Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected


  • Please log in to reply
12 replies to this topic

#1 amiri baraka

amiri baraka

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 03 January 2013 - 05:47 PM

hi,

my computer was seemingly infected by a virus. malware bytes detected it and quarantined it. i restarted it in safe mode and ran malware bytes and every time it detected the virus the computer would shut off. i tried this twice more and the same thing occurred. then i tried running superantispayware in safe mode and the same thing occurred again.

any thoughts? thanks you in advance...


i am using windows vista...

The log from the C drive after using The TDSSkiller
12:11:29.0976 1376 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:11:30.0303 1376 ============================================================
12:11:30.0303 1376 Current date / time: 2013/01/04 12:11:30.0303
12:11:30.0303 1376 SystemInfo:
12:11:30.0303 1376
12:11:30.0303 1376 OS Version: 6.0.6002 ServicePack: 2.0
12:11:30.0303 1376 Product type: Workstation
12:11:30.0303 1376 ComputerName: BRENDAN-PC
12:11:30.0303 1376 UserName: brendan
12:11:30.0303 1376 Windows directory: C:\Windows
12:11:30.0303 1376 System windows directory: C:\Windows
12:11:30.0303 1376 Processor architecture: Intel x86
12:11:30.0303 1376 Number of processors: 2
12:11:30.0303 1376 Page size: 0x1000
12:11:30.0303 1376 Boot type: Safe boot with network
12:11:30.0303 1376 ============================================================
12:11:31.0645 1376 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:11:31.0645 1376 ============================================================
12:11:31.0645 1376 \Device\Harddisk0\DR0:
12:11:31.0645 1376 MBR partitions:
12:11:31.0645 1376 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BD59000
12:11:31.0645 1376 ============================================================
12:11:31.0661 1376 C: <-> \Device\Harddisk0\DR0\Partition1
12:11:31.0661 1376 ============================================================
12:11:31.0661 1376 Initialize success
12:11:31.0661 1376 ============================================================
12:12:48.0881 2036 ============================================================
12:12:48.0881 2036 Scan started
12:12:48.0881 2036 Mode: Manual; TDLFS;
12:12:48.0881 2036 ============================================================
12:12:49.0115 2036 ================ Scan system memory ========================
12:12:49.0115 2036 System memory - ok
12:12:49.0130 2036 ================ Scan services =============================
12:12:49.0286 2036 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
12:12:49.0286 2036 !SASCORE - ok
12:12:49.0333 2036 .tdx - ok
12:12:49.0505 2036 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
12:12:49.0520 2036 ACPI - ok

after aswMBR
BR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-04 12:55:19
-----------------------------
12:55:19.699 OS Version: Windows 6.0.6002 Service Pack 2
12:55:19.699 Number of processors: 2 586 0x301
12:55:19.699 ComputerName: BRENDAN-PC UserName: brendan
12:56:04.939 Initialize success
12:59:43.370 AVAST engine defs: 13010400
12:59:49.938 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:59:49.938 Disk 0 Vendor: TOSHIBA_MK2555GSX FG001M Size: 238475MB BusType: 3
12:59:49.969 Disk 0 MBR read successfully
12:59:50.031 Disk 0 MBR scan
12:59:50.031 Disk 0 Windows VISTA default MBR code
12:59:50.063 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
12:59:50.078 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 228018 MB offset 3074048
12:59:50.172 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8956 MB offset 470054912
12:59:50.203 Disk 0 scanning sectors +488396800
12:59:50.359 Disk 0 scanning C:\Windows\system32\drivers
13:00:02.137 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Aluroot [Rtk]
13:00:04.742 Disk 0 trace - called modules:
13:00:04.773 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
13:00:04.836 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x852ce410]
13:00:04.851 3 CLASSPNP.SYS[899188b3] -> nt!IofCallDriver -> [0x85261918]
13:00:04.867 5 acpi.sys[806176bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8525fb98]
13:00:06.209 AVAST engine scan C:\Windows
13:00:09.219 AVAST engine scan C:\Windows\system32
13:04:24.404 AVAST engine scan C:\Windows\system32\drivers
13:04:38.241 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Aluroot [Rtk]
13:04:43.374 AVAST engine scan C:\Users\brendan
13:05:56.241 Disk 0 MBR has been saved successfully to "C:\Users\brendan\Desktop\MBR.dat"
13:05:56.335 The log file has been saved successfully to "C:\Users\brendan\Desktop\aswMBR.txt"

Edited by amiri baraka, 04 January 2013 - 01:08 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:46 PM

Posted 04 January 2013 - 03:12 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 amiri baraka

amiri baraka
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 04 January 2013 - 06:34 PM

Hi there,

thanks so much for the help.

here are the results from the first two scans...



