Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Funmoods just won't go away


  • Please log in to reply
19 replies to this topic

#1 Pdxgpz

Pdxgpz

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 13 October 2012 - 01:42 PM

I've been lurking on the forum, finding out how to get rid of the Funmoods I acquired.

I use both Chrome and and IE and both are infected. I have reset the tools in both browsers so the Funmoods is not the primary search, but

Chrome still has "Powered by Funmoods" in the lower left corner and the browser stops working

IE just isn't working well

I scanned with Malwarebytes and it found PUP.Funmoods in over 50 locations. I removed these, but the problems persist

SuperAntiSpyware finds 60-200 cookies each scan, even when I've barely used the computer

It appears I haven't purged the Funmoods, so how do I get it out?

Toshiba L875D-S7210, Win 7 home premium, Norton Internet Security (30 day trial that came with the computer))

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:57 AM

Posted 13 October 2012 - 02:16 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Pdxgpz

Pdxgpz
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 13 October 2012 - 08:23 PM

Eset scan results

C:\Backup_05-Oct-12\Todd\AppData\Local\Google\Chrome\User Data\Default\Default\aagddbdbggdcdidcdiggdgdjdedggeda\ContentScript.js Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Backup_05-Oct-12\Todd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JA7RF0LH\FunmoodsSetup[1] a variant of Win32/Toolbar.Funmoods application cleaned by deleting – quarantined


aswMBR scan

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-13 12:35:45
-----------------------------
12:35:45.318 OS Version: Windows x64 6.1.7601 Service Pack 1
12:35:45.318 Number of processors: 2 586 0x1001
12:35:45.319 ComputerName: WORK-PC UserName: Work
12:35:47.324 Initialize success
12:35:58.168 AVAST engine defs: 12101301
12:36:16.577 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:36:16.579 Disk 0 Vendor: Hitachi_HTS547564A9E384 JEDOA60B Size: 610480MB BusType: 11
12:36:16.621 Disk 0 MBR read successfully
12:36:16.624 Disk 0 MBR scan
12:36:16.629 Disk 0 Windows VISTA default MBR code
12:36:16.633 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
12:36:16.652 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 595108 MB offset 3074048
12:36:16.684 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 13871 MB offset 1221855232
12:36:16.791 Disk 0 scanning C:\windows\system32\drivers
12:36:32.702 Service scanning
12:37:11.070 Modules scanning
12:37:11.084 Disk 0 trace - called modules:
12:37:11.104 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:37:11.444 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800428a740]
12:37:11.454 3 CLASSPNP.SYS[fffff880018a043f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80041ff680]
12:37:12.751 AVAST engine scan C:\windows
12:37:19.273 AVAST engine scan C:\windows\system32
12:41:16.742 AVAST engine scan C:\windows\system32\drivers
12:41:54.549 AVAST engine scan C:\Users\Work
12:54:45.518 AVAST engine scan C:\ProgramData
12:56:18.504 Scan finished successfully
13:01:08.143 Disk 0 MBR has been saved successfully to "C:\Users\Work\Documents\scans\MBR.dat"
13:01:08.148 The log file has been saved successfully to "C:\Users\Work\Documents\scans\aswMBR.txt"

