Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Firewall And Defender Won't Turn On


  • Please log in to reply
12 replies to this topic

#1 quietandmellow

quietandmellow

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 19 March 2013 - 07:25 PM

Mod Edit:Moved from Vista to Am I Infected ~~ boopme

 

I have the issue that I cannot turn on Windows Firewall or Defender.  When I try to turn on the firewall I get the error "Due to an unidentified problem, Windows cannot display Windows Firewall settings".  When I try to start Windows Defender I get the error "Windows Defender encounted an error: 0x80070424.  The specified service does not exist as an installed service."

 

Does anyone know if this a problem with the computer or possibly a virus?


Edited by boopme, 19 March 2013 - 08:06 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:22 PM

Posted 19 March 2013 - 07:26 PM

    

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg

  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    aswMBR1.png
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    aswMBR2.png
  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

    esetsmartinstaller_enu.png

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results


 



#3 quietandmellow

quietandmellow
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 19 March 2013 - 08:41 PM

Here is the aswMBR log:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-03-19 19:33:53
-----------------------------
19:33:53.865    OS Version: Windows 6.0.6002 Service Pack 2
19:33:53.865    Number of processors: 2 586 0x170A
19:33:53.865    ComputerName: MYCOMPUTER-PC  UserName: HOME
19:33:55.005    Initialize success
19:37:14.030    AVAST engine defs: 13031901
19:37:42.201    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:37:42.217    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
19:37:42.357    Disk 0 MBR read successfully
19:37:42.373    Disk 0 MBR scan
19:37:42.373    Disk 0 Windows VISTA default MBR code
19:37:42.389    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
19:37:42.420    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       296325 MB offset 3074048
19:37:42.477    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS         7419 MB offset 609947648
19:37:42.547    Disk 0 scanning sectors +625141760
19:37:42.647    Disk 0 scanning C:\Windows\system32\drivers
19:38:12.136    Service scanning
19:38:12.586    Service .cdrom \* **LOCKED** 123
19:38:34.970    Service MpKsl2e2fe7cc c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2AC29177-A305-4E4B-A678-F77D9B97D2F9}\MpKsl2e2fe7cc.sys **LOCKED** 32
19:39:05.846    Modules scanning
19:39:15.616    Disk 0 trace - called modules:
19:39:15.647    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:39:15.647    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86989418]
19:39:15.663    3 CLASSPNP.SYS[8a10d8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85610028]
19:39:17.223    AVAST engine scan C:\Windows
19:39:28.939    AVAST engine scan C:\Windows\system32
19:51:37.033    AVAST engine scan C:\Windows\system32\drivers
19:52:49.889    AVAST engine scan C:\Users\HOME
20:14:28.499    AVAST engine scan C:\ProgramData
20:24:16.430    Scan finished successfully
20:26:41.099    Disk 0 MBR has been saved successfully to "C:\Users\HOME\Desktop\MBR.dat"
20:26:41.219    The log file has been saved successfully to "C:\Users\HOME\Desktop\aswMBR.txt"

 

The ESET Online Scanner stated 'No threats found'.



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:22 PM

Posted 19 March 2013 - 08:47 PM

TDSSkiller log? Please post the last few lines of log alone

 

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Make sure you are connected to the Internet and double-click on the it to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log

 



#5 quietandmellow

quietandmellow
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 19 March 2013 - 08:49 PM

19:31:59.0344 3908  ============================================================
19:31:59.0344 3908  Scan finished
19:31:59.0344 3908  ============================================================
19:31:59.0354 3980  Detected object count: 0
19:31:59.0354 3980  Actual detected object count: 0
19:32:46.0269 4776  Deinitialize success



#6 quietandmellow

quietandmellow
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 19 March 2013 - 09:13 PM

Malwarebytes Log:

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.20.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
HOME :: HOME-PC [administrator]

3/19/2013 8:51:28 PM
mbam-log-2013-03-19 (20-51-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203344
Time elapsed: 10 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

Minitoolbar Log:

 

MiniToolBox by Farbar  Version:05-03-2013
Ran by HOME (administrator) on 19-03-2013 at 20:55:11
Running from "C:\Users\HOME\Downloads\Computer Protection"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : MYCOMPUTER-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-1E-33-D0-60-66
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
   Physical Address. . . . . . . . . : 00-24-D2-BE-8F-E1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : fd1a:7c36:a38f:0:cd94:f329:8187:409(Preferred)
   Temporary IPv6 Address. . . . . . : fd1a:7c36:a38f:0:4460:82ce:c9e5:2c2d(Preferred)
   Link-local IPv6 Address . . . . . : fe80::cd94:f329:8187:409%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.119(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, March 19, 2013 7:01:42 PM
   Lease Expires . . . . . . . . . . : Wednesday, March 20, 2013 7:01:41 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 285222098
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-DD-70-8A-00-1E-33-CE-6D-31
   DNS Servers . . . . . . . . . . . : 208.180.42.68
                                       208.180.42.100
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{0A2E6BA9-3B42-4B4C-BBFB-E7D86FD7E9DB}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{8E0C4269-787D-4060-94E6-623603807EFF}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  rdns01.suddenlink.net
Address:  208.180.42.68

Name:    google.com
Addresses:  2607:f8b0:4000:801::1002
      74.125.225.233
      74.125.225.238
      74.125.225.224
      74.125.225.225
      74.125.225.226
      74.125.225.227
      74.125.225.228
      74.125.225.229
      74.125.225.230
      74.125.225.231
      74.125.225.232



Pinging google.com [74.125.227.129] with 32 bytes of data:

Reply from 74.125.227.129: bytes=32 time=79ms TTL=49

Reply from 74.125.227.129: bytes=32 time=129ms TTL=49



Ping statistics for 74.125.227.129:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 79ms, Maximum = 129ms, Average = 104ms

Server:  rdns01.suddenlink.net
Address:  208.180.42.68

Name:    yahoo.com
Addresses:  98.139.183.24
      206.190.36.45
      98.138.253.109



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=251ms TTL=45

Reply from 206.190.36.45: bytes=32 time=215ms TTL=45



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 215ms, Maximum = 251ms, Average = 233ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 10 ...00 1e 33 d0 60 66 ...... Realtek PCIe FE Family Controller
 11 ...00 24 d2 be 8f e1 ...... Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
  1 ........................... Software Loopback Interface 1
 13 ...00 00 00 00 00 00 00 e0  isatap.{0A2E6BA9-3B42-4B4C-BBFB-E7D86FD7E9DB}
 12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 14 ...00 00 00 00 00 00 00 e0  isatap.{8E0C4269-787D-4060-94E6-623603807EFF}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.119     30
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.119    286
    192.168.1.119  255.255.255.255         On-link     192.168.1.119    286
    192.168.1.255  255.255.255.255         On-link     192.168.1.119    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.119    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.119    286
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11     38 fd1a:7c36:a38f::/64      On-link
 11    286 fd1a:7c36:a38f:0:4460:82ce:c9e5:2c2d/128
                                    On-link
 11    286 fd1a:7c36:a38f:0:cd94:f329:8187:409/128
                                    On-link
 11    286 fe80::/64                On-link
 11    286 fe80::cd94:f329:8187:409/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    286 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/19/2013 08:34:13 PM) (Source: Application Error) (User: )
Description: Faulting application WksWP.exe, version 9.7.613.0, time stamp 0x466fad27, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,
process id 0x1644, application start time 0xWksWP.exe0.

