Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

zeroaccess!inf4 virus Help me Please!!!!


  • Please log in to reply
7 replies to this topic

#1 DreamerX

DreamerX

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 11 March 2013 - 04:39 PM

I accidentally downloaded a file that contained the virus. Norton caught the virus, but is only able to suppress it. I have a flashdrive, and I have not taken any steps to try and remove it. Any help would be welcomed. Also my operating system is windows 7 64 bit.

 

DreamerX

 



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:52 PM

Posted 11 March 2013 - 04:44 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg

  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    aswMBR1.png
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    aswMBR2.png
  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

    esetsmartinstaller_enu.png

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results

 



#3 DreamerX

DreamerX
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 11 March 2013 - 07:17 PM

Thank you for your assistance! For the TDSSKiller log, im not sure what to post. There were no threats detected by the program. Do I need to find it using the C:/ command?

 

The aswMBR log is as follows. aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-11 17:38:37
-----------------------------
17:38:37.026    OS Version: Windows x64 6.1.7601 Service Pack 1
17:38:37.026    Number of processors: 8 586 0x3A09
17:38:37.027    ComputerName: THUNDERXL-PC  UserName: ThunderXL
17:38:38.295    Initialize success
17:39:51.520    AVAST engine defs: 13031102
17:40:54.590    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:40:54.593    Disk 0 Vendor: Hitachi_ JF3O Size: 476940MB BusType: 8
17:40:54.606    Disk 0 MBR read successfully
17:40:54.610    Disk 0 MBR scan
17:40:54.616    Disk 0 Windows VISTA default MBR code
17:40:54.621    Disk 0 Partition 1 00     DE Dell Utility DELL 4.1       39 MB offset 63
17:40:54.635    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        19182 MB offset 81920
17:40:54.651    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       457717 MB offset 39366656
17:40:54.674    Disk 0 scanning C:\Windows\system32\drivers
17:41:03.006    Service scanning
17:41:28.239    Modules scanning
17:41:28.250    Disk 0 trace - called modules:
17:41:28.266    ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
17:41:28.274    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006c6a790]
17:41:28.281    3 CLASSPNP.SYS[fffff88001e7143f] -> nt!IofCallDriver -> [0xfffffa8006b74cb0]
17:41:28.287    5 stdcfltn.sys[fffff88001a74d12] -> nt!IofCallDriver -> [0xfffffa80066e7b10]
17:41:28.293    7 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80066ed050]
17:41:29.536    AVAST engine scan C:\Windows
17:41:31.659    AVAST engine scan C:\Windows\system32
17:43:58.381    AVAST engine scan C:\Windows\system32\drivers
17:44:10.791    AVAST engine scan C:\Users\ThunderXL
17:45:54.045    AVAST engine scan C:\ProgramData
17:49:16.307    Scan finished successfully
17:56:26.554    Disk 0 MBR has been saved successfully to "C:\Users\ThunderXL\Desktop\MBR.dat"
17:56:26.557    The log file has been saved successfully to "C:\Users\ThunderXL\Desktop\aswMBR.txt"

The ESET Log is as follows: C:\Program Files (x86)\AlienRespawn\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
C:\Users\ThunderXL\Downloads\jzip-setup.exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
 



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:52 PM

Posted 11 March 2013 - 07:43 PM

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply

===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply

===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:

  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log
 

Edited by narenxp, 11 March 2013 - 07:44 PM.


#5 DreamerX

DreamerX
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 11 March 2013 - 07:52 PM

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.11.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ThunderXL :: THUNDERXL-PC [administrator]

3/11/2013 7:48:28 PM
mbam-log-2013-03-11 (19-48-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237481
Time elapsed: 2 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://searchab.com/?aff=7&uid=fe71af10-8a7c-11e2-875d-685d432354d7) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#6 DreamerX

DreamerX
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 11 March 2013 - 09:50 PM

MiniTool Box Log:

MiniToolBox by Farbar  Version:05-03-2013
Ran by ThunderXL (administrator) on 11-03-2013 at 21:44:37
Running from "C:\Users\ThunderXL\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Disconnected)
Intel® Centrino® Wireless-N 2230 = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global

popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : ThunderXL-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 68-5D-43-23-54-D4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 68-5D-43-23-54-D4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 2230
   Physical Address. . . . . . . . . : 68-5D-43-23-54-D3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::ac34:cb1a:5557:53bd%15(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.110(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, March 11, 2013 4:51:47 PM
   Lease Expires . . . . . . . . . . : Tuesday, March 12, 2013 4:51:47 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 375938371
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-49-CC-89-D4-BE-D9-28-EF-BD
   DNS Servers . . . . . . . . . . . : 24.177.176.38
                                       71.92.29.130
                                       24.217.201.67
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 68-5D-43-23-54-D7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : D4-BE-D9-28-EF-BD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F835E4EA-22C8-4493-8291-27018E91ED88}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{4EF1B5D6-8E93-4D58-8DAD-631E42DBDB13}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{2861797D-6C33-418B-AEA7-BA640C62C47D}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{9EC786EC-5AC4-407D-BEBB-04CEC567A211}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{958CF345-90A0-4EA3-BC60-947B209A17AB}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  24.177.176.38

Name:    google.com
Addresses:  2607:f8b0:4002:801::1002
      74.125.140.101
      74.125.140.102
      74.125.140.100
      74.125.140.138
      74.125.140.113
      74.125.140.139


Pinging google.com [173.194.37.71] with 32 bytes of data:
Reply from 173.194.37.71: bytes=32 time=23ms TTL=52
Reply from 173.194.37.71: bytes=32 time=21ms TTL=51

Ping statistics for 173.194.37.71:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 21ms, Maximum = 23ms, Average = 22ms
Server:  vip01ledsal.leds.al.charter.com
Address:  24.177.176.38

Name:    yahoo.com
Addresses:  206.190.36.45
      98.139.183.24
      98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=296ms TTL=43
Reply from 98.139.183.24: bytes=32 time=237ms TTL=44

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 237ms, Maximum = 296ms, Average = 266ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 17...68 5d 43 23 54 d4 ......Microsoft Virtual WiFi Miniport Adapter #2
 16...68 5d 43 23 54 d4 ......Microsoft Virtual WiFi Miniport Adapter
 15...68 5d 43 23 54 d3 ......Intel® Centrino® Wireless-N 2230
 13...68 5d 43 23 54 d7 ......Bluetooth Device (Personal Area Network)
 11...d4 be d9 28 ef bd ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.110     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.110    281
    192.168.1.110  255.255.255.255         On-link     192.168.1.110    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.110    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.110    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.110    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 15    281 fe80::/64                On-link
 15    281 fe80::ac34:cb1a:5557:53bd/128
                                    On-link
  1    306 ff00::/8                 On-link
 15    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog9 11 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/11/2013 05:58:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/11/2013 05:58:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/11/2013 04:51:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2013 00:29:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14583519

Error: (03/11/2013 00:29:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14583519

Error: (03/11/2013 00:29:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/11/2013 00:29:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14582505

Error: (03/11/2013 00:29:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14582505

Error: (03/11/2013 00:29:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/11/2013 00:29:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14581507


System errors:
=============
Error: (03/11/2013 04:53:57 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (03/11/2013 04:53:57 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/11/2013 04:51:38 PM) (Source: nvlddmkm) (User: )
Description: CMDre 00000000 0000008c 00000000 00000005 0000102b

Error: (03/11/2013 04:51:38 PM) (Source: nvlddmkm) (User: )
Description: CMDre 00000000 00000088 ff1fe121 00000007 00000000

Error: (03/11/2013 04:50:40 PM) (Source: Service Control Manager) (User: )
Description: The UPnP Device Host service failed to start due to the following error:
%%1053

Error: (03/11/2013 04:50:40 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.

Error: (03/11/2013 04:50:40 PM) (Source: DCOM) (User: )
Description: 1053upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (03/11/2013 01:56:03 PM) (Source: Service Control Manager) (User: )
Description: The UPnP Device Host service failed to start due to the following error:
%%1053

Error: (03/11/2013 01:56:03 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.