TDSSKiller

12:34:52.0434 5020 RasAcd - ok
12:34:52.0478 5020 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
12:34:52.0481 5020 RasAgileVpn - ok
12:34:52.0506 5020 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
12:34:52.0511 5020 RasAuto - ok
12:34:52.0566 5020 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
12:34:52.0598 5020 Rasl2tp - ok
12:34:52.0640 5020 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
12:34:52.0657 5020 RasMan - ok
12:34:52.0690 5020 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
12:34:52.0692 5020 RasPppoe - ok
12:34:52.0699 5020 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
12:34:52.0701 5020 RasSstp - ok
12:34:52.0727 5020 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
12:34:52.0743 5020 rdbss - ok
12:34:52.0748 5020 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
12:34:52.0750 5020 rdpbus - ok
12:34:52.0770 5020 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
12:34:52.0771 5020 RDPCDD - ok
12:34:52.0785 5020 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
12:34:52.0786 5020 RDPENCDD - ok
12:34:52.0799 5020 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
12:34:52.0800 5020 RDPREFMP - ok
12:34:52.0819 5020 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
12:34:52.0839 5020 RDPWD - ok
12:34:52.0872 5020 [ A115F49BEA840A5F049BC6310F35F776 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
12:34:52.0875 5020 rdyboost - ok
12:34:52.0913 5020 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
12:34:52.0931 5020 RemoteAccess - ok
12:34:52.0967 5020 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
12:34:52.0986 5020 RemoteRegistry - ok
12:34:53.0020 5020 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
12:34:53.0023 5020 RpcEptMapper - ok
12:34:53.0048 5020 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
12:34:53.0066 5020 RpcLocator - ok
12:34:53.0118 5020 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
12:34:53.0127 5020 RpcSs - ok
12:34:53.0166 5020 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
12:34:53.0177 5020 rspndr - ok
12:34:53.0217 5020 [ BB1C3DF1D6CC0972E9C7268A19E62D2E ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
12:34:53.0223 5020 RSUSBSTOR - ok
12:34:53.0260 5020 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
12:34:53.0271 5020 RTL8167 - ok
12:34:53.0314 5020 [ F33E70E48A54A7A1BFBEEB4F3B273E4A ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
12:34:53.0343 5020 RTL8192Ce - ok
12:34:53.0365 5020 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
12:34:53.0366 5020 SamSs - ok
12:34:53.0415 5020 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:34:53.0417 5020 SASDIFSV - ok
12:34:53.0428 5020 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:34:53.0438 5020 SASKUTIL - ok
12:34:53.0457 5020 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
12:34:53.0461 5020 sbp2port - ok
12:34:53.0491 5020 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
12:34:53.0512 5020 SCardSvr - ok
12:34:53.0546 5020 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
12:34:53.0567 5020 scfilter - ok
12:34:53.0735 5020 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
12:34:53.0774 5020 Schedule - ok
12:34:53.0805 5020 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
12:34:53.0806 5020 SCPolicySvc - ok
12:34:53.0835 5020 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
12:34:53.0849 5020 SDRSVC - ok
12:34:53.0882 5020 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
12:34:53.0894 5020 secdrv - ok
12:34:53.0931 5020 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
12:34:53.0935 5020 seclogon - ok
12:34:53.0951 5020 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
12:34:53.0970 5020 SENS - ok
12:34:54.0011 5020 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
12:34:54.0021 5020 SensrSvc - ok
12:34:54.0038 5020 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
12:34:54.0040 5020 Serenum - ok
12:34:54.0080 5020 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
12:34:54.0084 5020 Serial - ok
12:34:54.0090 5020 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
12:34:54.0093 5020 sermouse - ok
12:34:54.0123 5020 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
12:34:54.0138 5020 SessionEnv - ok
12:34:54.0158 5020 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
12:34:54.0169 5020 sffdisk - ok
12:34:54.0184 5020 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
12:34:54.0185 5020 sffp_mmc - ok
12:34:54.0202 5020 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
12:34:54.0205 5020 sffp_sd - ok
12:34:54.0219 5020 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
12:34:54.0220 5020 sfloppy - ok
12:34:54.0271 5020 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
12:34:54.0292 5020 Sftfs - ok
12:34:54.0355 5020 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:34:54.0362 5020 sftlist - ok
12:34:54.0436 5020 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
12:34:54.0454 5020 Sftplay - ok
12:34:54.0473 5020 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
12:34:54.0497 5020 Sftredir - ok
12:34:54.0534 5020 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
12:34:54.0549 5020 Sftvol - ok
12:34:54.0595 5020 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:34:54.0596 5020 sftvsa - ok
12:34:54.0631 5020 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
12:34:54.0648 5020 SharedAccess - ok
12:34:54.0686 5020 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
12:34:54.0700 5020 ShellHWDetection - ok
12:34:54.0731 5020 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
12:34:54.0733 5020 SiSRaid2 - ok
12:34:54.0739 5020 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
12:34:54.0742 5020 SiSRaid4 - ok
12:34:54.0760 5020 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
12:34:54.0780 5020 Smb - ok
12:34:54.0812 5020 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
12:34:54.0824 5020 SNMPTRAP - ok
12:34:54.0858 5020 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
12:34:54.0860 5020 spldr - ok
12:34:54.0902 5020 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
12:34:54.0907 5020 Spooler - ok
12:34:55.0172 5020 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
12:34:55.0203 5020 sppsvc - ok
12:34:55.0211 5020 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
12:34:55.0223 5020 sppuinotify - ok
12:34:55.0307 5020 [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$XACTWARE c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\SQLAGENT.EXE
12:34:55.0331 5020 SQLAgent$XACTWARE - ok
12:34:55.0384 5020 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:34:55.0404 5020 SQLBrowser - ok
12:34:55.0478 5020 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:34:55.0481 5020 SQLWriter - ok
12:34:55.0554 5020 [ 1321A6C3C92BBD3F3BBE1292CFF8E91A ] SRTSP C:\windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS
12:34:55.0593 5020 SRTSP - ok
12:34:55.0614 5020 [ BD129C22C3B8C2E584227269DFA77B09 ] SRTSPX C:\windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS
12:34:55.0616 5020 SRTSPX - ok
12:34:55.0653 5020 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
12:34:55.0748 5020 srv - ok
12:34:55.0824 5020 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
12:34:55.0834 5020 srv2 - ok
12:34:55.0857 5020 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
12:34:55.0876 5020 srvnet - ok
12:34:55.0941 5020 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
12:34:55.0961 5020 SSDPSRV - ok
12:34:55.0980 5020 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
12:34:55.0983 5020 SstpSvc - ok
12:34:56.0000 5020 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
12:34:56.0002 5020 stexstor - ok
12:34:56.0057 5020 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
12:34:56.0067 5020 stisvc - ok
12:34:56.0108 5020 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
12:34:56.0127 5020 swenum - ok
12:34:56.0169 5020 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
12:34:56.0192 5020 swprv - ok
12:34:56.0230 5020 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS
12:34:56.0238 5020 SymDS - ok
12:34:56.0272 5020 [ FE29B18BF86FFCD55D8733C9B01E5042 ] SymEFA C:\windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS
12:34:56.0285 5020 SymEFA - ok
12:34:56.0321 5020 [ 36B77F5C9E21F88A8C8EC67AD5415819 ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
12:34:56.0333 5020 SymEvent - ok
12:34:56.0350 5020 [ DD70DA422460FDED831D211DF151D560 ] SymIRON C:\windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS
12:34:56.0353 5020 SymIRON - ok
12:34:56.0377 5020 [ BCE4EB2EEF05E388959B46FD21388C2D ] SymNetS C:\windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS
12:34:56.0382 5020 SymNetS - ok
12:34:56.0444 5020 [ B868E292FBA5B62B9FC71572A5FAEF5C ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
12:34:56.0468 5020 SynTP - ok
12:34:56.0525 5020 [ 7BE4CDEA6BC7832BFE3112A350D8B9EA ] SysMain C:\windows\system32\sysmain.dll
12:34:56.0537 5020 SysMain - ok
12:34:56.0576 5020 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
12:34:56.0588 5020 TabletInputService - ok
12:34:56.0711 5020 [ F38BE8B8E7A5B8816A857B0AD0EB8ABA ] taisregispinger C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe
12:34:56.0736 5020 taisregispinger - ok
12:34:56.0763 5020 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
12:34:56.0768 5020 TapiSrv - ok
12:34:56.0779 5020 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
12:34:56.0781 5020 TBS - ok
12:34:56.0847 5020 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
12:34:56.0915 5020 Tcpip - ok
12:34:56.0982 5020 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
12:34:56.0997 5020 TCPIP6 - ok
12:34:57.0025 5020 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
12:34:57.0026 5020 tcpipreg - ok
12:34:57.0085 5020 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
12:34:57.0111 5020 tdcmdpst - ok
12:34:57.0125 5020 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
12:34:57.0128 5020 TDPIPE - ok
12:34:57.0147 5020 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
12:34:57.0149 5020 TDTCP - ok
12:34:57.0170 5020 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
12:34:57.0173 5020 tdx - ok
12:34:57.0179 5020 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
12:34:57.0198 5020 TermDD - ok
12:34:57.0236 5020 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
12:34:57.0256 5020 TermService - ok
12:34:57.0282 5020 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
12:34:57.0296 5020 Themes - ok
12:34:57.0330 5020 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
12:34:57.0332 5020 THREADORDER - ok
12:34:57.0383 5020 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
12:34:57.0384 5020 TMachInfo - ok
12:34:57.0428 5020 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
12:34:57.0432 5020 TODDSrv - ok
12:34:57.0526 5020 [ A7EFE68D424A55FA84CCB6099D1D93C0 ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
12:34:57.0534 5020 TosCoSrv - ok
12:34:57.0632 5020 [ 97B57ED45C001E2AB3ABA68F7BA8555A ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
12:34:57.0636 5020 TOSHIBA eco Utility Service - ok
12:34:57.0705 5020 [ 17DB352FA977DAAABB6E61A4DED245D9 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
12:34:57.0707 5020 TOSHIBA HDD SSD Alert Service - ok
12:34:57.0768 5020 [ 36CDD894395BEC46EFB14F49D77D3D82 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
12:34:57.0778 5020 TPCHSrv - ok
12:34:57.0818 5020 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
12:34:57.0840 5020 TrkWks - ok
12:34:57.0902 5020 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
12:34:57.0924 5020 TrustedInstaller - ok
12:34:57.0954 5020 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
12:34:57.0965 5020 tssecsrv - ok
12:34:57.0999 5020 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
12:34:58.0032 5020 TsUsbFlt - ok
12:34:58.0058 5020 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
12:34:58.0060 5020 TsUsbGD - ok
12:34:58.0070 5020 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
12:34:58.0089 5020 tunnel - ok
12:34:58.0116 5020 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
12:34:58.0133 5020 TVALZ - ok
12:34:58.0165 5020 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
12:34:58.0180 5020 TVALZFL - ok
12:34:58.0214 5020 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
12:34:58.0216 5020 uagp35 - ok
12:34:58.0226 5020 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
12:34:58.0243 5020 udfs - ok
12:34:58.0280 5020 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
12:34:58.0283 5020 UI0Detect - ok
12:34:58.0312 5020 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
12:34:58.0314 5020 uliagpkx - ok
12:34:58.0345 5020 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
12:34:58.0363 5020 umbus - ok
12:34:58.0380 5020 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
12:34:58.0382 5020 UmPass - ok
12:34:58.0416 5020 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
12:34:58.0431 5020 upnphost - ok
12:34:58.0460 5020 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
12:34:58.0462 5020 usbccgp - ok
12:34:58.0481 5020 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
12:34:58.0486 5020 usbcir - ok
12:34:58.0496 5020 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
12:34:58.0507 5020 usbehci - ok
12:34:58.0545 5020 [ 33A58C5630200E17B51C8D73DD64181B ] usbfilter C:\windows\system32\DRIVERS\usbfilter.sys
12:34:58.0551 5020 usbfilter - ok
12:34:58.0609 5020 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
12:34:58.0614 5020 usbhub - ok
12:34:58.0621 5020 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
12:34:58.0623 5020 usbohci - ok
12:34:58.0642 5020 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
12:34:58.0653 5020 usbprint - ok
12:34:58.0692 5020 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
12:34:58.0707 5020 usbscan - ok
12:34:58.0740 5020 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
12:34:58.0744 5020 USBSTOR - ok
12:34:58.0752 5020 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