Error: (03/19/2013 07:01:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1844494

Error: (03/19/2013 07:01:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1844494

Error: (03/19/2013 07:01:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/19/2013 02:30:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 59683284

Error: (03/19/2013 02:30:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 59683284

Error: (03/19/2013 02:30:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/18/2013 09:42:19 PM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerPlugin_11_6_602_180.exe, version 11.6.602.180, time stamp 0x51301434, faulting module ShimEng.dll_unloaded, version 0.0.0.0, time stamp 0x4549bdb7, exception code 0xc0000005, fault offset 0x6b164618,
process id 0xa68, application start time 0xFlashPlayerPlugin_11_6_602_180.exe0.


System errors:
=============
Error: (03/18/2013 09:28:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.145.2105.0){FC7E8195-F230-4EEA-B22F-E94A69B3D89D}201

Error: (03/18/2013 09:24:27 PM) (Source: Microsoft Antimalware) (User: )
Description: %HOME-PC60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 0.0.0.0

    Update Source: %HOME-PC51

    Update Stage: 4.2.0223.00

    Source Path: 4.2.0223.01

    Signature Type: %HOME-PC602

    Update Type: %HOME-PC604

    User: HOME-PC\HOME

    Current Engine Version: %HOME-PC605

    Previous Engine Version: %HOME-PC606

    Error code: %HOME-PC607

    Error description: %HOME-PC608

Error: (03/18/2013 09:24:27 PM) (Source: Service Control Manager) (User: )
Description: Microsoft Network InspectionMicrosoft Network Inspection System%%1075

Error: (03/18/2013 09:24:27 PM) (Source: Service Control Manager) (User: )
Description: Microsoft Network Inspection SystemBFE

Error: (03/18/2013 09:24:27 PM) (Source: Microsoft Antimalware) (User: )
Description: %HOME-PC60 has encountered an error trying to update the engine.

    New Engine Version:

    Previous Engine Version:

    Engine Type: %HOME-PC604

    User: HOME-PC\HOME

    Error Code: %HOME-PC601

    Error description: %HOME-PC602

Error: (03/18/2013 09:24:27 PM) (Source: Microsoft Antimalware) (User: )
Description: %HOME-PC60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version:

    Update Source: %HOME-PC15

    Update Stage: 4.2.0223.00

    Source Path: 4.2.0223.01

    Signature Type: %HOME-PC602

    Update Type: %HOME-PC604

    User: HOME-PC\HOME

    Current Engine Version: %HOME-PC605

    Previous Engine Version: %HOME-PC606

    Error code: %HOME-PC607

    Error description: %HOME-PC608

Error: (03/18/2013 09:22:48 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.145.2105.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.2.0223.00

    Source Path: 4.2.0223.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (03/18/2013 09:22:44 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update the engine.

    New Engine Version:

    Previous Engine Version:

    Engine Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Error Code: %NT AUTHORITY601

    Error description: %NT AUTHORITY602

Error: (03/18/2013 09:22:44 PM) (Source: Service Control Manager) (User: )
Description: Microsoft Network InspectionMicrosoft Network Inspection System%%1075

Error: (03/18/2013 09:22:43 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version:

    Update Source: %NT AUTHORITY15

    Update Stage: 4.2.0223.00

    Source Path: 4.2.0223.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-03-19 20:53:45.865
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-19 20:53:45.708
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-19 20:53:45.540
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-19 20:53:45.359
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-19 20:53:45.210
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-19 20:53:45.030
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-19 20:53:35.747
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-19 20:53:35.545
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-19 20:53:35.362
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-19 20:53:35.098
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

µTorrent (Version: 3.0.0)
Adobe AIR (Version: 3.6.0.6090)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Reader X (10.1.6) (Version: 10.1.6)
Amazon MP3 Downloader 1.0.17 (Version: 1.0.17)
Any Video Converter 3.5.7
Any Video Converter 5 5.0.4
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
AVG 2012 (Version: 12.0.2109)
AVG 2013 (Version: 13.0.2904)
AVG 2013 (Version: 2013.0.2904)
AVG Security Toolbar (Version: 14.2.0.1)
Bonjour (Version: 3.0.0.10)
Camera Assistant Software for Toshiba (Version: 1.7.254.0330L)
CCleaner (Version: 3.28)
CD/DVD Drive Acoustic Silencer (Version: 2.02.03)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
DIRECTV Player (Version: 4.00)
DVD MovieFactory for TOSHIBA (Version: 5.51)
ESET Online Scanner v3
Feedback Tool (Version: 1.1.0)
Free Audio CD Burner version 1.4
Free FLAC to MP3 Converter 1.0
GIMP 2.8.4 (Version: 2.8.4)
Google Desktop (Version: 5.9.1005.12335)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
Hoyle Board Games 2003 (Version: 1.0.0.0)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes (Version: 10.7.0.21)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.1 (Version: 2.1.1)
LochJournal 2.2
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Media Player Codec Pack 4.2.5 (Version: 4.2.5)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft XML Parser (Version: 8.20.8730.4)
Move Media Player
Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)
Mozilla Maintenance Service (Version: 19.0.2)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
PC Care Center (Version: 1.4.0.0)
Picasa 3 (Version: 3.9)
QuickTime (Version: 7.73.80.64)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 15.0.6)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5599)
REALTEK RTL8187B Wireless LAN Driver (Version: Package:1.00.0026 Driver:6.1116.1226.2007)
Realtek USB 2.0 Card Reader (Version: 6.0.6000.20130)
Realtek WiFi Protected Setup Library (Version: 1.00.0026)
RealUpgrade 1.1 (Version: 1.1.0)
Seagate Dashboard (Version: 1.1.0.1421)
Synaptics Pointing Device Driver (Version: 11.2.4.0)
Tenda Wireless LAN Card (Version: 1.5.6.0)
TOSHIBA Assist (Version: 2.01.08)
TOSHIBA ConfigFree (Version: 7.2.20)
TOSHIBA Desktop Links (Version: 1.7)
TOSHIBA Disc Creator (Version: 2.0.1.3)
TOSHIBA DVD PLAYER (Version: 1.31.14)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Face Recognition (Version: 2.0.2.32)
TOSHIBA Hardware Setup (Version: 2.00.08)
TOSHIBA Recovery Disc Creator (Version: 2.0.0.2)
Toshiba Registration (Version: 1.00.0000)
TOSHIBA Service Station (Version: 1.1.14)
TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04))
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password (Version: 2.00.04)
TOSHIBA Value Added Package (Version: 1.1.24)
TweetDeck (Version: 0.38.2)
TweetDeck (Version: 1.4.0)
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Wiki Cleaner
WildTangent Games (Version: 1.0.0.62)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.3369)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
Xvid Video Codec (Version: 1.3.2)
Yahoo! Messenger
Yahoo! Toolbar

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 55%
Total physical RAM: 2939.25 MB
Available physical RAM: 1322.61 MB
Total Pagefile: 6092.8 MB
Available Pagefile: 4086.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.25 MB

