 PM

Un-related to your current issue but you are having dns time outs.

Open your device manager and un install your wireless driver make sure and do not tick the box that says delete driver reboot the machine. ( windows will re-install on reboot)

 

You can find the best dns server for your machine with this tool. ( NameBench)

 

 

http://code.google.com/p/namebench/downloads/detail?name=namebench-1.3.1-Windows.exe Direct Download.

 

Then once the tool has ran and displayed the best dns for your machine then apply the settings.

http://www.computerhope.com/issues/ch001161.htm

 

Then Open an Elevated Command Prompt.

http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/

 

Then Copy and paste the content of the code box one at a time hitting enter after each.

 

ipconfig /flushdns
ipconfig /registerdns

 

 

Then Disable Ipv6

http://go.microsoft.com/?linkid=9728869 (MS Fixit)

 

Disable the tunnel Adapters.

 

http://go.microsoft.com/?linkid=9728872

 

Run the TCP Optimizer.

SAve it to your desktop.

Right Click Run As Admin.

Bottom Right HAnd Corner Select  Optimal

Apply ok ok then reboot.

http://www.speedguide.net/files/TCPOptimizer.exe

 

Empty your Temp Files.

http://www.bleepingcomputer.com/download/tfc/dl/92/

 

 

 

 

 

 

Please download FarbarServiceScanner and run it on the computer with the issue.


Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

 

___________________-

 

Download tdss killer

http://support.kaspersky.com/downloads/utils/tdsskiller.exe


Right Click it Run As Admin xp users double click . Click on Change parameters Select TDLFS file system

Hit the Scan button Post the LOG In your next reply

Do not change the default options on scan results

 

___________________________________________-
 

 

Download, & save & then run the MS Safety scanner
Run a Full Scan
http://www.microsoft.com/security/scanner/en-us/default.aspx
Post. the result.

The safety scanner log should be called msert.txt
It should be located in the same folder as where you had msert.exe
If not there, then look for it under c:\windows

 

 

 

____________________________________________-

 

Run a scan with Eset. You will need to disable your antivirus during this scan.
http://www.eset.com/us/online-scanner/
Make sure remove found threats and scan archives is checked.
When the scan finish list found threats save to clipboard copy to notepad Post the log here.


Tell me how the machine is running now.



#5 The Sodist

The Sodist
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 23 December 2013 - 03:43 PM

FSS Results

Farbar Service Scanner Version: 05-12-2013

Ran by A (administrator) on 22-12-2013 at 20:23:08
Running from "C:\Users\A\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
TDSS Killer Results
It didn't give me a log, but it said I was clean.
 
MS Safety Scanner Results
Couldn't find the log after 30 minutes. It said I was clean.
 
Eset Results
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir Win32/Adware.Yontoo.B application
 
My computer is running perfect as of right now, and I don't expect to have any more problems with this virus. If I have any I will post back here, but I don't anticipate having any. Thanks for all your help  :hug:


#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:50 PM

Posted 23 December 2013 - 04:52 PM

Ok I think we are done here if you are satisfied. :guitar:

 

 

 

As a last couple step you could run this to disable un-needed start ups.

 

https://www.malwarebytes.org/startuplite/

 

 

And to be safe on the web use this.

 

https://www.mywot.com/

 

 

Might also be a good idea to empty the temp files on that machine as well.

http://www.bleepingcomputer.com/download/tfc/

 

 

 

 

Now that we are done we need to clean up the disinfection tools we used along the way.
Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)

Put a check mark next the items below:

 

 

  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset System Settings
  • Activate UAC

Now click on "Run" button.
Allow the program to complete its work.
All the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users