12:34:58.0754 5020 usbuhci - ok
12:34:58.0771 5020 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
12:34:58.0774 5020 usbvideo - ok
12:34:58.0805 5020 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
12:34:58.0816 5020 UxSms - ok
12:34:58.0831 5020 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
12:34:58.0832 5020 VaultSvc - ok
12:34:58.0877 5020 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
12:34:58.0879 5020 vdrvroot - ok
12:34:58.0920 5020 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
12:34:58.0942 5020 vds - ok
12:34:58.0980 5020 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
12:34:58.0997 5020 vga - ok
12:34:59.0002 5020 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
12:34:59.0004 5020 VgaSave - ok
12:34:59.0018 5020 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
12:34:59.0022 5020 vhdmp - ok
12:34:59.0027 5020 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
12:34:59.0029 5020 viaide - ok
12:34:59.0073 5020 [ 3F63FA4A5D8A7C1B1A87E342569FBA53 ] VNUSB C:\windows\system32\Drivers\VNUSB.sys
12:34:59.0075 5020 VNUSB - ok
12:34:59.0100 5020 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
12:34:59.0102 5020 volmgr - ok
12:34:59.0110 5020 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
12:34:59.0122 5020 volmgrx - ok
12:34:59.0148 5020 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
12:34:59.0172 5020 volsnap - ok
12:34:59.0182 5020 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
12:34:59.0188 5020 vsmraid - ok
12:34:59.0249 5020 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
12:34:59.0304 5020 VSS - ok
12:34:59.0318 5020 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
12:34:59.0320 5020 vwifibus - ok
12:34:59.0347 5020 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
12:34:59.0349 5020 vwififlt - ok
12:34:59.0380 5020 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
12:34:59.0386 5020 W32Time - ok
12:34:59.0397 5020 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
12:34:59.0399 5020 WacomPen - ok
12:34:59.0437 5020 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
12:34:59.0439 5020 WANARP - ok
12:34:59.0443 5020 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
12:34:59.0444 5020 Wanarpv6 - ok
12:34:59.0515 5020 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
12:34:59.0560 5020 WatAdminSvc - ok
12:34:59.0716 5020 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
12:34:59.0777 5020 wbengine - ok
12:34:59.0790 5020 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
12:34:59.0794 5020 WbioSrvc - ok
12:34:59.0827 5020 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
12:34:59.0842 5020 wcncsvc - ok
12:34:59.0861 5020 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
12:34:59.0864 5020 WcsPlugInService - ok
12:34:59.0889 5020 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
12:34:59.0901 5020 Wd - ok
12:34:59.0933 5020 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
12:34:59.0956 5020 Wdf01000 - ok
12:34:59.0966 5020 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
12:35:00.0070 5020 WdiServiceHost - ok
12:35:00.0076 5020 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
12:35:00.0078 5020 WdiSystemHost - ok
12:35:00.0118 5020 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
12:35:00.0133 5020 WebClient - ok
12:35:00.0151 5020 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
12:35:00.0169 5020 Wecsvc - ok
12:35:00.0200 5020 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
12:35:00.0204 5020 wercplsupport - ok
12:35:00.0212 5020 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
12:35:00.0228 5020 WerSvc - ok
12:35:00.0275 5020 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
12:35:00.0277 5020 WfpLwf - ok
12:35:00.0285 5020 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
12:35:00.0289 5020 WIMMount - ok
12:35:00.0311 5020 WinDefend - ok
12:35:00.0319 5020 WinHttpAutoProxySvc - ok
12:35:00.0373 5020 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
12:35:00.0375 5020 Winmgmt - ok
12:35:00.0464 5020 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
12:35:00.0531 5020 WinRM - ok
12:35:00.0623 5020 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
12:35:00.0626 5020 WinUsb - ok
12:35:00.0671 5020 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
12:35:00.0700 5020 Wlansvc - ok
12:35:00.0760 5020 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:35:00.0774 5020 wlcrasvc - ok
12:35:00.0881 5020 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:35:00.0911 5020 wlidsvc - ok
12:35:00.0942 5020 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
12:35:00.0943 5020 WmiAcpi - ok
12:35:00.0978 5020 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
12:35:00.0981 5020 wmiApSrv - ok
12:35:01.0037 5020 WMPNetworkSvc - ok
12:35:01.0065 5020 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
12:35:01.0080 5020 WPCSvc - ok
12:35:01.0108 5020 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
12:35:01.0121 5020 WPDBusEnum - ok
12:35:01.0154 5020 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
12:35:01.0157 5020 ws2ifsl - ok
12:35:01.0193 5020 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
12:35:01.0197 5020 wscsvc - ok
12:35:01.0204 5020 WSearch - ok
12:35:01.0277 5020 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
12:35:01.0305 5020 wuauserv - ok
12:35:01.0333 5020 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
12:35:01.0336 5020 WudfPf - ok
12:35:01.0363 5020 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
12:35:01.0367 5020 WUDFRd - ok
12:35:01.0408 5020 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
12:35:01.0424 5020 wudfsvc - ok
12:35:01.0444 5020 [ F0B1D8725FAB9F4A559CCC91A960FCE0 ] WwanSvc C:\windows\System32\wwansvc.dll
12:35:01.0460 5020 WwanSvc - ok
12:35:01.0480 5020 ================ Scan global ===============================
12:35:01.0522 5020 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
12:35:01.0602 5020 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
12:35:01.0617 5020 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
12:35:01.0651 5020 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
12:35:01.0686 5020 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
12:35:01.0691 5020 [Global] - ok
12:35:01.0691 5020 ================ Scan MBR ==================================
12:35:01.0708 5020 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
12:35:02.0451 5020 \Device\Harddisk0\DR0 - ok
12:35:02.0451 5020 ================ Scan VBR ==================================
12:35:02.0492 5020 [ 097E2D25F123C048ED3B6C6DDB5DA6FC ] \Device\Harddisk0\DR0\Partition1
12:35:02.0495 5020 \Device\Harddisk0\DR0\Partition1 - ok
12:35:02.0501 5020 ============================================================
12:35:02.0501 5020 Scan finished
12:35:02.0501 5020 ============================================================
12:35:02.0525 7132 Detected object count: 0
12:35:02.0525 7132 Actual detected object count: 0
12:35:21.0476 2216 Deinitialize success