========================= Partitions: =====================================

1 Drive c: (SQ004980V02) (Fixed) (Total:289.38 GB) (Free:209.14 GB) NTFS
3 Drive f: (HP USB FD) (Removable) (Total:7.52 GB) (Free:5.18 GB) FAT32
4 Drive g: (HOME'S) (Removable) (Total:148.79 GB) (Free:132.04 GB) FAT32

========================= Users: ========================================

User accounts for \\HOME-PC

Administrator            Guest                    HOME                


**** End of log ****
 



#7 quietandmellow

quietandmellow
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 19 March 2013 - 09:14 PM

Farbar Service Scanner Log:

 

Farbar Service Scanner Version: 03-03-2013
Ran by HOME (administrator) on 19-03-2013 at 20:59:59
Running from "C:\Users\HOME\Downloads\Computer Protection"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-11 16:33] - [2010-06-16 11:39] - 0912776 ____A (Microsoft Corporation) 6A10AFCE0B38371064BE41C1FBFD3C6B

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 

AdwCleaner Log:

 

# AdwCleaner v2.115 - Logfile created 03/19/2013 at 21:06:12
# Updated 17/03/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : HOME - HOME-PC
# Boot Mode : Normal
# Running from : C:\Users\HOME\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : \END
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Users\HOME\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\HOME\AppData\Local\AVG Security Toolbar
Folder Deleted : C:\Users\HOME\AppData\Local\PackageAware
Folder Deleted : C:\Users\HOME\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\HOME\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\HOME\AppData\Roaming\Mozilla\Firefox\Profiles\etnx3ti7.default\Conduit
Folder Deleted : C:\Users\HOME\AppData\Roaming\Mozilla\Firefox\Profiles\etnx3ti7.default\ConduitEngine

***** [Registry] *****

Key Deleted : HKCU\Software\AGI
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\AGI
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{32CF4F61-D134-4FA8-96A5-4C6432F42BA4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{626185F9-C97D-4391-8753-7451EE2E1B97}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\HOME\AppData\Roaming\Mozilla\Firefox\Profiles\etnx3ti7.default\prefs.js

Deleted : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3281675_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"738[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\HOME\\AppData\\Roaming\\Mozill[...]
Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.2.0.1");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [8994 octets] - [19/03/2013 21:06:12]

########## EOF - C:\AdwCleaner[S1].txt - [9054 octets] ##########
 



#8 quietandmellow

quietandmellow
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 19 March 2013 - 09:21 PM

Junkware Removal Tool Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by HOME on Tue 03/19/2013 at 21:16:03.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/19/2013 at 21:19:30.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#9 quietandmellow

quietandmellow
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 19 March 2013 - 09:23 PM

RKill Log:

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/19/2013 09:22:25 PM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\HOME\Downloads\TopPad.exe (PID: 2676) [UP-HEUR]
 * C:\Users\HOME\Downloads\TopPad.exe (PID: 2564) [UP-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * BFE [Missing Service]
 * iphlpsvc [Missing Service]
 * MpsSvc [Missing Service]
 * WinDefend [Missing Service]
 * wscsvc [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 03/19/2013 09:22:38 PM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)



#10 quietandmellow

quietandmellow
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 19 March 2013 - 09:27 PM

Autoruns log:

 