The log from the C drive after using The TDSSkiller
12:11:29.0976 1376 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:11:30.0303 1376 ============================================================
12:11:30.0303 1376 Current date / time: 2013/01/04 12:11:30.0303
12:11:30.0303 1376 SystemInfo:
12:11:30.0303 1376
12:11:30.0303 1376 OS Version: 6.0.6002 ServicePack: 2.0
12:11:30.0303 1376 Product type: Workstation
12:11:30.0303 1376 ComputerName: BRENDAN-PC
12:11:30.0303 1376 UserName: brendan
12:11:30.0303 1376 Windows directory: C:\Windows
12:11:30.0303 1376 System windows directory: C:\Windows
12:11:30.0303 1376 Processor architecture: Intel x86
12:11:30.0303 1376 Number of processors: 2
12:11:30.0303 1376 Page size: 0x1000
12:11:30.0303 1376 Boot type: Safe boot with network
12:11:30.0303 1376 ============================================================
12:11:31.0645 1376 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:11:31.0645 1376 ============================================================
12:11:31.0645 1376 \Device\Harddisk0\DR0:
12:11:31.0645 1376 MBR partitions:
12:11:31.0645 1376 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BD59000
12:11:31.0645 1376 ============================================================
12:11:31.0661 1376 C: <-> \Device\Harddisk0\DR0\Partition1
12:11:31.0661 1376 ============================================================
12:11:31.0661 1376 Initialize success
12:11:31.0661 1376 ============================================================
12:12:48.0881 2036 ============================================================
12:12:48.0881 2036 Scan started
12:12:48.0881 2036 Mode: Manual; TDLFS;
12:12:48.0881 2036 ============================================================
12:12:49.0115 2036 ================ Scan system memory ========================
12:12:49.0115 2036 System memory - ok
12:12:49.0130 2036 ================ Scan services =============================
12:12:49.0286 2036 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
12:12:49.0286 2036 !SASCORE - ok
12:12:49.0333 2036 .tdx - ok
12:12:49.0505 2036 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
12:12:49.0520 2036 ACPI - ok

after aswMBR
BR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-04 12:55:19
-----------------------------
12:55:19.699 OS Version: Windows 6.0.6002 Service Pack 2
12:55:19.699 Number of processors: 2 586 0x301
12:55:19.699 ComputerName: BRENDAN-PC UserName: brendan
12:56:04.939 Initialize success
12:59:43.370 AVAST engine defs: 13010400
12:59:49.938 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:59:49.938 Disk 0 Vendor: TOSHIBA_MK2555GSX FG001M Size: 238475MB BusType: 3
12:59:49.969 Disk 0 MBR read successfully
12:59:50.031 Disk 0 MBR scan
12:59:50.031 Disk 0 Windows VISTA default MBR code
12:59:50.063 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
12:59:50.078 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 228018 MB offset 3074048
12:59:50.172 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8956 MB offset 470054912
12:59:50.203 Disk 0 scanning sectors +488396800
12:59:50.359 Disk 0 scanning C:\Windows\system32\drivers
13:00:02.137 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Aluroot [Rtk]
13:00:04.742 Disk 0 trace - called modules:
13:00:04.773 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
13:00:04.836 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x852ce410]
13:00:04.851 3 CLASSPNP.SYS[899188b3] -> nt!IofCallDriver -> [0x85261918]
13:00:04.867 5 acpi.sys[806176bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8525fb98]
13:00:06.209 AVAST engine scan C:\Windows
13:00:09.219 AVAST engine scan C:\Windows\system32
13:04:24.404 AVAST engine scan C:\Windows\system32\drivers
13:04:38.241 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Aluroot [Rtk]
13:04:43.374 AVAST engine scan C:\Users\brendan
13:05:56.241 Disk 0 MBR has been saved successfully to "C:\Users\brendan\Desktop\MBR.dat"
13:05:56.335 The log file has been saved successfully to "C:\Users\brendan\Desktop\aswMBR.txt"




As for the ESET scan, the computer crapped out twice while attempting to complete the scan---the second try was very close to finishing...i wrote down the viruses it found before it died...

a variant of WIN32/KVPTIKAHJPTROJAN

" " (same thing again)

a variant of WIN32/Adware.mediafinder.D.application

a variant of JAva/TrojanDownloader.Aget.NDJtrojan multiple threats

a variant of Java/DownloaderAgent.NDJtrojan multiple threats

Edited by amiri baraka, 04 January 2013 - 06:53 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:46 PM

Posted 05 January 2013 - 03:29 AM

Please run ESET online scanner in safemode with networking and post the log

Run all these tools in normal mode

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 amiri baraka

amiri baraka
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 05 January 2013 - 01:34 PM

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.05.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
brendan :: BRENDAN-PC [administrator]

1/5/2013 11:29:59 AM
MBAM-log-2013-01-05 (13-33-46).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 358682
Time elapsed: 2 hour(s), 3 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\BaiduBarEx.BDHomePage.1 (PUP.Baidu) -> No action taken.
HKCR\BaiduBarEx.BDHomePage.2 (PUP.Baidu) -> No action taken.
HKCR\BaiduBarEx.BDHomePage.3 (PUP.Baidu) -> No action taken.
HKCR\BaiduBarEx.BDHomePage.4 (PUP.Baidu) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

malware bytes entry

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Program Files\TOSHIBA\Amazon\MP3.exe (Trojan.Clicker) -> No action taken.
C:\Program Files\TOSHIBA\Amazon\ShoppingD.exe (Trojan.Clicker) -> No action taken.
C:\Program Files\TOSHIBA\Amazon\VOD.exe (Trojan.Clicker) -> No action taken.
C:\Users\brendan\Documents\other\arc\multiARC.exe (Trojan.Agent) -> No action taken.
C:\Users\brendan\Downloads\Apartheid_Unit_Plan_Grade_9.FULL.pdf.exe (PUP.Adware.Agent) -> No action taken.