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:57 AM

Posted 13 October 2012 - 08:57 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 Pdxgpz

Pdxgpz
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 13 October 2012 - 11:31 PM

Malwarebytes

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.13.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Work :: WORK-PC [administrator]

Protection: Enabled

10/13/2012 7:31:20 PM
mbam-log-2012-10-13 (19-31-20).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 382665
Time elapsed: 1 hour(s), 9 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)



Files Detected: 0
(No malicious items detected)

(end)

Minitoolbox

MiniToolBox by Farbar Version: 23-07-2012
Ran by Work (administrator) on 13-10-2012 at 21:10:06
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Work-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 4C-72-B9-0E-86-B2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : 44-6D-57-92-10-F5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9187:6ecf:f0d2:5de3%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.7(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, October 13, 2012 7:25:25 PM
Lease Expires . . . . . . . . . . : Sunday, October 14, 2012 8:43:45 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 239365463
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-00-CF-6A-44-6D-57-92-10-F5
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{6A28B771-65F8-4218-972C-BBA24F15F3F3}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{D3F49778-D40A-45CC-9C38-3F33EDD5B8AE}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:4c2:3436:b396:683e(Preferred)
Link-local IPv6 Address . . . . . : fe80::4c2:3436:b396:683e%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:400a:801::1002
173.194.33.34
173.194.33.37
173.194.33.46
173.194.33.39
173.194.33.38
173.194.33.36
173.194.33.33
173.194.33.40
173.194.33.35
173.194.33.32
173.194.33.41


Pinging google.com [173.194.33.41] with 32 bytes of data:
Reply from 173.194.33.41: bytes=32 time=17ms TTL=55
Reply from 173.194.33.41: bytes=32 time=16ms TTL=55

Ping statistics for 173.194.33.41:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 16ms, Maximum = 17ms, Average = 16ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=128ms TTL=52
Reply from 72.30.38.140: bytes=32 time=152ms TTL=52

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 128ms, Maximum = 152ms, Average = 140ms
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=6ms TTL=128
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 6ms, Average = 4ms
===========================================================================
Interface List
12...4c 72 b9 0e 86 b2 ......Realtek PCIe FE Family Controller
11...44 6d 57 92 10 f5 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.7 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.7 281
192.168.1.7 255.255.255.255 On-link 192.168.1.7 281
192.168.1.255 255.255.255.255 On-link 192.168.1.7 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.7 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.7 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:4c2:3436:b396:683e/128
On-link
11 281 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::4c2:3436:b396:683e/128
On-link
11 281 fe80::9187:6ecf:f0d2:5de3/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/13/2012 07:25:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2012 01:02:35 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/13/2012 01:02:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/13/2012 01:02:02 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/13/2012 00:30:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2012 07:25:30 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (HRESULT : 0x80040d03) (0x80040d03)

Error: (10/13/2012 07:25:30 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (HRESULT : 0x80040d03) (0x80040d03)

Error: (10/13/2012 07:25:30 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (HRESULT : 0x80040d03) (0x80040d03)

Error: (10/13/2012 07:25:29 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/13/2012 07:25:29 AM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=431}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (10/13/2012 01:00:46 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (10/13/2012 00:30:20 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:23:32 PM on ?10/?13/?2012 was unexpected.