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms"    ""    ""    ""
+ "rdpclip"    ""    ""    "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "00TCrdMain"    "TOSHIBA Flash Cards"    "TOSHIBA Corporation"    "c:\program files\toshiba\flashcards\tcrdmain.exe"
+ "Adobe ARM"    "Adobe Reader and Acrobat Manager"    "Adobe Systems Incorporated"    "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon"    "Apple Push"    "Apple Inc."    "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "AVG_UI"    "AVG User Interface"    "AVG Technologies CZ, s.r.o."    "c:\program files\avg\avg2013\avgui.exe"
+ "Camera Assistant Software"    "traybar"    "Chicony"    "c:\program files\camera assistant software for toshiba\traybar.exe"
+ "cfFncEnabler.exe"    "cfFncEnabler"    "Toshiba Corporation"    "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe"
+ "Google Desktop Search"    "Google Desktop"    "Google"    "c:\program files\google\google desktop search\googledesktop.exe"
+ "HotKeysCmds"    "hkcmd Module"    "Intel Corporation"    "c:\windows\system32\hkcmd.exe"
+ "IAAnotif"    "Event Monitor User Notification Tool"    "Intel Corporation"    "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
+ "IgfxTray"    "igfxTray Module"    "Intel Corporation"    "c:\windows\system32\igfxtray.exe"
+ "iTunesHelper"    "iTunesHelper"    "Apple Inc."    "c:\program files\itunes\ituneshelper.exe"
+ "MSC"    "Microsoft Security Client User Interface"    "Microsoft Corporation"    "c:\program files\microsoft security client\msseces.exe"
+ "NDSTray.exe"    "ConfigFree™ Task tray menu"    "TOSHIBA CORPORATION"    "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
+ "Persistence"    "persistence Module"    "Intel Corporation"    "c:\windows\system32\igfxpers.exe"
+ "QuickTime Task"    "QuickTime Task"    "Apple Inc."    "c:\program files\quicktime\qttask.exe"
+ "RtHDVCpl"    "HD Audio Control Panel"    "Realtek Semiconductor"    "c:\windows\rthdvcpl.exe"
+ "Seagate Dashboard"    "Memeo Dashboard Launcher"    ""    "c:\program files\seagate\seagate dashboard\memeolauncher.exe"
+ "Skytel"    "Realtek Voice  Manager"    "Realtek Semiconductor Corp."    "c:\windows\skytel.exe"
+ "SmoothView"    "SmoothView"    "TOSHIBA Corporation"    "c:\program files\toshiba\smoothview\smoothview.exe"
+ "SunJavaUpdateSched"    "Java™ Update Scheduler"    "Sun Microsystems, Inc."    "c:\program files\common files\java\java update\jusched.exe"
+ "SynTPEnh"    "Synaptics TouchPad Enhancements"    "Synaptics, Inc."    "c:\program files\synaptics\syntp\syntpenh.exe"
+ "TkBellExe"    "RealNetworks Scheduler"    "RealNetworks, Inc."    "c:\program files\real\realplayer\update\realsched.exe"
+ "ToshibaServiceStation"    "TOSHIBA Service Station"    "TOSHIBA Corporation"    "c:\program files\toshiba\toshiba service station\tss.exe"
+ "TPwrMain"    "TOSHIBA Power Saver"    "TOSHIBA Corporation"    "c:\program files\toshiba\power saver\tpwrmain.exe"
+ "vProt"    ""    ""    "File not found: C:\Program Files\AVG Secure Search\vprot.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"    ""    ""    ""
+ "Tenda Wireless Utility.lnk"    ""    ""    "c:\program files\tenda\common\raui.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"    ""    ""    ""
+ "Microsoft Windows Mail 7"    "Windows Mail"    "Microsoft Corporation"    "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "Messenger (Yahoo!)"    "Yahoo! Messenger"    "Yahoo! Inc."    "c:\program files\yahoo!\messenger\yahoomessenger.exe"
+ "PCShowServer"    "PC Show power management wrapper"    "NDS Technologies"    "c:\users\HOME\appdata\local\directv player\pcshowserverpmwrapper.exe"
+ "swg"    "GoogleToolbarNotifier"    "Google Inc."    "c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe"
+ "TOSCDSPD"    "CD/DVD Drive Acoustic Silencer"    "TOSHIBA"    "C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter"    ""    ""    ""
+ "text/xml"    "Microsoft Office XML MIME Filter"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler"    ""    ""    ""
+ "ms-help"    "Microsoft® Help Data Services Module"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "ms-itss"    "Microsoft® InfoTech Storage System Library"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "EPP"    "Microsoft Security Client Shell Extension"    "Microsoft Corporation"    "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files\malwarebytes' anti-malware\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "EPP"    "Microsoft Security Client Shell Extension"    "Microsoft Corporation"    "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "igfxcui"    "igfxpph Module"    "Intel Corporation"    "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers"    ""    ""    ""
+ "PDF Shell Extension"    "PDF Shell Extension"    "Adobe Systems, Inc."    "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files\malwarebytes' anti-malware\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""
+ "Adobe PDF Link Helper"    "Adobe PDF Helper for Internet Explorer"    "Adobe Systems Incorporated"    "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Google Toolbar Helper"    "Google Toolbar"    "Google Inc."    "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Java™ Plug-In 2 SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files\java\jre7\bin\ssv.dll"
+ "RealPlayer Download and Record Plugin for Internet Explorer"    "RealPlayer Download and Record Plugin"    "RealPlayer"    "c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll"
+ "SingleInstance Class"    "Yahoo! Single Instance for Mail"    "Yahoo! Inc"    "c:\program files\yahoo!\companion\installs\cpn\ytsingleinstance.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar"    ""    ""    ""
+ "Google Toolbar"    "Google Toolbar"    "Google Inc."    "c:\program files\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions"    ""    ""    ""
+ "S&end to OneNote"    "Microsoft Office OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files\microsoft office\office12\onbttnie.dll"
"Task Scheduler"    ""    ""    ""
+ "\Apple\AppleSoftwareUpdate"    "Apple Software Update"    "Apple Inc."    "c:\program files\apple software update\softwareupdate.exe"
+ "\CCleanerSkipUAC"    "CCleaner"    "Piriform Ltd"    "c:\program files\ccleaner\ccleaner.exe"
+ "\GoogleUpdateTaskMachineCore"    "Google Installer"    "Google Inc."    "c:\program files\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskMachineUA"    "Google Installer"    "Google Inc."    "c:\program files\google\update\googleupdate.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan"    "Microsoft Malware Protection Command Line Utility"    "Microsoft Corporation"    "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Microsoft Antimalware\MpIdleTask"    "Microsoft Malware Protection Command Line Utility"    "Microsoft Corporation"    "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows\WindowsCalendar\Reminders - HOME"    "Windows Calendar"    "Microsoft Corporation"    "c:\program files\windows calendar\wincal.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo"    ""    ""    "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo"    ""    ""    "c:\windows\system32\gatherwirelessinfo.vbs"
+ "\RealPlayerRealUpgradeLogonTaskS-1-5-21-1934651463-4168729035-3063580607-1000"    "RealUpgrade Launcher"    "RealNetworks, Inc."    "c:\program files\real\realupgrade\realupgrade.exe"
+ "\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1934651463-4168729035-3063580607-1000"    "RealUpgrade Launcher"    "RealNetworks, Inc."    "c:\program files\real\realupgrade\realupgrade.exe"
+ "\RealUpgradeLogonTaskS-1-5-21-1934651463-4168729035-3063580607-1000"    "RealUpgrade Launcher"    "RealNetworks, Inc."    "c:\program files\real\realupgrade\realupgrade.exe"
+ "\RealUpgradeScheduledTaskS-1-5-21-1934651463-4168729035-3063580607-1000"    "RealUpgrade Launcher"    "RealNetworks, Inc."    "c:\program files\real\realupgrade\realupgrade.exe"
+ "\{4F681051-321A-4386-B004-170FEEEC40E2}"    ""    ""    "File not found: C:\Program Files\Skype\Phone\Skype.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "AdobeARMservice"    "Adobe Acrobat Updater keeps your Adobe software up to date."    "Adobe Systems Incorporated"    "c:\program files\common files\adobe\arm\1.0\armsvc.exe"
+ "AgereModemAudio"    "Agere Soft Modem Call Progress Service"    "Agere Systems"    "c:\windows\system32\agrsmsvc.exe"
+ "Apple Mobile Device"    "Provides the interface to Apple mobile devices."    "Apple Inc."    "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "AVG Security Toolbar Service"    "AVG Security Toolbar"    ""    "c:\program files\avg\avg10\toolbar\toolbarbroker.exe"