(end)

#6 amiri baraka

amiri baraka
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 05 January 2013 - 01:35 PM

here are the results after removal...


1/5/2013 11:29:59 AM
MBAM-log-2013-01-05 (13-33-46).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 358682
Time elapsed: 2 hour(s), 3 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\BaiduBarEx.BDHomePage.1 (PUP.Baidu) -> No action taken.
HKCR\BaiduBarEx.BDHomePage.2 (PUP.Baidu) -> No action taken.
HKCR\BaiduBarEx.BDHomePage.3 (PUP.Baidu) -> No action taken.
HKCR\BaiduBarEx.BDHomePage.4 (PUP.Baidu) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Program Files\TOSHIBA\Amazon\MP3.exe (Trojan.Clicker) -> No action taken.
C:\Program Files\TOSHIBA\Amazon\ShoppingD.exe (Trojan.Clicker) -> No action taken.
C:\Program Files\TOSHIBA\Amazon\VOD.exe (Trojan.Clicker) -> No action taken.
C:\Users\brendan\Documents\other\arc\multiARC.exe (Trojan.Agent) -> No action taken.
C:\Users\brendan\Downloads\Apartheid_Unit_Plan_Grade_9.FULL.pdf.exe (PUP.Adware.Agent) -> No action taken.

Edited by amiri baraka, 05 January 2013 - 01:41 PM.


#7 amiri baraka

amiri baraka
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 05 January 2013 - 01:48 PM

farbar scan...


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys
[2009-09-14 12:52] - [2009-04-10 23:45] - 0072192 ____A () 02357D46A465B5E2C6D0BBF41694A5F8

ATTENTION!=====> C:\Windows\system32\Drivers\tdx.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


AdwCleaner scan...

# Boot Mode : Normal
# Running from : C:\Users\brendan\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\brendan\AppData\Roaming\Mozilla\Firefox\Profiles\nm8nsi5v.default\searchplugins\Askcom.xml
File Found : C:\Users\brendan\AppData\Roaming\Mozilla\Firefox\Profiles\nm8nsi5v.default\searchplugins\web-search.xml
Folder Found : C:\Program Files\Free Offers from Freeze.com
Folder Found : C:\Users\brendan\AppData\LocalLow\ShopperReports3

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\AskBarDis
Key Found : HKCU\Software\AppDataLow\Software\ShopperReports3
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuestBrowse
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopperReportsSA
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Zugo
Key Found : HKLM\Software\Freeze.com
Key Found : HKU\S-1-5-21-1281981479-4211209836-549497216-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-1281981479-4211209836-549497216-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKU\S-1-5-21-1281981479-4211209836-549497216-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6002.18005

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\brendan\AppData\Roaming\Mozilla\Firefox\Profiles\nm8nsi5v.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.selectedEngine", "Web Search...");
Found : user_pref("keyword.URL", "hxxp://vshareus.my-quick-search.com/search.aspx?srch=ku&q=");
Found : user_pref("vshareus.install.date", "1284336000000");
Found : user_pref("vshareus.install.finished", "1.0.0");
Found : user_pref("vshareus.install.guid", "{db0600a1-cc9c-4241-b760-e8410ad32cd4}");
Found : user_pref("vshareus.install.isHidden", true);
Found : user_pref("vshareus.install.istoolbarhp", true);
Found : user_pref("vshareus.install.istoolbarsearch", true);
Found : user_pref("vshareus.install.laststatreq", "1304640000000");
Found : user_pref("vshareus.install.newtab", false);

File : C:\Users\george\AppData\Roaming\Mozilla\Firefox\Profiles\8h7gy6z7.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\brendan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3743 octets] - [05/01/2013 13:49:12]

########## EOF - C:\AdwCleaner[R1].txt - [3803 octets] ##########


JRT scan...




~~~ FireFox

Successfully deleted: [File] C:\Users\brendan\AppData\Roaming\mozilla\firefox\profiles\nm8nsi5v.default\user.js
Successfully deleted: [File] C:\Users\brendan\AppData\Roaming\mozilla\firefox\profiles\nm8nsi5v.default\searchplugins\askcom.xml
Successfully deleted the following from C:\Users\brendan\AppData\Roaming\mozilla\firefox\profiles\nm8nsi5v.default\prefs.js

user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");
user_pref("browser.search.selectedEngine", "Web Search...");
user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
user_pref("keyword.URL", "http://vshareus.my-quick-search.com/search.aspx?srch=ku&q=");
user_pref("vshareus.install.date", "1284336000000");
user_pref("vshareus.install.finished", "1.0.0");
user_pref("vshareus.install.guid", "{db0600a1-cc9c-4241-b760-e8410ad32cd4}");
user_pref("vshareus.install.isHidden", true);
user_pref("vshareus.install.istoolbarhp", true);
user_pref("vshareus.install.istoolbarsearch", true);
user_pref("vshareus.install.laststatreq", "1304640000000");
user_pref("vshareus.install.newtab", false);



~~~ Event Viewer Logs were cleared






ATTENTION: The ESET SCAN DID NOT WORK in SAFE MODE...The Computer would just shut off during the middle of the scan. this happened multiple times so eventually I skipped that step and went to the other scans. I hope that is OK...please let me know if you want me to try the ESET scan in regular mode instead of safe mode. Thanks again...