Error: (10/13/2012 07:25:31 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/13/2012 07:25:31 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218173.

Error: (10/12/2012 10:01:19 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (10/12/2012 07:22:44 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (10/11/2012 08:49:30 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DESKTOP-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6A28B771-65F8-4218-972C-BBA24F15F3F3}.
The master browser is stopping or an election is being forced.

Error: (10/11/2012 08:18:48 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.7.
The computer with the IP address 192.168.1.3 did not allow the name to be claimed by
this computer.

Error: (10/11/2012 08:09:21 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DESKTOP-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6A28B771-65F8-4218-972C-BBA24F15F3F3}.
The master browser is stopping or an election is being forced.

Error: (10/11/2012 07:47:03 AM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{6A28B771-65F8-4218-972C-BBA24F15F3F3} because another computer on the network has the same name. The server could not start.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AMD Accelerated Video Transcoding (Version: 2.00.0000)
AMD APP SDK Runtime (Version: 10.0.873.1)
AMD Catalyst Install Manager (Version: 3.0.870.0)
AMD Media Foundation Decoders (Version: 1.0.70213.1643)
AMD Steady Video Plug-In (Version: 2.03.0000)
AMD VISION Engine Control Center (Version: 2012.0213.1644.29893)
Bejeweled 3 (Version: 2.2.0.97)
CAM UnZip 4.5
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.0213.1644.29893)
Catalyst Control Center Localization All (Version: 2012.0213.1644.29893)
ccc-utility64 (Version: 2012.0213.1644.29893)
CCC Help Chinese Standard (Version: 2012.0213.1643.29893)
CCC Help Chinese Traditional (Version: 2012.0213.1643.29893)
CCC Help Czech (Version: 2012.0213.1643.29893)
CCC Help Danish (Version: 2012.0213.1643.29893)
CCC Help Dutch (Version: 2012.0213.1643.29893)
CCC Help English (Version: 2012.0213.1643.29893)
CCC Help Finnish (Version: 2012.0213.1643.29893)
CCC Help French (Version: 2012.0213.1643.29893)
CCC Help German (Version: 2012.0213.1643.29893)
CCC Help Greek (Version: 2012.0213.1643.29893)
CCC Help Hungarian (Version: 2012.0213.1643.29893)
CCC Help Italian (Version: 2012.0213.1643.29893)
CCC Help Japanese (Version: 2012.0213.1643.29893)
CCC Help Korean (Version: 2012.0213.1643.29893)
CCC Help Norwegian (Version: 2012.0213.1643.29893)
CCC Help Polish (Version: 2012.0213.1643.29893)
CCC Help Portuguese (Version: 2012.0213.1643.29893)
CCC Help Russian (Version: 2012.0213.1643.29893)
CCC Help Spanish (Version: 2012.0213.1643.29893)
CCC Help Swedish (Version: 2012.0213.1643.29893)
CCC Help Thai (Version: 2012.0213.1643.29893)
CCC Help Turkish (Version: 2012.0213.1643.29893)
Cisco WebEx Meetings
D3DX10 (Version: 15.4.2368.0902)
DiskMagik (Version: 3.6.0)
ESET Online Scanner v3
FATE (Version: 2.2.0.97)
Google Chrome (Version: 22.0.1229.94)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
HP Deskjet 3050 J610 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 3050 J610 series Help (Version: 140.0.63.63)
Java Auto Updater (Version: 2.0.4.1)
Java™ 6 Update 25 (Version: 6.0.250)
Junk Mail filter update (Version: 15.4.3502.0922)
Letters from Nowhere 2 (Version: 2.2.0.97)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.5139.5005)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2531.0)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Norton Anti-Theft (Version: 1.6.0.17)
Norton Internet Security (Version: 19.1.0.28)
Olympus Digital Wave Player
PDFill PDF Editor with FREE Writer and FREE Tools (Version: 9.0)
Penguins! (Version: 2.2.0.98)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.98)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Polar Bowler (Version: 2.2.0.97)
Premium Sound HD (Version: 1.12.1800)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
Realtek Ethernet Controller Driver (Version: 7.48.823.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6577)
Realtek USB 2.0 Card Reader (Version: 6.1.7601.30130)
Realtek WLAN Driver (Version: 2.00.0016)
Registry First Aid (Version: 8.2.0)
Service Pack 1 for SQL Server 2008 (KB968369) (Version: 10.1.2531.0)
Snap.Do (Version: 1.6.0.220)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
SUPERAntiSpyware (Version: 5.6.1010)
Synaptics Pointing Device Driver (Version: 15.3.38.2)
TOSHIBA Application Installer (Version: 9.0.1.2)
TOSHIBA Assist (Version: 4.2.3.1)
Toshiba Book Place (Version: 3.0.9490)
TOSHIBA Bulletin Board (Version: 1.6.11.64)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64)
TOSHIBA eco Utility (Version: 1.3.11.64)
TOSHIBA Face Recognition (Version: 3.1.18.64)
TOSHIBA Hardware Setup (Version: 2.00.0020)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.12)
Toshiba Laptop Checkup (Version: 2.0.17.38)
TOSHIBA Media Controller (Version: 1.0.87.5)
TOSHIBA Media Controller Plug-in (Version: 1.0.7.7)
Toshiba Online Backup (Version: 2.0.0.31)
TOSHIBA PC Health Monitor (Version: 1.7.15.64)
TOSHIBA Quality Application (Version: 1.0.4)
TOSHIBA Recovery Media Creator (Version: 2.1.6.52020009)
TOSHIBA ReelTime (Version: 1.7.21.64)
TOSHIBA Resolution+ Plug-in for Windows Media Player (Version: 1.1.3.03)
Toshiba Security Dashboard (Version: 1.0.0.48)
TOSHIBA Service Station (Version: 2.2.13)
TOSHIBA Sleep Utility (Version: 1.4.0022.000104)
TOSHIBA Supervisor Password (Version: 2.00.0009)
TOSHIBA User's Guide (Version: 1.00.02)
TOSHIBA Value Added Package (Version: 1.6.0023.640204)
TOSHIBA Web Camera Application (Version: 2.0.3.33)
TOSHIBARegistration (Version: 1.0.9)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
WildTangent Games (Version: 1.0.3.0)
WildTangent Games App (Toshiba Games) (Version: 4.0.5.36)
Windows Driver Package - OLYMPUS IMAGING CORP. (VNUSB) VNUSB (09/29/2009 2.0.0.0) (Version: 09/29/2009 2.0.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Xactimate 27 (Version: 27.3.1088.23562)
Xactimate 27.0 Multiple License (Version: 27.0.77.49168)