+ "avgwd"    "AVG Watchdog Service"    "AVG Technologies CZ, s.r.o."    "c:\program files\avg\avg2013\avgwdsvc.exe"
+ "Bonjour Service"    "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence."    "Apple Inc."    "c:\program files\bonjour\mdnsresponder.exe"
+ "ConfigFree Service"    "You can't stop this service, if you want to keep ConfigFree functionality fine."    "TOSHIBA CORPORATION"    "c:\program files\toshiba\configfree\cfsvcs.exe"
+ "GameConsoleService"    "GameConsole management services"    "WildTangent, Inc."    "c:\program files\toshiba games\toshiba game console\gameconsoleservice.exe"
+ "GoogleDesktopManager-051210-111108"    "Updates Google Desktop with the latest security fixes, enhancements and features. This service only runs occasionally and thus does not affect your computer's performance. If this service is stopped or disabled, Google Desktop may not function correctly."    "Google"    "c:\program files\google\google desktop search\googledesktop.exe"
+ "gupdate"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    "Google Inc."    "c:\program files\google\update\googleupdate.exe"
+ "gupdatem"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    "Google Inc."    "c:\program files\google\update\googleupdate.exe"
+ "gusvc"    "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work."    "Google"    "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "IAANTMON"    "RAID Monitor"    "Intel Corporation"    "c:\program files\intel\intel matrix storage manager\iaantmon.exe"
+ "IDriverT"    "Provides support for the Running Object Table for InstallShield Drivers"    "Macrovision Corporation"    "c:\program files\common files\installshield\driver\1150\intel 32\idrivert.exe"
+ "iPod Service"    "iPod hardware management services"    "Apple Inc."    "c:\program files\ipod\bin\ipodservice.exe"
+ "MozillaMaintenance"    "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled."    "Mozilla Foundation"    "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "MsMpSvc"    "Helps protect users from malware and other potentially unwanted software"    "Microsoft Corporation"    "c:\program files\microsoft security client\msmpeng.exe"
+ "NisSrv"    "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols"    "Microsoft Corporation"    "c:\program files\microsoft security client\nissrv.exe"
+ "odserv"    "Run portions of Microsoft Office Diagnostics."    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose"    "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "RalinkRegistryWriter"    "RalinkRegistryWriter"    "Ralink Technology, Corp."    "c:\program files\tenda\common\raregistry.exe"
+ "SeagateDashboardService"    "Dashboard for Memeo applications"    "Memeo"    "c:\program files\seagate\seagate dashboard\seagatedashboardservice.exe"
+ "SmartFaceVWatchSrv"    "Service for SmartFaceV"    "Toshiba"    "c:\program files\toshiba\smartfacev\smartfacevwatchsrv.exe"
+ "TMachInfo"    "TOSHIBA Machine Information Service"    "TOSHIBA Corporation"    "c:\program files\toshiba\toshiba service station\tmachinfo.exe"
+ "TNaviSrv"    "TOSHIBA Navi Support Service"    "TOSHIBA Corporation"    "c:\program files\toshiba\toshiba dvd player\tnavisrv.exe"
+ "TODDSrv"    "TDCSrv Application"    "TOSHIBA Corporation"    "c:\windows\system32\toddsrv.exe"
+ "TosCoSrv"    "TOSHIBA Power Saver manages power saving settings supported by TOSHIBA. These settings will not work if the service has stopped."    "TOSHIBA Corporation"    "c:\program files\toshiba\power saver\toscosrv.exe"
+ "TOSHIBA SMART Log Service"    "TosIPCSrv.exe"    "TOSHIBA Corporation"    "c:\program files\toshiba\smartlogservice\tosipcsrv.exe"
+ "UleadBurningHelper"    "ULCDRSvr"    "Ulead Systems, Inc."    "c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe"
+ "vToolbarUpdater14.2.0"    "ToolbarU Application"    ""    "c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\toolbarupdater.exe"
+ "WMPNetworkSvc"    "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ ".cdrom"    ""    ""    "File not found: \*"
+ "AgereSoftModem"    "SoftModem Device Driver"    "Agere Systems"    "c:\windows\system32\drivers\agrsm.sys"
+ "AVGIDSHX"    "AVG Technologies IDS Application Activity Monitor Helper Driver"    "AVG Technologies CZ, s.r.o. "    "c:\windows\system32\drivers\avgidshx.sys"
+ "Avglogx"    "AVG Logging Driver"    "AVG Technologies CZ, s.r.o."    "c:\windows\system32\drivers\avglogx.sys"
+ "Avgtdix"    "AVG Network connection watcher"    "AVG Technologies CZ, s.r.o."    "c:\windows\system32\drivers\avgtdix.sys"
+ "avgtp"    ""    "AVG Technologies"    "c:\windows\system32\drivers\avgtpx86.sys"
+ "BrFiltLo"    "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp"    "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer"    "Brother USB Serial Driver"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbser.sys"
+ "E1G60"    "Intel® PRO/1000 Adapter NDIS 6 deserialized driver"    "Intel Corporation"    "c:\windows\system32\drivers\e1g60i32.sys"
+ "FwLnk"    "TOSHIBA Firmware Linkage 32-bit Driver"    "TOSHIBA Corporation"    "c:\windows\system32\drivers\fwlnk.sys"
+ "GEARAspiWDM"    "CD DVD Filter"    "GEAR Software Inc."    "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "iaStor"    "Intel Matrix Storage Manager driver - ia32"    "Intel Corporation"    "c:\windows\system32\drivers\iastor.sys"
+ "igfx"    "Intel Graphics Kernel Mode Driver"    "Intel Corporation"    "c:\windows\system32\drivers\igdkmd32.sys"
+ "IntcAzAudAddService"    "Realtek® High Definition Audio Function Driver"    "Realtek Semiconductor Corp."    "c:\windows\system32\drivers\rtkvhda.sys"
+ "IO_Memory"    ""    ""    "File not found: C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys"
+ "IpInIp"    "IP in IP Tunnel Driver"    ""    "File not found: system32\DRIVERS\ipinip.sys"
+ "netr28u"    "Ralink 802.11n Wireless Adapter Driver"    "Ralink Technology Corp."    "c:\windows\system32\drivers\netr28u.sys"
+ "NwlnkFlt"    "IPX Traffic Filter Driver"    ""    "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd"    "IPX Traffic Forwarder Driver"    ""    "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "PxHelp20"    "Px Engine Device Driver for Windows 2000/XP"    "Sonic Solutions"    "c:\windows\system32\drivers\pxhelp20.sys"
+ "RTL8169"    "Realtek 8136/8168/8169 NDIS6 32-bit Driver                    "    "Realtek                                            "    "c:\windows\system32\drivers\rtlh86.sys"
+ "RTL8187B"    "Realtek RTL8187B NDIS Driver"    "Realtek Semiconductor Corporation                           "    "c:\windows\system32\drivers\rtl8187b.sys"
+ "RtlProt"    "Realtek Utility I/O Driver"    "Windows ® Codename Longhorn DDK provider"    "c:\windows\system32\drivers\rtlprot.sys"
+ "RTSTOR"    "Realtek USB Mass Storage Driver for Vista"    "Realtek Semiconductor Corp."    "c:\windows\system32\drivers\rtstor.sys"
+ "secdrv"    "Macrovision SECURITY Driver"    "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."    "c:\windows\system32\drivers\secdrv.sys"
+ "SVRPEDRV"    "Inventec Preinstall Environment Service"    "Inventec Corporation"    "c:\windows\system32\sysprep\pedrv.sys"
+ "SynTP"    "Synaptics Touchpad Driver"    "Synaptics, Inc."    "c:\windows\system32\drivers\syntp.sys"
+ "tdcmdpst"    "TOSHIBA ODD Writing Driver for x86."    "TOSHIBA Corporation."    "c:\windows\system32\drivers\tdcmdpst.sys"
+ "tos_sps32"    "tos_sps2"    "TOSHIBA Corporation"    "c:\windows\system32\drivers\tos_sps32.sys"
+ "TVALZ"    "TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver"    "TOSHIBA Corporation"    "c:\windows\system32\drivers\tvalz_o.sys"
+ "USBAAPL"    "Apple Mobile Device USB Driver"    "Apple, Inc."    "c:\windows\system32\drivers\usbaapl.sys"
+ "UVCFTR"    "UVCFTR_S.sys"    "Chicony Electronics Co., Ltd."    "c:\windows\system32\drivers\uvcftr_s.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""
+ "msacm.ac3filter"    "ac3filter"    ""    "c:\windows\system32\ac3filter.acm"
+ "msacm.divxa32"    "DivX;-) Audio Codec"    "Packed With Joy !"    "c:\windows\system32\divxa32.acm"
+ "msacm.dvacm"    "Ulead DV Audio ACM Driver"    "Ulead Systems, Inc."    "c:\program files\common files\ulead systems\vio\dvacm.acm"
+ "msacm.l3acm"    "MPEG Audio Layer-3 Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codecp.acm"
+ "msacm.lameacm"    "Lame MP3 codec engine"    "http://www.mp3dev.org/"    "c:\windows\system32\lameacm.acm"
+ "vidc.cvid"    "Cinepak® Codec"    "Radius Inc."    "c:\windows\system32\iccvid.dll"
+ "vidc.ffds"    "ffdshow VFW"    ""    "c:\windows\system32\ff_vfw.dll"
+ "vidc.lags"    "Lagarith"    " "    "c:\windows\system32\lagarith.dll"
+ "vidc.x264"    "x264vfw - H.264/MPEG-4 AVC codec"    "x264vfw project"    "c:\windows\system32\x264vfw.dll"