Error: (03/11/2013 01:56:03 PM) (Source: DCOM) (User: )
Description: 1053upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}


Microsoft Office Sessions:
=========================
Error: (03/11/2013 05:58:27 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\ThunderXL\Downloads\esetsmartinstaller_enu.exe

Error: (03/11/2013 05:58:14 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\ThunderXL\Downloads\esetsmartinstaller_enu.exe

Error: (03/11/2013 04:51:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2013 00:29:37 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14583519

Error: (03/11/2013 00:29:37 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14583519

Error: (03/11/2013 00:29:37 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/11/2013 00:29:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14582505

Error: (03/11/2013 00:29:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14582505

Error: (03/11/2013 00:29:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/11/2013 00:29:35 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14581507


CodeIntegrity Errors:
===================================
  Date: 2012-09-23 13:29:08.270
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-23 13:29:08.270
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.6.602.171)
Adobe Flash Player 11 Plugin (Version: 11.6.602.171)
Adobe Reader X (10.1.3) MUI (Version: 10.1.3)
Advanced Audio FX Engine (Version: 1.12.05)
AlienAutopsy (Version: 3.2.6032.125)
AlienRespawn - Support Software (Version: 9.4.67)
AlienRespawn (Version: 9.4.67)
Alienware Command Center (Version: 2.7.28.0)
Alienware On-Screen Display (Version: 0.32.1.1)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
BitTorrent (Version: 7.7.0)
Bonjour (Version: 3.0.0.10)
BovadaPoker (Version:  )
Company of Heroes: Tales of Valor
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EMSC (Version: 0.0.0.22C)
ESET Online Scanner v3
Google Update Helper (Version: 1.3.21.135)
Integrated Webcam Live! Central (Version: 2.00.44)
Intel PROSet Wireless
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 8.0.1.1399)
Intel® Processor Graphics (Version: 8.15.10.2653)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.1.0.0096)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.1.0.0140)
Intel® Rapid Storage Technology (Version: 11.0.0.1032)
Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.3.214)
Intel® WiDi (Version: 3.0.12.0)
Intel® Wireless Display
Intel® PROSet/Wireless WiFi Software (Version: 15.01.0000.0830)
Intel® Trusted Connect Service Client (Version: 1.23.219.2)
iTunes (Version: 10.7.0.21)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
jZip
Lock Poker (Version: 2.0.1.5145)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
MEGA5
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)
Mozilla Maintenance Service (Version: 19.0.2)
Norton 360 (Version: 20.3.0.36)
NVIDIA 3D Vision Driver 296.16 (Version: 296.16)
NVIDIA Control Panel 296.16 (Version: 296.16)
NVIDIA Graphics Driver 296.16 (Version: 296.16)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA Optimus 1.7.12 (Version: 1.7.12)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.9616)
NVIDIA Update 1.7.12 (Version: 1.7.12)
NVIDIA Update Components (Version: 1.7.12)
PrivitizeVPN (Version: 1.0.0)
QualxServ Service Agreement (Version: 2.0.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.5)
RealUpgrade 1.1 (Version: 1.1.0)
Sound Blaster Recon3Di (Version: 1.00.08)
Sound Blaster Recon3Di Extras (Version: 1.0)
ST Microelectronics 3 Axis Digital Accelerometer Solution (Version: 4.12.0018)
StarCraft II (Version: 1.5.3.23260)
Steam (Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 16.0.4.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
VLC media player 2.0.1 (Version: 2.0.1)
VMware View Client (Version: 5.1.1.799444)
World of Warcraft (Version: 5.0.5.16135)
Yahoo! Messenger

========================= Devices: ================================

Name: NVIDIA GeForce GT 650M
Description: NVIDIA GeForce GT 650M
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvlddmkm
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 6026.31 MB
Available physical RAM: 3253.54 MB
Total Pagefile: 12050.8 MB
Available Pagefile: 8026.96 MB
Total Virtual: 4095.88 MB
Available Virtual: 3955.16 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:446.99 GB) (Free:352.91 GB) NTFS