Edited by amiri baraka, 05 January 2013 - 02:03 PM.


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:46 PM

Posted 06 January 2013 - 09:53 AM

Yes go ahead

Mini tool box log?

Remove the infections detected by malwarebytes and run a scan again and post the clean log

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here


Do not click on SEARCH.Click on DELETE option

#9 amiri baraka

amiri baraka
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 06 January 2013 - 07:04 PM

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.05.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
brendan :: BRENDAN-PC [administrator]

1/6/2013 5:07:18 PM
mbam-log-2013-01-06 (17-07-18).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 358506
Time elapsed: 1 hour(s), 50 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


MiniToolBox by Farbar Version: 25-11-2012
Ran by brendan (administrator) on 06-01-2013 at 17:02:18
Running from "C:\Users\brendan\Downloads"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 63091
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8187SE Wireless LAN PCIE Network Adapter = Wireless Network Connection (Connected)
Realtek RTL8102/8103 Family PCI-E FE NIC = Local Area Connection (Media disconnected)

# AdwCleaner v2.104 - Logfile created 01/06/2013 at 16:45:01
# Updated 29/12/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : brendan - BRENDAN-PC
# Boot Mode : Normal
# Running from : C:\Users\brendan\Downloads\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\brendan\AppData\Roaming\Mozilla\Firefox\Profiles\nm8nsi5v.default\searchplugins\web-search.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\ShopperReports3
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuestBrowse
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopperReportsSA
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6002.18005

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\brendan\AppData\Roaming\Mozilla\Firefox\Profiles\nm8nsi5v.default\prefs.js

[OK] File is clean.

File : C:\Users\george\AppData\Roaming\Mozilla\Firefox\Profiles\8h7gy6z7.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\brendan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3872 octets] - [05/01/2013 13:49:12]
AdwCleaner[S1].txt - [1838 octets] - [06/01/2013 16:45:01]

########## EOF - C:\AdwCleaner[S1].txt - [1898 octets] ##########

# Running from : C:\Users\brendan\Downloads\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\brendan\AppData\Roaming\Mozilla\Firefox\Profiles\nm8nsi5v.default\searchplugins\web-search.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\ShopperReports3
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuestBrowse
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopperReportsSA
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6002.18005

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\brendan\AppData\Roaming\Mozilla\Firefox\Profiles\nm8nsi5v.default\prefs.js

[OK] File is clean.

File : C:\Users\george\AppData\Roaming\Mozilla\Firefox\Profiles\8h7gy6z7.default\prefs.js

MiniToolBox by Farbar Version: 25-11-2012
Ran by brendan (administrator) on 06-01-2013 at 17:02:18
Running from "C:\Users\brendan\Downloads"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 63091
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8187SE Wireless LAN PCIE Network Adapter = Wireless Network Connection (Connected)
Realtek RTL8102/8103 Family PCI-E FE NIC = Local Area Connection (Media disconnected)





[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\brendan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3872 octets] - [05/01/2013 13:49:12]
AdwCleaner[S1].txt - [1838 octets] - [06/01/2013 16:45:01]

########## EOF - C:\AdwCleaner[S1].txt - [1898 octets] ##########




The ESET scan in regular mode came out clean...

#10 amiri baraka

amiri baraka
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 07 January 2013 - 09:38 PM

thanks very much for your help. i am going to assume the machine is clean unless you say otherwise...

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:46 PM

Posted 08 January 2013 - 07:49 AM

Click on startmenu and type

cmd

Right click on it and select run as administrator and run this command

sfc /scanfile=c:\windows\system32\drivers\tdx.sys

After command finishes

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#12 amiri baraka

amiri baraka
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 08 January 2013 - 04:33 PM

farbar scan....

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



Rkill scan..


Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/08/2013 04:33:42 PM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\brendan\Downloads\FSS.exe (PID: 3544) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:
* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 01/08/2013 04:34:06 PM
Execution time: 0 hours(s), 0 minute(s), and 23 seconds(s)