+ "vidc.XVID"    ""    ""    "c:\windows\system32\xvidvfw.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""
+ "9x8Resize"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "9x8Resize"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker 2.6\wmm2filt.dll"
+ "AAC Encoder"    "AACEnc"    "InterVider"    "c:\program files\intervideo\common\bin\aacenc.ax"
+ "AC3Filter"    "ac3filter"    ""    "c:\windows\system32\ac3filter.ax"
+ "Allocator Fix"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Allocator Fix"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker 2.6\wmm2filt.dll"
+ "Audio Source"    "Windows Media Preview Object"    "Microsoft Corporation"    "c:\program files\windows media components\encoder\wmprevu.dll"
+ "Bitmap"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker 2.6\wmm2filt.dll"
+ "Bitmap"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "DC-Bass Source Mod"    "BASS based DirectShow™ Audio Decoder"    "http://www.dsp-worx.de"    "c:\windows\system32\dcbasssourcemod.ax"
+ "Dib Output"    ""    "Ulead Systems, Inc."    "c:\program files\common files\ulead systems\filters\diboutput.ax"
+ "Dib Receive"    ""    "Ulead Systems, Inc."    "c:\program files\common files\ulead systems\filters\dibreceive.ax"
+ "DirectVobSub"    "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth"    "MPC-HC Team"    "c:\windows\system32\vsfilter.dll"
+ "DirectVobSub (auto-loading version)"    "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth"    "MPC-HC Team"    "c:\windows\system32\vsfilter.dll"
+ "DV ACM V/A Source Filter"    ""    "Ulead Systems, Inc."    "c:\program files\common files\ulead systems\filters\dvsf.ax"
+ "DV V/A Source Filter"    ""    "Ulead Systems, Inc."    "c:\program files\common files\ulead systems\filters\dvsf.ax"
+ "DV Video Source Filter"    ""    "Ulead Systems, Inc."    "c:\program files\common files\ulead systems\filters\dvsf.ax"
+ "ffdshow Audio Decoder"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\windows\system32\ffdshow.ax"
+ "ffdshow Audio Processor"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\windows\system32\ffdshow.ax"
+ "ffdshow DXVA Video Decoder"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\windows\system32\ffdshow.ax"
+ "ffdshow raw video filter"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\windows\system32\ffdshow.ax"
+ "ffdshow subtitles filter"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\windows\system32\ffdshow.ax"
+ "ffdshow Video Decoder"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\windows\system32\ffdshow.ax"
+ "Frame Eater"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker 2.6\wmm2filt.dll"
+ "Haali Matroska Muxer"    "Haali Media Splitter"    ""    "c:\windows\system32\splitter.ax"
+ "Haali Media Splitter"    "Haali Media Splitter"    ""    "c:\windows\system32\splitter.ax"
+ "Haali Media Splitter (AR)"    "Haali Media Splitter"    ""    "c:\windows\system32\splitter.ax"
+ "Haali Simple Media Splitter"    "Haali Media Splitter"    ""    "c:\windows\system32\splitter.ax"
+ "Haali Video Renderer"    ""    ""    "c:\windows\system32\dxr.dll"
+ "Haali Video Sink"    "Haali Media Splitter"    ""    "c:\windows\system32\splitter.ax"
+ "Intervideo 3gFileSource"    "Intervideo 3G File Source Filter"    "Microsoft Corporation"    "c:\program files\intervideo\common\bin\source3g.ax"
+ "Intervideo 3gFileWrite"    "Intervideo 3G File Write Filter"    "Microsoft Corporation"    "c:\program files\intervideo\common\bin\write3g.ax"
+ "InterVideo AAC (XForm) Decoder"    "InterVideo AAC Decoder"    "InterVideo Inc."    "c:\program files\intervideo\common\bin\iviaacdec.ax"
+ "Intervideo AMR Decoder"    "IVI AMR Decoding"    "Intervideo, Inc."    "c:\program files\intervideo\common\bin\amrdec.ax"
+ "Intervideo AMR Encoder"    "IVI AMR Encoding"    "Intervideo, Inc."    "c:\program files\intervideo\common\bin\amrenc.ax"
+ "InterVideo Audio Encoder"    "InterVideo?Audio Encoder Filter"    "InterVideo Inc."    "c:\program files\intervideo\common\bin\iviaenc.ax"
+ "InterVideo Demux"    "InterVideo® MPEG System Demultiplexer Filter"    "InterVideo Inc."    "c:\program files\intervideo\common\bin\ividemxx.ax"
+ "InterVideo Down Scale Filter"    "InterVideo® Down Scale Filter"    "InterVideo Inc."    "c:\program files\intervideo\common\bin\ividowns.ax"
+ "InterVideo DV Pre-Process"    "InterVideo DV Pre-Process Filter"    "InterVideo"    "c:\program files\intervideo\common\bin\dvprocs.ax"
+ "InterVideo DVB DSM-CC Filter"    "InterVideo DVB DSM-CC Decoder"    "InterVideo, Inc."    "c:\program files\intervideo\common\bin\dvbdsmcc.ax"
+ "InterVideo DVB Subpicture Filter"    "InterVideo DVB Subtitle Decoder"    "InterVideo, Inc."    "c:\program files\intervideo\common\bin\dvbspic.ax"
+ "InterVideo File Writer"    "InterVideo® File Writer Filter"    "InterVideo Inc."    "c:\program files\intervideo\common\bin\iviwrite.ax"
+ "InterVideo MPEG4 Video Decoder"    "InterVideo® MPEG4 Video Decoder Filter"    "InterVideo Inc."    "c:\program files\intervideo\common\bin\mp4vdec.ax"
+ "InterVideo MPEG4 Video Encoder"    "InterVideo® MPEG4 Video Encoder Filter"    "InterVideo Inc."    "c:\program files\intervideo\common\bin\mp4venc.ax"
+ "InterVideo Multiplexer"    "InterVideo® MPEG System Multiplexer Filter"    "InterVideo Inc."    "c:\program files\intervideo\common\bin\ivimux.ax"
+ "InterVideo Navigator"    "IVINAV LOGID.35321"    "InterVideo Inc."    "c:\windows\system32\ivinav.ax"
+ "InterVideo Pre-scaling Filter"    "InterVideo® PreScale Filter"    "InterVideo Inc."    "c:\program files\intervideo\common\bin\iviscale.ax"
+ "InterVideo PSIP/SI Filter"    "InterVideo PSIP/SI Sections/Tables Filter"    "InterVideo, Inc."    "c:\program files\intervideo\common\bin\psidecod.ax"
+ "InterVideo Still Capture"    "InterVideo® Still Capture Filter"    "InterVideo Inc."    "c:\program files\intervideo\common\bin\iviscapt.ax"
+ "InterVideo Stream Buffer Filter"    "InterVideo Stream Buffer Filter"    "InterVideo Inc."    "c:\program files\intervideo\common\bin\smbuffer.ax"
+ "InterVideo Stream Writer"    "InterVideo© Stream File Writer"    "InterVideo, Inc."    "c:\program files\intervideo\common\bin\stmrite.ax"
+ "InterVideo Time Shift"    "InterVideo Time Shifting Filter"    "InterVideo Inc."    "c:\program files\intervideo\common\bin\ivits.ax"
+ "InterVideo Transport to Program Stream"    "InterVideo© Transport to Program Stream Converter"    "InterVideo, Inc."    "c:\program files\intervideo\common\bin\trtoprog.ax"
+ "InterVideo VBI Decoder"    "InterVideo VBI Decoder Filter"    "InterVideo, Inc."    "c:\program files\intervideo\common\bin\ivvbidec.ax"
+ "InterVideo Video Decoder"    "IVIVIDEO LOGID.36709"    " InterVideo Inc."    "c:\windows\system32\ivivideo.ax"
+ "InterVideo Video Encoder"    "InterVideo® MPEG Video Encoder Filter"    "InterVideo Inc."    "c:\program files\intervideo\common\bin\ivivenc.ax"
+ "LAV Audio Decoder"    "LAV Audio Decoder - DirectShow Audio Decoder"    "1f0.de - Hendrik Leppkes"    "c:\windows\system32\lavaudio.ax"
+ "LAV Splitter"    "LAV Splitter - DirectShow Media Splitter"    "1f0.de - Hendrik Leppkes"    "c:\windows\system32\lavsplitter.ax"
+ "LAV Splitter Source"    "LAV Splitter - DirectShow Media Splitter"    "1f0.de - Hendrik Leppkes"    "c:\windows\system32\lavsplitter.ax"
+ "LAV Video Decoder"    "LAV Video Decoder - DirectShow Video Decoder"    "1f0.de - Hendrik Leppkes"    "c:\windows\system32\lavvideo.ax"
+ "MPC CDXA Reader"    "CDXA Reader Filter"    "MPC-HC Team"    "c:\windows\system32\cdxareader.ax"
+ "MPC FLV Source"    "FLV Splitter"    "MPC-HC Team"    "c:\windows\system32\flvsplitter.ax"
+ "MPC FLV Splitter"    "FLV Splitter"    "MPC-HC Team"    "c:\windows\system32\flvsplitter.ax"
+ "MPEG2 TS Source"    ""    ""    "c:\program files\intervideo\common\bin\mpgtsrdr.ax"
+ "Multiple File Output"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Sink"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "RealPlayer Audio Filter"    "Audio Filter Plugin"    "RealNetworks, Inc."    "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Mp3 Transform Filter"    "Audio Filter Plugin"    "RealNetworks, Inc."    "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer MPEG4 Transform Filter"    "Audio Filter Plugin"    "RealNetworks, Inc."    "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter"    "Audio Filter Plugin"    "RealNetworks, Inc."    "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter"    "Audio Filter Plugin"    "RealNetworks, Inc."    "c:\program files\real\realplayer\rdsf3260.dll"
+ "Record Queue"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker 2.6\wmm2filt.dll"
+ "Record Queue"    "WME Record Queue"    "Microsoft Corporation"    "c:\program files\windows media components\encoder\wmedque.dll"