========================= Users: ========================================

User accounts for \\THUNDERXL-PC

Administrator            Guest                    ThunderXL                
UpdatusUser              


**** End of log ****

 

Farbar's Service Scanner

Farbar Service Scanner Version: 03-03-2013
Ran by ThunderXL (administrator) on 11-03-2013 at 21:47:22
Running from "C:\Users\ThunderXL\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to retrieve ServiceDll of iphlpsvc. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



#7 DreamerX

DreamerX
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 11 March 2013 - 10:07 PM

AdwCleaner

# AdwCleaner v2.114 - Logfile created 03/11/2013 at 21:49:42
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ThunderXL - THUNDERXL-PC
# Boot Mode : Normal
# Running from : C:\Users\ThunderXL\Downloads\AdwCleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\ThunderXL\AppData\Roaming\Mozilla\Firefox\Profiles\9fhloqhj.default\searchplugins\Searchab.xml

***** [Registry] *****

Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchab.com/?aff=7&uid=fe71af10-8a7c-11e2-875d-685d432354d7 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\ThunderXL\AppData\Roaming\Mozilla\Firefox\Profiles\9fhloqhj.default\prefs.js

C:\Users\ThunderXL\AppData\Roaming\Mozilla\Firefox\Profiles\9fhloqhj.default\user.js ... Deleted !

Deleted : user_pref("browser.startup.homepage", "hxxp://searchab.com/?aff=7&uid=fe71af10-8a7c-11e2-875d-685d43[...]
Deleted : user_pref("keyword.URL", "hxxp://searchab.com/?aff=7&uid=fe71af10-8a7c-11e2-875d-685d432354d7&q=");

*************************

AdwCleaner[R1].txt - [5066 octets] - [25/09/2012 16:05:06]
AdwCleaner[S1].txt - [5557 octets] - [26/09/2012 01:55:52]
AdwCleaner[S2].txt - [1782 octets] - [11/03/2013 21:49:42]

########## EOF - C:\AdwCleaner[S2].txt - [1842 octets] ##########


RKill

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/11/2013 09:58:52 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

 * iphlpsvc [Missing ImagePath]