========================= Memory info: ===================================

Percentage of memory in use: 78%
Total physical RAM: 3558.37 MB
Available physical RAM: 763.62 MB
Total Pagefile: 7114.93 MB
Available Pagefile: 3119.99 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.57 MB

========================= Partitions: =====================================

1 Drive c: (TI106426W0A) (Fixed) (Total:581.16 GB) (Free:496.85 GB) NTFS

========================= Users: ========================================

User accounts for \\WORK-PC

Administrator Guest Work

========================= Restore Points ==================================

06-10-2012 18:23:29 Registry First Aid backup
06-10-2012 22:17:37 Windows Update
08-10-2012 18:55:09 Installed Olympus Digital Wave Player
08-10-2012 19:12:29 Windows Update
08-10-2012 19:38:40 Device Driver Package Install: OLYMPUS IMAGING CORP.
09-10-2012 16:56:06 Installed PDFill PDF Editor with FREE Writer and FREE Tools
11-10-2012 02:57:06 Windows Update
12-10-2012 03:55:11 Installed Olympus Digital Wave Player
12-10-2012 19:33:37 Registry First Aid backup
13-10-2012 17:10:25 Windows Backup
13-10-2012 17:15:01 Windows Backup

**** End of log ****

Farbar

Farbar Service Scanner Version: 07-10-2012
Ran by Work (administrator) on 13-10-2012 at 21:15:00
Running from "C:\Users\Work\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-10-10 08:22] - [2012-06-01 22:41] - 0184320 ____A (Microsoft Corporation) 9C01375BE382E834CC26D1B7EAF2C4FE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Adware

# AdwCleaner v2.004 - Logfile created 10/13/2012 at 21:18:43
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Work - WORK-PC
# Boot Mode : Normal
# Running from : C:\Users\Work\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Funmoods
Folder Deleted : C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Deleted : C:\Users\Work\AppData\Local\Smartbar

***** [Registry] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\SmartbarBackup
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzytD0EzzyC0BtB0B0DyC0DtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1846693070 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=US&userid=57086e6b-3d27-4e71-88cf-2fb9c68838ac&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=US&userid=57086e6b-3d27-4e71-88cf-2fb9c68838ac&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzytD0EzzyC0BtB0B0DyC0DtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1846693070 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=US&userid=57086e6b-3d27-4e71-88cf-2fb9c68838ac&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=US&userid=57086e6b-3d27-4e71-88cf-2fb9c68838ac&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.11] : homepage = "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzytD0EzzyC0BtB0B0DyC0DtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1846693070",
Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzytD0EzzyC0BtB0B0DyC0DtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1846693070" ]
Deleted [l.1369] : homepage = "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzytD0EzzyC0BtB0B0DyC0DtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1846693070",
Deleted [l.1602] : urls_to_restore_on_startup = [ "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzytD0EzzyC0BtB0B0DyC0DtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1846693070" ]

*************************

AdwCleaner[R1].txt - [9235 octets] - [13/10/2012 21:17:13]
AdwCleaner[S1].txt - [9278 octets] - [13/10/2012 21:18:43]

########## EOF - C:\AdwCleaner[S1].txt - [9338 octets] ##########

#6 Pdxgpz

Pdxgpz
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 13 October 2012 - 11:36 PM

Norton keeps blocking and deleting the JRT

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:57 AM

Posted 13 October 2012 - 11:47 PM

Disable norton and run JRT

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#8 Pdxgpz

Pdxgpz
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 14 October 2012 - 09:46 AM

JRT

Junkware Removal Tool (JRT) by Thisisu
Version: 1.5.5 (10.13.2012)
OS: Windows 7 Home Premium x64
Ran by Work on Sat 10/13/2012 at 21:53:32.93
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files:

Successfully deleted: [FILE] "C:\Users\Work\AppData\Local\funmoods-speeddial_sf.crx"



*** Folders: 0 Detections



*** Event Viewer Logs - Cleared


RKill

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/13/2012 10:38:15 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Work\Desktop\rkill\rkill-10-13-2012-10-38-22.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 10/13/2012 10:38:34 PM
Execution time: 0 hours(s), 0 minute(s), and 19 seconds(s)

#9 Pdxgpz

Pdxgpz
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 14 October 2012 - 09:54 AM

I can't figure out Autoruns - not unzipping, maybe?

I got the exe to execute, but no usable results

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:57 AM

Posted 14 October 2012 - 10:06 AM

I got the exe to execute, but no usable results


Please explain your issue.