"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\reader 9.0\reader\reader_sl.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "cfFncEnabler.exe" "cfFncEnabler" "Toshiba Corporation" "c:\program files\toshiba\configfree\cffncenabler.exe"
+ "NDSTray.exe" "ConfigFree Task Tray Menu" "TOSHIBA CORPORATION" "c:\program files\toshiba\configfree\ndstray.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "RtHDVCpl" "HD Audio Control Panel" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\rthdvcpl.exe"
+ "Skytel" "Realtek Voice Manager" "Realtek Semiconductor Corp." "c:\program files\realtek\audio\hda\skytel.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
+ "TosSENotify" "TosSENotify.exe.mui" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\tossenotify.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Google Update" "Google Installer" "Google Inc." "c:\users\brendan\appdata\local\google\update\googleupdate.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "skype-ie-addon-data" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\common files\skype\skype4com.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "{39191779-1279-1488-2423-313587536963}" "" "" "File not found: C:\Users\brendan\AppData\Local\Temp\cbh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "LavasoftShellExt" "Shell Extension " "Lavasoft Limited" "c:\program files\lavasoft\ad-aware\shellext.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "LavasoftShellExt" "Shell Extension " "Lavasoft Limited" "c:\program files\lavasoft\ad-aware\shellext.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "EnhancedStorageShell" "" "" "File not found: C:\Users\brendan\AppData\Local\Temp\cbh.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "RealPlayer Download and Record Plugin for Internet Explorer" "RealPlayer Download and Record Plugin" "RealPlayer" "c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll"
+ "Skype add-on for Internet Explorer" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll"
+ "Skype add-on for Internet Explorer" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "\FreeFileViewerUpdateChecker" "Bitberry Software Update Checker" "Bitberry Software" "c:\program files\freefileviewer\ffvcheckforupdates.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-1281981479-4211209836-549497216-1000Core" "Google Installer" "Google Inc." "c:\users\brendan\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-1281981479-4211209836-549497216-1000UA" "Google Installer" "Google Inc." "c:\users\brendan\appdata\local\google\update\googleupdate.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Windows Defender Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs"
+ "\RealUpgradeLogonTaskS-1-5-21-1281981479-4211209836-549497216-1000" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe"
+ "\RealUpgradeScheduledTaskS-1-5-21-1281981479-4211209836-549497216-1000" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore.exe"
+ "AgereModemAudio" "Agere Soft Modem Call Progress Service" "Agere Systems" "c:\windows\system32\agrsmsvc.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "ConfigFree Service" "You can't stop this service, if you want to keep ConfigFree functionality fine." "TOSHIBA CORPORATION" "c:\program files\toshiba\configfree\cfsvcs.exe"
+ "GoogleDesktopManager-051210-111108" "Updates Google Desktop with the latest security fixes, enhancements and features. This service only runs occasionally and thus does not affect your computer's performance. If this service is stopped or disabled, Google Desktop may not function correctly." "Google" "c:\program files\google\google desktop search\googledesktop.exe"
+ "gupdate1ca2e44e4158849" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\1150\intel 32\idrivert.exe"
+ "Lavasoft Ad-Aware Service" "Ad-Aware Service" "Lavasoft Limited " "c:\program files\lavasoft\ad-aware\aawservice.exe"
+ "LightScribeService" "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work." "Hewlett-Packard Company" "c:\program files\common files\lightscribe\lssrvc.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "McComponentHostService" "McAfee Security Scan Component Host Service" "McAfee, Inc." "c:\program files\mcafee security scan\2.0.181\mcchsvc.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "RSELSVC" "This service is the purpose of changing modem region" "TOSHIBA Corporation" "c:\program files\toshiba\rselect\rselsvc.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files\skype\updater\updater.exe"
+ "TMachInfo" "TOSHIBA Machine Information Service" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba service station\tmachinfo.exe"
+ "TNaviSrv" "TOSHIBA Navi Support Service" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba dvd player\tnavisrv.exe"
+ "TODDSrv" "TDCSrv Application" "TOSHIBA Corporation" "c:\windows\system32\toddsrv.exe"
+ "TosCoSrv" "TOSHIBA Power Saver manages power saving settings supported by TOSHIBA. These settings will not work if the service has stopped." "TOSHIBA Corporation" "c:\program files\toshiba\power saver\toscosrv.exe"
+ "TOSHIBA eco Utility Service" "TOSHIBA eco Utility Service" "TOSHIBA Corporation" "c:\program files\toshiba\teco\tecoservice.exe"