 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 

AutoRun

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms"    ""    ""    ""
+ "rdpclip"    ""    ""    "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "BLEServicesCtrl"    "Bluetooth LE Services Control Program"    "Intel Corporation"    "c:\program files (x86)\intel\bluetooth\bleservicesctrl.exe"
+ "BTMTrayAgent"    "Bluetooth Shell Extension"    "Intel Corporation"    "c:\program files (x86)\intel\bluetooth\btmshell.dll"
+ "Command Center Controllers"    "RequiredApplicationsLauncher"    "Alienware"    "c:\program files\alienware\command center\awccstartuporchestrator.exe"
+ "HotKeysCmds"    "hkcmd Module"    "Intel Corporation"    "c:\windows\system32\hkcmd.exe"
+ "IgfxTray"    "igfxTray Module"    "Intel Corporation"    "c:\windows\system32\igfxtray.exe"
+ "IntelPROSet"    "Intel® PROSet/Wireless Framework"    "Intel® Corporation"    "c:\program files\common files\intel\wirelesscommon\ifrmewrk.exe"
+ "Persistence"    "persistence Module"    "Intel Corporation"    "c:\windows\system32\igfxpers.exe"
+ "SynTPEnh"    "Synaptics TouchPad Enhancements"    "Synaptics Incorporated"    "c:\program files\synaptics\syntp\syntpenh.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "Adobe ARM"    "Adobe Reader and Acrobat Manager"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher"    "Adobe Acrobat SpeedLauncher"    "Adobe Systems Incorporated"    "c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe"
+ "AlienwareOn-ScreenDisplay"    "Alienware On-Screen Display"    ""    "c:\program files (x86)\alienware on-screen display\alienwareon-screendisplay.exe"
+ "APSDaemon"    "Apple Push"    "Apple Inc."    "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "IAStorIcon"    "IAStorIcon"    "Intel Corporation"    "c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe"
+ "Integrated Webcam Live! Central"    "Webcam Central"    "Creative Technology Ltd"    "c:\program files (x86)\integrated webcam\live! central\webcamint.exe"
+ "iTunesHelper"    "iTunesHelper"    "Apple Inc."    "c:\program files (x86)\itunes\ituneshelper.exe"
+ "PrivitizeVPN"    "PrivitizeVPN Client"    "OOO Industry"    "c:\program files (x86)\privitizevpn\privitizevpn.exe"
+ "Sound Blaster Recon3Di Control Panel"    "Sound Blaster Control Panel"    "Creative Technology Ltd"    "c:\program files (x86)\creative\sound blaster recon3di\sound blaster recon3di control panel\sbrcni.exe"
+ "SunJavaUpdateSched"    "Java™ Update Scheduler"    "Sun Microsystems, Inc."    "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "TkBellExe"    "RealNetworks Scheduler"    "RealNetworks, Inc."    "c:\program files (x86)\real\realplayer\update\realsched.exe"
+ "UpdReg"    "Creative UpdReg"    "Creative Technology Ltd."    "c:\windows\updreg.exe"
+ "USB3MON"    "Intel® USB 3.0 Monitor"    "Intel Corporation"    "c:\program files (x86)\intel\intel® usb 3.0 extensible host controller driver\application\iusb3mon.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"    ""    ""    ""
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components"    ""    ""    ""
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "BitTorrent"    "BitTorrent"    "BitTorrent, Inc."    "c:\program files (x86)\bittorrent\bittorrent.exe"
+ "CPN Notifier"    ""    ""    "File not found: C:\Program Files (x86)\Lock Poker\PokerNotifier.exe"
+ "Messenger (Yahoo!)"    "Yahoo! Messenger"    "Yahoo! Inc."    "c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter"    ""    ""    ""
+ "text/xml"    "Microsoft Office XML MIME Filter"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "BUContextMenu"    "Backup Shell"    "Symantec Corporation"    "c:\program files (x86)\norton 360\engine64\20.3.0.36\bushell.dll"
+ "jZip"    ""    ""    "File not found: C:\Program Files (x86)\jZip\jZipShell64x.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu"    "Symantec Shared Component Shell Extension Module"    "Symantec Corporation"    "c:\program files (x86)\norton 360\engine64\20.3.0.36\navshext.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "jZip"    "jZip shell extension"    "Discordia Limited"    "c:\program files (x86)\jzip\jzipshell.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers"    ""    ""    ""
+ "BuPropertySheet"    "Backup Shell"    "Symantec Corporation"    "c:\program files (x86)\norton 360\engine64\20.3.0.36\bushell.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui"    "igfxpph Module"    "Intel Corporation"    "c:\windows\system32\igfxpph.dll"
+ "NvCplDesktopContext"    ""    "NVIDIA Corporation"    "c:\windows\system32\nvshext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers"    ""    ""    ""
+ "PDF Shell Extension"    "PDF Shell Extension"    "Adobe Systems, Inc."    "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "BUContextMenu"    "Backup Shell"    "Symantec Corporation"    "c:\program files (x86)\norton 360\engine64\20.3.0.36\bushell.dll"