#11 Pdxgpz

Pdxgpz
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 14 October 2012 - 11:45 AM

I download the exe, then double click on it

I get a folder with 4 files in it

If I load it into Cam Unzip, I get a bunch of files on CAM, can't get a text result

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:57 AM

Posted 14 October 2012 - 12:50 PM

I get a folder with 4 files in it


Double click on Autoruns.exe and follow the instructions

#13 Pdxgpz

Pdxgpz
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 14 October 2012 - 01:01 PM

No instructions appear, I get the Autoruns box and no idea of how to post what appears to be the results (because it scans)

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:57 AM

Posted 14 October 2012 - 01:11 PM

No instructions appear, I get the Autoruns box and no idea of how to post what appears to be the results (because it scans)



Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#15 Pdxgpz

Pdxgpz
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 14 October 2012 - 01:18 PM

Okay, it was the changing it to text that threw me

Autoruns

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "rfagent" "Registry First Aid, the easy powerful registry maintenance program" "KsL Software" "c:\program files\rfa 8\rfagent64.exe"
+ "RtHDVCpl" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravcpl64.exe"
+ "SRS Premium Sound HD" "SRS Control Panel" "SRS Labs, Inc." "c:\program files\srs labs\srs control panel\srspanel_64.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
+ "TCrdMain" "TOSHIBA Flash Cards Main Module" "TOSHIBA Corporation" "c:\program files\toshiba\flashcards\tcrdmain.exe"
+ "Teco" "TOSHIBA eco Utility" "TOSHIBA Corporation" "c:\program files\toshiba\teco\teco.exe"
+ "TosNC" "Message Center" "TOSHIBA Corporation" "c:\program files\toshiba\bulletinboard\tosnccore.exe"
+ "TosReelTimeMonitor" "Monitor of TOSHIBA ReelTime" "TOSHIBA Corporation" "c:\program files\toshiba\reeltime\tosreeltimemonitor.exe"
+ "TosSENotify" "" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\toswaitsrv.exe"
+ "TosVolRegulator" " Toshiba Volume Regulator" "TOSHIBA Corporation" "c:\program files\toshiba\tosvolregulator\tosvolregulator.exe"
+ "TosWaitSrv" "" "TOSHIBA Corporation" "c:\program files\toshiba\tphm\toswaitsrv.exe"
+ "TPwrMain" "TOSHIBA Power Saver" "TOSHIBA Corporation" "c:\program files\toshiba\power saver\tpwrmain.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "NortonOnlineBackupReminder" "Toshiba Online Backup Service" "Toshiba" "c:\program files (x86)\toshiba\toshiba online backup\activation\tobuactivation.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe"
+ "ToshibaServiceStation" "TOSHIBA Service Station" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba service station\toshibaservicestation.exe"
+ "TSleepSrv" "TOSHIBA Sleep Service" "TOSHIBA" "c:\program files (x86)\toshiba\toshiba sleep utility\tsleepsrv.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Device Detector 3.lnk" "Device Detector 3" "OLYMPUS IMAGING CORP." "c:\program files (x86)\olympus\devicedetector\devdtct2.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "SUPERAntiSpyware" "SUPERAntiSpyware Application" "SUPERAntiSpyware.com" "c:\program files\superantispyware\superantispyware.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
+ "video/mp4" "MIME Video Detector for IE" "Advanced Micro Devices" "c:\program files\amd\steadyvideo\videomimefilter.dll"
+ "video/x-flv" "MIME Video Detector for IE" "Advanced Micro Devices" "c:\program files\amd\steadyvideo\videomimefilter.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine64\19.1.0.28\navshext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine64\19.1.0.28\navshext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "SteadyVideoBHO Class" "This plugin allows the user to turn AMD SteadyVideo on or off when video is detected on the web." "Advanced Micro Devices" "c:\program files\amd\steadyvideo\steadyvideo.dll"
+ "TOSHIBA Media Controller Plug-in" "TOSHIBA Media Controller Plug-in (64)" "<TOSHIBA>" "c:\program files (x86)\toshiba\toshiba media controller plug-in\x64\toshibamediacontrollerie.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "Norton Identity Protection" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\19.1.0.28\coieplg.dll"
+ "Norton Vulnerability Protection" "IPS Browser Helper DLL" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\19.1.0.28\ips\ipsbho.dll"
+ "SteadyVideoBHO Class" "This plugin allows the user to turn AMD SteadyVideo on or off when video is detected on the web." "Advanced Micro Devices" "c:\program files (x86)\amd\steadyvideo\steadyvideo.dll"
+ "TOSHIBA Media Controller Plug-in" "TOSHIBA Media Controller Plug-in (32)" "<TOSHIBA>" "c:\program files (x86)\toshiba\toshiba media controller plug-in\toshibamediacontrollerie.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Norton Toolbar" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\19.1.0.28\coieplg.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\onbttnie.dll"
"Task Scheduler" "" "" ""
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Norton Anti-Theft\Norton Error Analyzer" "Symantec Error Reporting" "Symantec Corporation" "c:\program files (x86)\norton anti-theft\engine\1.6.0.17\symerr.exe"
+ "\Norton Internet Security\Norton Error Analyzer" "Symantec Error Reporting" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\19.1.0.28\symerr.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore64.exe"
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "atashost" "WebEx Support Center." "Cisco WebEx LLC" "c:\windows\syswow64\atashost.exe"
+ "cvhsvc" "Client Virtualization Handler Service (unlocalized description)" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe"
+ "DiskMgkS" "Component of DiskMagik which is required for local defragmentation." "RoseCity Software" "c:\program files\diskmagik\diskmgks.exe"
+ "GamesAppService" "WT Games App Services" "WildTangent, Inc." "c:\program files (x86)\wildtangent games\app\gamesappservice.exe"
+ "GFNEXSrv" "GFNEXSrv" "" "c:\windows\system32\gfnexsrv.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "MSSQL$XACTWARE" "Provides storage, processing and controlled access of data, and rapid transaction processing." "Microsoft Corporation" "c:\program files (x86)\microsoft sql server\mssql10.xactware\mssql\binn\sqlservr.exe"
+ "NAT" "Norton Anti-Theft" "Symantec Corporation" "c:\program files (x86)\norton anti-theft\engine\1.6.0.17\ccsvchst.exe"
+ "NIS" "Norton Internet Security" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\19.1.0.28\ccsvchst.exe"
+ "Norton PC Checkup Application Launcher" "Provides consolidated application launching facility" "Symantec Corporation" "c:\program files (x86)\norton pc checkup\engine\2.0.17.38\symcpcculaunchsvc.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "PCCUJobMgr" "Job Manager service for common client services" "Symantec Corporation" "c:\program files (x86)\norton pc checkup\engine\2.0.17.38\ccsvchst.exe"
+ "sftlist" "Streams and manages applications." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftlist.exe"
+ "sftvsa" "Monitors global service events and launches virtual services." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftvsa.exe"
+ "SQLWriter" "Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure." "Microsoft Corporation" "c:\program files\microsoft sql server\90\shared\sqlwriter.exe"
+ "taisregispinger" "fbdpinger" "Toshiba America Information Systems." "c:\program files (x86)\toshiba\toshibaregistration\taisregistpinger.exe"
+ "TMachInfo" "TOSHIBA Machine Information Service" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba service station\tmachinfo.exe"
+ "TODDSrv" "TDCSrv Application" "TOSHIBA Corporation" "c:\windows\system32\toddsrv.exe"
+ "TosCoSrv" "TOSHIBA Power Saver manages power saving settings supported by TOSHIBA. These settings will not work if the service has stopped." "TOSHIBA Corporation" "c:\program files\toshiba\power saver\toscosrv.exe"
+ "TOSHIBA eco Utility Service" "TOSHIBA eco Utility Service" "TOSHIBA Corporation" "c:\program files\toshiba\teco\tecoservice.exe"
+ "TOSHIBA HDD SSD Alert Service" "TOSHIBA HDD SSD Alert" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\tossmartsrv.exe"
+ "TPCHSrv" "TOSHIBA PC Health Monitor" "TOSHIBA Corporation" "c:\program files\toshiba\tphm\tpchsrv.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdhub30" "AMD USB 3.0 Hub Driver" "Advanced Micro Devices, INC." "c:\windows\system32\drivers\amdhub30.sys"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys"
+ "amdkmpfd" "AMD PCI Root Bus Lower Filter" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\amdkmpfd.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "amdxhc" "AMD USB 3.0 Host Controller Driver" "Advanced Micro Devices, INC." "c:\windows\system32\drivers\amdxhc.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "AtiHDAudioService" "AMD High Definition Audio Function Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\atihdw76.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BHDrvx64" "SONAR Engine Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20120928.001\bhdrvx64.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "ccSet_NAT" "Common Client Settings Driver" "Symantec Corporation" "c:\windows\system32\drivers\natx64\0106000.011\ccsetx64.sys"
+ "ccSet_NIS" "Common Client Settings Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1301000.01c\ccsetx64.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eectrl64.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "IDSVia64" "Symantec Intrusion Prevention Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20121012.001\idsvia64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "NAVENG" "AV Engine" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20121013.007\eng64.sys"
+ "NAVEX15" "AV Engine" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20121013.007\ex64.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PGEffect" "TOSHIBA Universal Camera Filter Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\pgeffect.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSUSBSTOR" "Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsustor.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "RTL8192Ce" "Realtek RTL81892CE NDIS Driverr" "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtl8192ce.sys"
+ "SASDIFSV" "SASDIFSV64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv64.sys"
+ "SASKUTIL" "SASKUTIL64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil64.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SRTSP" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1301000.01c\srtsp64.sys"
+ "SRTSPX" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1301000.01c\srtspx64.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SymDS" "Symantec Data Store" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1301000.01c\symds64.sys"
+ "SymEFA" "Symantec Extended File Attributes" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1301000.01c\symefa64.sys"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent64x86.sys"
+ "SymIRON" "Iron Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1301000.01c\ironx64.sys"
+ "SymNetS" "Network Security Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1301000.01c\symnets.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "tdcmdpst" "TOSHIBA ODD Writing Driver for x64." "TOSHIBA Corporation." "c:\windows\system32\drivers\tdcmdpst.sys"
+ "TVALZ" "TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalz_o.sys"
+ "TVALZFL" "TOSHIBA TVALZ Filter Driver for x64" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalzfl.sys"
+ "usbfilter" "AMD USB Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\usbfilter.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "VNUSB" "VNUSB Driver for Windows Vista(x64)" "OLYMPUS IMAGING CORP." "c:\windows\system32\drivers\vnusb.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "AMD MJPEG Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Audio Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG File Writer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Multiplexer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Video Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Video Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI Video Rotation Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI Video Scaler Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files\playready\prdmowrapper.dll"
+ "SFVCaptureFilter" "SmartFaceVCapt" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcapt.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "AMD MJPEG Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Audio Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG File Writer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Multiplexer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Video Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Video Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI Ticker" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "ATI Video Rotation Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI Video Scaler Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Image Effects" "TimeStam Dynamic Link Library" "TOSHIBA CORPORATION." "c:\program files (x86)\toshiba\toshiba web camera application\pgtimefilter.dll"
+ "MMACE Deinterlace" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files (x86)\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files (x86)\playready\prdmowrapper.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "TOSHIBA Progress Monitor" "TOSHIBA Progress Monitor" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\tprogmon.ax"
+ "TOSHIBA WAV Converter" "TOSHIBA Wav Converter" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\twavconv.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "DiskMgkB" "DiskMagik Boot" "RoseCity Software" "c:\windows\system32\diskmgkb.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "PinpointCP" "Norton Anti-Theft Credential Provider" "Symantec Corporation" "c:\program files (x86)\norton anti-theft\engine64\1.6.0.17\ppcp.dll"
+ "SmartFaceVCP" "SmartFaceVCP" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcp.dll"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "HP 9311 Status Monitor" "Print Status Language Monitor" "Hewlett-Packard Co." "c:\windows\system32\hpinksts9311lm.dll"
+ "HP Discovery Port Monitor (HP Deskjet 3050 J610 series)" "HP Discovery Port Monitor" "Hewlett-Packard Co." "c:\windows\system32\hpdiscopm9311.dll"
+ "PDFill Writer Monitor" "DDK Local Monitor DLL" "Windows ® Codename Longhorn DDK provider" "c:\program files (x86)\plotsoft\pdfill\pdfwriter\driver\pdfillwritermon.dll"
+ "PrimoMon" "" "" "c:\windows\system32\primomonnt.dll"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users