+ "Record Queue"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "SFVCaptureFilter"    "SmartFaceVCapt"    ""    "c:\windows\system32\smartfacevcapt.dll"
+ "ShotDetect"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker 2.6\wmm2filt.dll"
+ "ShotDetect"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker 2.6\wmm2filt.dll"
+ "TOSHIBA Audio Decoder DVD"    "TOSHIBA Audio Decoder DVD"    "TOSHIBA Corporation"    "c:\program files\toshiba\toshiba dvd player\tosauddecl.ax"
+ "TOSHIBA Audio Rate Converter"    "TOSHIBA Audio Rate Converter"    "TOSHIBA Corporation"    "c:\program files\common files\toshiba shared\tosarc.ax"
+ "TOSHIBA DualMono"    "TOSHIBA DualMono"    "TOSHIBA Corporation"    "c:\program files\common files\toshiba shared\tosdualmono.ax"
+ "TOSHIBA DVD Navigator"    "TOSHIBA DVD Navigator"    "TOSHIBA Corporation"    "c:\program files\toshiba\toshiba dvd player\tdvdnavi.ax"
+ "TOSHIBA DVD VR Navigator"    "TOSHIBA DVD Player"    "TOSHIBA Corporation"    "c:\program files\toshiba\toshiba dvd player\tvrnavi.ax"
+ "TOSHIBA MPEG-2 Video Decoder (DVD)"    "TOSHIBA DVD Video Decoder Filter"    "TOSHIBA Corporation"    "c:\program files\toshiba\toshiba dvd player\tosmp2dvd.ax"
+ "TOSHIBA Progress Monitor"    "TOSHIBA Progress Monitor"    "TOSHIBA Corporation"    "c:\program files\toshiba\toshiba disc creator\tprogmon.ax"
+ "TOSHIBA WAV Converter"    "TOSHIBA Wav Converter"    "TOSHIBA Corporation"    "c:\program files\toshiba\toshiba disc creator\twavconv.ax"
+ "Ulead Audio Dual Channel Filter"    "Ulead Audio Dual Channel Filter"    "Ulead Systems, Inc."    "c:\program files\common files\ulead systems\mpeg\uaudiodcfilter.ax"
+ "Ulead DV Scene Detect"    "ulDvScDt"    "Ulead system Inc."    "c:\program files\common files\ulead systems\capture\uldvscdt.ax"
+ "Ulead DV Writer"    "ulDVWriter"    "Ulead System Inc."    "c:\program files\common files\ulead systems\capture\uldvrite.ax"
+ "Ulead DVB Parser"    "Ulead DVB Parser Filter"    "Ulead Systems, Inc."    "c:\program files\common files\ulead systems\mpeg\uldvbparser.ax"
+ "Ulead DVD Audio Decoder 2"    "Audio Decoder"    "Ulead Systems, Inc."    "c:\program files\common files\ulead systems\mpeg\uldvdaudio.ax"
+ "Ulead DVD Navigator"    "DVD Navigator filter"    "Ulead Systems, Inc."    "c:\program files\common files\ulead systems\dvd\uleaddvdnavigator.ax"
+ "Ulead DVD Video decoder 2"    "DVD Video Decoder with DxVA Support"    "Ulead Systems, Inc."    "c:\program files\common files\ulead systems\mpeg\uldvdvideo.ax"
+ "ULead File Source (Async.)"    "Ulead Async Filter"    "Ulead Systems"    "c:\program files\common files\ulead systems\mpeg\ulasync.ax"
+ "ULead File Writer"    "File Dump Filter"    "ULead Systems"    "c:\program files\common files\ulead systems\filters\uldump.ax"
+ "ULead Infinite Pin Tee"    "Ulead Infinite Tee Filter"    "Ulead Systems, Inc."    "c:\program files\common files\ulead systems\mpeg\uinftee.ax"
+ "Ulead MPEG Audio Decoder"    "Audio Decoder"    "Ulead Systems, Inc."    "c:\program files\common files\ulead systems\mpeg\uldvdaudio.ax"
+ "Ulead MPEG Encoder"    "MPEG Encoder and Muxer"    "ULead Systems"    "c:\program files\common files\ulead systems\mpeg\ulesmpeg.ax"
+ "Ulead MPEG Muxer"    "MPEG Muxer"    "ULead Systems"    "c:\program files\common files\ulead systems\mpeg\ulmxmpeg.ax"
+ "Ulead MPEG Splitter"    "ULead Mpeg I/II Splitter"    "ULead Systems"    "c:\program files\common files\ulead systems\mpeg\ulspmpeg.ax"
+ "Ulead MPEG Transcoder"    "ulMPGTrans"    "Ulead com"    "c:\program files\common files\ulead systems\mpeg\ulmpgtrans.ax"
+ "Ulead MPEG Video Decoder"    "MPEG Video and Audio Decoder"    "ULead Systems"    "c:\program files\common files\ulead systems\mpeg\uldsmpeg.ax"
+ "Ulead MPEG-4 Audio Decoder"    "MP4 AAC Audio Decoder Filter"    "Ulead Systems, Inc."    "c:\program files\common files\ulead systems\mpeg\uladmp4.ax"
+ "Ulead MPEG-4 Splitter"    "MP4 Splitter Filter"    "Ulead Systems, Inc."    "c:\program files\common files\ulead systems\mpeg\ulspmp4.ax"
+ "Ulead MPEG-4 Video Decoder"    "MP4 Video Decoder Filter"    "Ulead Systems, Inc."    "c:\program files\common files\ulead systems\mpeg\ulvdmp4.ax"
+ "Ulead Ogg Parser"    "ulOggParserFilter"    "Ulead Systems, Inc."    "c:\program files\common files\ulead systems\mpeg\uloggparserfilter.ax"
+ "Ulead OggVorbis Decoder"    "ulOggVorbisDecoderFilter"    "Ulead Systems, Inc."    "c:\program files\common files\ulead systems\mpeg\uloggvorbisdecoderfilter.ax"
+ "Ulead OggVorbis Encoder"    "ulOggVorbisEncoderFilter"    "Ulead Systems, Inc."    "c:\program files\common files\ulead systems\mpeg\uloggvorbisencoderfilter.ax"
+ "Ulead Push Source Filter"    "Ulead Push Source Filter"    "Ulead Systems, Inc."    "c:\program files\common files\ulead systems\mpeg\ulpushsource.ax"
+ "Ulead Sub-Picture Push Source Filter"    "Ulead Sub-Picture Push Source Filter"    "Ulead Systems, Inc."    "c:\program files\common files\ulead systems\mpeg\ulsubpicpushsource.ax"
+ "Ulead Video Deinterlace Filter"    ""    "Ulead Systems, Inc."    "c:\program files\common files\ulead systems\filters\deinterlace.ax"
+ "Video Source"    "Windows Media Preview Object"    "Microsoft Corporation"    "c:\program files\windows media components\encoder\wmprevu.dll"
+ "WM VIH2 Fix"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker 2.6\wmm2filt.dll"
+ "WM VIH2 Fix"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMEnc Screen Capture Filter"    "WMESrcWp Module"    "Microsoft Corporation"    "c:\program files\windows media components\encoder\wmesrcwp.dll"
+ "WMT Audio Analyzer"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker 2.6\wmm2filt.dll"
+ "WMT Audio Analyzer"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Mixer"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker 2.6\wmm2filt.dll"
+ "WMT Black Frame Generator"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker 2.6\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker 2.6\wmm2filt.dll"
+ "WMT DV Extract"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker 2.6\wmm2filt.dll"
+ "WMT DV Extract Filter"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Format Conversion"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker 2.6\wmm2filt.dll"
+ "WMT FormatConversion"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker 2.6\wmm2filt.dll"
+ "WMT Interlacer"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker 2.6\wmm2filt.dll"
+ "WMT Log Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker 2.6\wmm2filt.dll"
+ "WMT Log Filter"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker 2.6\wmm2filt.dll"
+ "WMT MuxDeMux Filter"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker 2.6\wmm2filt.dll"
+ "WMT Sample Info Filter"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen Capture filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker 2.6\wmm2filt.dll"
+ "WMT Switch Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker 2.6\wmm2filt.dll"
+ "WMT Switch Filter"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker 2.6\wmm2filt.dll"
+ "WMT Virtual Renderer"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker 2.6\wmm2filt.dll"
+ "WMT Volume"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker 2.6\wmm2filt.dll"
+ "Xvid MPEG-4 Video Decoder"    ""    ""    "c:\windows\system32\xvid.ax"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls"    ""    ""    ""
+ "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"    "Google Desktop"    "Google"    "c:\program files\google\google desktop search\googledesktopnetwork3.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers"    ""    ""    ""
+ "{B65F237C-AAFF-4df7-8872-91B65663E41F}"    ""    ""    "c:\windows\system32\smartfacevcp.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"    ""    ""    ""
+ "igfxcui"    "igfxdev Module"    "Intel Corporation"    "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries"    ""    ""    ""
+ "mdnsNSP"    "Bonjour Namespace Provider"    "Apple Inc."    "c:\program files\bonjour\mdnsnsp.dll"
"C:\Users\HOME\AppData\Local\Microsoft\Windows Sidebar\Settings.ini"    ""    ""    ""
+ "Clock"    "Watch the clock in your own time zone or any city in the world."    "Microsoft Corporation"    "C:\Program Files\windows sidebar\gadgets\Clock.gadget\en-US\Gadget.xml"
+ "Feed Headlines"    "Track the latest news, sports, and entertainment headlines."    "Microsoft Corporation"    "C:\Program Files\windows sidebar\gadgets\RSSFeeds.Gadget\en-US\Gadget.xml"
+ "Slide Show"    "Show a continuous slide show of your pictures."    "Microsoft Corporation"    "C:\Program Files\windows sidebar\gadgets\SlideShow.Gadget\en-US\Gadget.xml"