+ "TOSHIBA HDD SSD Alert Service" "TosSmartSrv.exe" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\tossmartsrv.exe"
+ "TPCHSrv" "TOSHIBA PC Health Monitor" "TOSHIBA Corporation" "c:\program files\toshiba\tphm\tpchsrv.exe"
+ "WinDefend" "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions." "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ ".tdx" "" "" "File not found: \*"
+ "AgereSoftModem" "SoftModem Device Driver" "Agere Systems" "c:\windows\system32\drivers\agrsm.sys"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "AtiPcie" "ATI PCIE Driver for ATI PCIE chipset" "ATI Technologies Inc." "c:\windows\system32\drivers\atipcie.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "E1G60" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g60i32.sys"
+ "FwLnk" "TOSHIBA Firmware Linkage 32-bit Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\fwlnk.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhda.sys"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys"
+ "is3srv" "" "" "File not found: system32\drivers\is3srv.sys"
+ "Lavasoft Kernexplorer" "" "" "c:\program files\lavasoft\ad-aware\kernexplorer.sys"
+ "Lbd" "Ad-Aware mini-filter driver" "Lavasoft AB" "c:\windows\system32\drivers\lbd.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "RTL8169" "Realtek 8136/8168/8169 NDIS6 32-bit Driver " "Realtek " "c:\windows\system32\drivers\rtlh86.sys"
+ "RTL8187Se" "Realtek RTL8187S PCIE NDIS Driverr" "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtl8187se.sys"
+ "RtlProt" "Realtke RtlProt WLAN Utility Protocol Driver" "Windows ® Codename Longhorn DDK provider" "c:\windows\system32\drivers\rtlprot.sys"
+ "RTSTOR" "Realtek USB Mass Storage Driver for Vista" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtstor.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "szkg5" "" "" "File not found: system32\DRIVERS\szkg.sys"
+ "szkgfs" "" "" "File not found: system32\drivers\szkgfs.sys"
+ "tap0901" "TAP-Win32 Virtual Network Driver" "The OpenVPN Project" "c:\windows\system32\drivers\tap0901.sys"
+ "taphss" "TAP-Win32 Virtual Network Driver" "AnchorFree Inc" "c:\windows\system32\drivers\taphss.sys"
+ "tdcmdpst" "TOSHIBA ODD Writing Driver for x86." "TOSHIBA Corporation." "c:\windows\system32\drivers\tdcmdpst.sys"
+ "tos_sps32" "tos_sps2" "TOSHIBA Corporation" "c:\windows\system32\drivers\tos_sps32.sys"
+ "TVALZ" "TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalz_o.sys"
+ "TVALZFL" "TOSHIBA TVALZ Filter Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalzfl.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.dvacm" "Ulead DV Audio ACM Driver" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\vio\dvacm.acm"
+ "msacm.l3acm" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecp.acm"
+ "msacm.mpegacm" "Ulead MPEG1 Layer2 Audio ACM Driver" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\mpegacm.acm"
+ "msacm.ulmp3acm" "Ulead MP3 codec engine" "Ulead systems" "c:\program files\common files\ulead systems\mpeg\ulmp3acm.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.tscc" "TechSmith Screen Capture Codec" "TechSmith Corporation" "c:\windows\system32\tsccvid.dll"
+ "vidc.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "AC3Filter" "ac3filter" "" "c:\program files\common files\qvodplayer\codecs\ac3filter.ax"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files\google\google earth\client\wavdest.ax"
+ "Avi Source" "Avi Splitter (www.baofeng.com Modify)" "Gabest" "c:\program files\common files\qvodplayer\codecs\avisplitter.ax"
+ "Avi Splitter" "Avi Splitter (www.baofeng.com Modify)" "Gabest" "c:\program files\common files\qvodplayer\codecs\avisplitter.ax"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CDDA Reader" "CDDA Reader Filter" "Gabest" "c:\program files\common files\qvodplayer\codecs\cddareader.ax"
+ "CDXA Reader" "CDXA Reader Filter" "Gabest" "c:\program files\common files\qvodplayer\codecs\cdxareader.ax"
+ "CoreAVC Video Decoder" "CoreAVC DirectShow Video Decoder" "CoreCodec, Inc." "c:\program files\common files\qvodplayer\codecs\coreavc.ax"
+ "CSF Render Filter (MPC)" "CSF DirectShow Renderer Filter" "Collegesoft Co., Ltd." "c:\program files\common files\qvodplayer\codecs\mpc_mxrender.dll"
+ "CSF Source Filter (MPC)" "CSF Codec Source Filter" "Collegesoft Co., Ltd." "c:\program files\common files\qvodplayer\codecs\mpc_mxsource.dll"
+ "CyberLink Video/SP Decoder (PDVD8)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\common files\qvodplayer\codecs\clvsd.ax"
+ "Dib Output" "" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\filters\diboutput.ax"
+ "Dib Receive" "" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\filters\dibreceive.ax"
+ "DivX Decoder Filter" "DivX® Decoder Filter" "DivX, Inc." "c:\program files\common files\qvodplayer\codecs\divxdec.ax"
+ "DV ACM V/A Source Filter" "" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\filters\dvsf.ax"
+ "DV V/A Source Filter" "" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\filters\dvsf.ax"
+ "DV Video Source Filter" "" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\filters\dvsf.ax"
+ "Dxshow Oms Source" "mxshsour" "Collegesoft Co., Ltd." "c:\program files\common files\qvodplayer\codecs\mpc_mxshsour.dll"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\common files\qvodplayer\codecs\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\common files\qvodplayer\codecs\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\common files\qvodplayer\codecs\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\common files\qvodplayer\codecs\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\common files\qvodplayer\codecs\ffdshow.ax"
+ "File Source (Monkey Audio)" "" "" "c:\program files\common files\qvodplayer\codecs\masource.ax"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files\common files\qvodplayer\codecs\haalisplitter.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files\common files\qvodplayer\codecs\haalisplitter.ax"
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files\common files\qvodplayer\codecs\haalisplitter.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files\common files\qvodplayer\codecs\haalisplitter.ax"
+ "Haali Video Renderer" "" "" "c:\program files\common files\qvodplayer\codecs\dxr.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files\common files\qvodplayer\codecs\haalisplitter.ax"
+ "madFlac Decoder" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files\common files\qvodplayer\codecs\madflac.ax"
+ "madFlac Source" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files\common files\qvodplayer\codecs\madflac.ax"
+ "MONOGRAM AMR Decoder" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files\common files\qvodplayer\codecs\mmamrdmx.ax"
+ "MONOGRAM AMR Encoder" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files\common files\qvodplayer\codecs\mmamrdmx.ax"
+ "MONOGRAM AMR Mux" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files\common files\qvodplayer\codecs\mmamrdmx.ax"
+ "MONOGRAM AMR Splitter" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files\common files\qvodplayer\codecs\mmamrdmx.ax"
+ "MP4 Source" "MP4 Splitter" "Gabest" "c:\program files\common files\qvodplayer\codecs\mp4splitter.ax"
+ "MP4 Splitter" "MP4 Splitter" "Gabest" "c:\program files\common files\qvodplayer\codecs\mp4splitter.ax"
+ "Mpa Source" "Mpa Splitter" "Gabest" "c:\program files\common files\qvodplayer\codecs\mpasplitter.ax"
+ "Mpa Splitter" "Mpa Splitter" "Gabest" "c:\program files\common files\qvodplayer\codecs\mpasplitter.ax"
+ "MPC - DSM Source" "DSM Splitter" "Gabest" "c:\program files\common files\qvodplayer\codecs\dsmsplitter.ax"
+ "MPC - DSM Splitter" "DSM Splitter" "Gabest" "c:\program files\common files\qvodplayer\codecs\dsmsplitter.ax"
+ "MPC - FLV Source (Gabest)" "FLV Splitter" "Gabest" "c:\program files\common files\qvodplayer\codecs\flvsplitter.ax"
+ "MPC - FLV Splitter (Gabest)" "FLV Splitter" "Gabest" "c:\program files\common files\qvodplayer\codecs\flvsplitter.ax"
+ "MPC - Mpeg Source (Gabest)" "Mpeg Splitter" "Gabest" "c:\program files\common files\qvodplayer\codecs\mpegsplitter.ax"
+ "MPC - Mpeg Splitter (Gabest)" "Mpeg Splitter" "Gabest" "c:\program files\common files\qvodplayer\codecs\mpegsplitter.ax"
+ "MPC - Ogg Source" "Ogg Splitter" "Gabest" "c:\program files\common files\qvodplayer\codecs\oggsplitter.ax"
+ "MPC - Ogg Splitter" "Ogg Splitter" "Gabest" "c:\program files\common files\qvodplayer\codecs\oggsplitter.ax"
+ "MPEG4 Video Source" "MP4 Splitter" "Gabest" "c:\program files\common files\qvodplayer\codecs\mp4splitter.ax"
+ "MPEG4 Video Splitter" "MP4 Splitter" "Gabest" "c:\program files\common files\qvodplayer\codecs\mp4splitter.ax"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Nero Digital Parser" "NeroDigital / mp4 / avi / mov parser" "Nero AG" "c:\program files\common files\qvodplayer\codecs\ndparser.ax"
+ "Nero ES Video Reader" "NeroDigital / mp4 / avi / mov parser" "Nero AG" "c:\program files\common files\qvodplayer\codecs\ndparser.ax"
+ "Pmp Source" "Pmp Splitter" "cooleyes" "c:\program files\common files\qvodplayer\codecs\pmpsplt.ax"
+ "Pmp Splitter" "Pmp Splitter" "cooleyes" "c:\program files\common files\qvodplayer\codecs\pmpsplt.ax"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "RadGt Source" "RadGt Splitter" "Gabest" "c:\program files\common files\qvodplayer\codecs\radgtsplitter.ax"
+ "RadGt Splitter" "RadGt Splitter" "Gabest" "c:\program files\common files\qvodplayer\codecs\radgtsplitter.ax"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "T" "VP7 Decompression Filter" "On2.com Inc." "c:\program files\common files\qvodplayer\codecs\vp7dec.ax"
+ "TOSHIBA Audio Back Switcher" "" "" "c:\program files\toshiba\toshiba dvd player\tosaudiobackswitcher.ax"
+ "TOSHIBA Audio Decoder DVD" "TOSHIBA Audio Decoder DVD" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba dvd player\tosauddecl.ax"
+ "TOSHIBA Audio Front Switcher" "" "" "c:\program files\toshiba\toshiba dvd player\tosaudiofrontswitcher.ax"
+ "TOSHIBA Audio Rate Converter" "TOSHIBA Audio Rate Converter" "TOSHIBA Corporation" "c:\program files\common files\toshiba shared\tosarc.ax"
+ "TOSHIBA DualMono" "TOSHIBA DualMono" "TOSHIBA Corporation" "c:\program files\common files\toshiba shared\tosdualmono.ax"
+ "TOSHIBA DVD Navigator" "TOSHIBA DVD Navigator" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba dvd player\tdvdnavi.ax"