#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:22 PM

Posted 19 March 2013 - 09:28 PM

.


Edited by narenxp, 20 March 2013 - 10:50 PM.


#12 quietandmellow

quietandmellow
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 20 March 2013 - 06:57 PM

Farbar service scanner log:

 

Farbar Service Scanner Version: 03-03-2013
Ran by HOME (administrator) on 20-03-2013 at 18:54:42
Running from "C:\Users\HOME\Downloads\Computer Protection"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.
Unable to retrieve ServiceDll of WinDefend. The value does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-11 16:33] - [2010-06-16 11:39] - 0912776 ____A (Microsoft Corporation) 6A10AFCE0B38371064BE41C1FBFD3C6B

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:22 PM

Posted 20 March 2013 - 10:52 PM

Boot into safemode with networking
 
Download Windefend.reg
 
Launch it and click YES,restart the PC
 
Remove temporary and junk files

Download Temp file cleaner from HERE.Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode
 
Create a new restore point

Follow this guide to turn off and turn on your restore points

Windows XP

Vista & windows 7

Windows 8

Turn off your system restore-It deletes old infected restore points.Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old versions of java and flash player from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/ & http://www.adobe.com/support/flashplayer/downloads.html

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

Best Practices for Safe Computing - Prevention of Malware Infection

Simple and easy ways to keep your computer safe and secure on the Internet


Safe surfing :)


Edited by narenxp, 20 March 2013 - 10:54 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users