+ "TOSHIBA DVD VR Navigator" "TOSHIBA DVD Player" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba dvd player\tvrnavi.ax"
+ "TOSHIBA MPEG-2 Video Decoder (DVD)" "TOSHIBA DVD Video Decoder Filter" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba dvd player\tosmp2dvd.ax"
+ "TOSHIBA Progress Monitor" "TOSHIBA Progress Monitor" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba disc creator\tprogmon.ax"
+ "TOSHIBA WAV Converter" "TOSHIBA Wav Converter" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba disc creator\twavconv.ax"
+ "Ulead AMR Audio Decoder" "MP4 AMR Audio Decoder Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uladamr.ax"
+ "Ulead Audio Dual Channel Filter" "Ulead Audio Dual Channel Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uaudiodcfilter.ax"
+ "Ulead DV Scene Detect" "ulDvScDt" "Ulead system Inc." "c:\program files\common files\ulead systems\capture\uldvscdt.ax"
+ "Ulead DV SubTitle Filter" "DV SubTitle Filter" "Microsoft Corporation" "c:\program files\common files\ulead systems\mpeg\dvtranssubtitle.ax"
+ "Ulead DV Writer" "ulDVWriter" "Corel" "c:\program files\common files\ulead systems\capture\uldvrite.ax"
+ "Ulead DVB Parser" "Ulead DVB Parser Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uldvbparser.ax"
+ "Ulead DVD Audio Decoder 2" "Audio Decoder" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uldvdaudio.ax"
+ "Ulead DVD Navigator" "DVD Navigator filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\dvd\uleaddvdnavigator.ax"
+ "Ulead DVD Parser" "ulDVDParser" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uldvdparser.ax"
+ "Ulead DVD Video decoder 2" "DVD Video Decoder with DxVA Support" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uldvdvideo.ax"
+ "ULead File Source (Async.)" "Ulead Async Filter" "Ulead Systems" "c:\program files\common files\ulead systems\mpeg\ulasync.ax"
+ "ULead File Writer" "File Dump Filter" "ULead Systems" "c:\program files\common files\ulead systems\mpeg\uldump.ax"
+ "Ulead H264 Decoder" "uldsh264" "uleadivi" "c:\program files\common files\ulead systems\mpeg\uldsh264.ax"
+ "ULead Infinite Pin Tee" "Ulead Infinite Tee Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uinftee.ax"
+ "Ulead MPEG Audio Decoder" "Audio Decoder" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uldvdaudio.ax"
+ "Ulead MPEG Encoder" "MPEG Encoder and Muxer" "ULead Systems" "c:\program files\common files\ulead systems\mpeg\ulesmpeg.ax"
+ "Ulead MPEG Muxer" "MPEG Muxer" "ULead Systems" "c:\program files\common files\ulead systems\mpeg\ulmxmpeg.ax"
+ "Ulead MPEG Splitter" "ULead Mpeg I/II Splitter" "ULead Systems" "c:\program files\common files\ulead systems\mpeg\ulspmpeg.ax"
+ "Ulead MPEG Transcoder" "ulMPGTrans" "Ulead com" "c:\program files\common files\ulead systems\mpeg\ulmpgtrans.ax"
+ "Ulead MPEG Video Decoder" "MPEG Video and Audio Decoder" "ULead Systems" "c:\program files\common files\ulead systems\mpeg\uldsmpeg.ax"
+ "Ulead MPEG-4 ASP Video Decoder" "MP4 ASP Video Decoder Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\ulaspvdmp4.ax"
+ "Ulead MPEG-4 Encoder" "MP4 Encoder Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\ulmp4enc.ax"
+ "Ulead MPEG-4 Splitter" "MP4 Splitter Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\ulspmp4.ax"
+ "Ulead MPEG-4 Video Decoder" "MP4 Video Decoder Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\ulvdmp4.ax"
+ "Ulead Ogg Parser" "ulOggParserFilter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uloggparserfilter.ax"
+ "Ulead OggVorbis Decoder" "ulOggVorbisDecoderFilter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uloggvorbisdecoderfilter.ax"
+ "Ulead OggVorbis Encoder" "ulOggVorbisEncoderFilter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uloggvorbisencoderfilter.ax"
+ "Ulead Push Source Filter" "Ulead Push Source Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\ulpushsource.ax"
+ "Ulead Sub-Picture Push Source Filter" "Ulead Sub-Picture Push Source Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\ulsubpicpushsource.ax"
+ "Ulead Video Deinterlace Filter" "" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\filters\deinterlace.ax"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Xvid MPEG-4 Video Decoder" "" "" "c:\windows\system32\xvid.ax"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "lsdelete" "" "" "c:\windows\system32\lsdelete.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" "Google Desktop" "Google" "c:\program files\google\google desktop search\googledesktopnetwork3.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "!SASWinLogon" "SUPERAntiSpyware WinLogon Processor" "SUPERAntiSpyware.com" "c:\program files\superantispyware\saswinlo.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "BJ Language Monitor3_2" "Canon Inkjet Printer Driver" "CANON INC." "c:\windows\system32\cnblm3_2.dll"
+ "Canon BJ Language Monitor iP1700" "IJ Language Monitor" "CANON INC." "c:\windows\system32\cnmlm7w.dll"

Edited by amiri baraka, 08 January 2013 - 06:48 PM.


#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:46 PM

Posted 09 January 2013 - 08:12 AM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users