+ "jZip"    ""    ""    "File not found: C:\Program Files (x86)\jZip\jZipShell64x.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu"    "Symantec Shared Component Shell Extension Module"    "Symantec Corporation"    "c:\program files (x86)\norton 360\engine64\20.3.0.36\navshext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "jZip"    "jZip shell extension"    "Discordia Limited"    "c:\program files (x86)\jzip\jzipshell.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"    ""    ""    ""
+ "OverlayExcluded"    "Backup Shell"    "Symantec Corporation"    "c:\program files (x86)\norton 360\engine64\20.3.0.36\bushell.dll"
+ "OverlayPending"    "Backup Shell"    "Symantec Corporation"    "c:\program files (x86)\norton 360\engine64\20.3.0.36\bushell.dll"
+ "OverlayProtected"    "Backup Shell"    "Symantec Corporation"    "c:\program files (x86)\norton 360\engine64\20.3.0.36\bushell.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""
+ "Office Document Cache Handler"    "Microsoft Office Document Cache Handler"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\urlredir.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""
+ "Adobe PDF Link Helper"    "Adobe PDF Helper for Internet Explorer"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files (x86)\oracle\javafx 2.1 runtime\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files (x86)\oracle\javafx 2.1 runtime\bin\ssv.dll"
+ "jZip Webmail plugin"    "jZip Webmail plugin"    "Discordia Limited"    "c:\program files (x86)\jzip\webmailplugin.dll"
+ "Norton Identity Protection"    "coIEPlugIn"    "Symantec Corporation"    "c:\program files (x86)\norton 360\engine\20.3.0.36\coieplg.dll"
+ "Norton Vulnerability Protection"    "IPS Browser Helper DLL"    "Symantec Corporation"    "c:\program files (x86)\norton 360\engine\20.3.0.36\ips\ipsbho.dll"
+ "Office Document Cache Handler"    "Microsoft Office Document Cache Handler"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office14\urlredir.dll"
+ "RealPlayer Download and Record Plugin for Internet Explorer"    "RealPlayer Download and Record Plugin"    "RealPlayer"    "c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar"    ""    ""    ""
+ "Norton Toolbar"    "coIEPlugIn"    "Symantec Corporation"    "c:\program files (x86)\norton 360\engine\20.3.0.36\coieplg.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions"    ""    ""    ""
+ "OneNote Lin&ked Notes"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\onbttnie.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions"    ""    ""    ""
+ "OneNote Lin&ked Notes"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office14\onbttnie.dll"
"Task Scheduler"    ""    ""    ""
+ "\Apple\AppleSoftwareUpdate"    "Apple Software Update"    "Apple Inc."    "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo"    ""    ""    "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary"    "Windows Media Player Network Sharing Service Configuration Application"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnscfg.exe"
+ "\Norton 360\Norton Error Analyzer"    "Symantec Error Reporting"    "Symantec Corporation"    "c:\program files (x86)\norton 360\engine\20.3.0.36\symerr.exe"
+ "\PCDEventLauncher"    "PC-Doctor Module"    "PC-Doctor, Inc."    "c:\program files\alienautopsy\sessionchecker.exe"
+ "\PCDoctorBackgroundMonitorTask"    "PC-Doctor Module"    "PC-Doctor, Inc."    "c:\program files\alienautopsy\uaclauncher.exe"
+ "\RealUpgradeLogonTaskS-1-5-21-982116694-4109109011-2706957500-1001"    "RealUpgrade Launcher"    "RealNetworks, Inc."    "c:\program files (x86)\real\realupgrade\realupgrade.exe"
+ "\RealUpgradeScheduledTaskS-1-5-21-982116694-4109109011-2706957500-1001"    "RealUpgrade Launcher"    "RealNetworks, Inc."    "c:\program files (x86)\real\realupgrade\realupgrade.exe"
+ "\RunAsStdUser Task"    ""    ""    "File not found: C:\Users\ThunderXL\AppData\Local\shamrockspringSA\bin\1.0.18.0\ShamrockSpringSA.exe"
+ "\SidebarExecute"    "Windows Desktop Gadgets"    "Microsoft Corporation"    "c:\program files\windows sidebar\sidebar.exe"
+ "\SystemToolsDailyTest"    ""    ""    "File not found: uaclauncher.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "AdobeARMservice"    "Adobe Acrobat Updater keeps your Adobe software up to date."    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc"    "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes."    "Adobe Systems Incorporated"    "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AlienFusionService"    "Allows to control Alienware custom power settings"    "Alienware"    "c:\program files\alienware\command center\alienfusionservice.exe"
+ "AMPPALR3"    "Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter"    "Intel Corporation"    "c:\program files\intel\bluetoothhs\bthsamppalservice.exe"
+ "Apple Mobile Device"    "Provides the interface to Apple mobile devices."    "Apple Inc."    "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bluetooth Device Monitor"    "A process to monitor Bluetooth radio state and configure Bluetooth remote folders."    "Intel Corporation"    "c:\program files (x86)\intel\bluetooth\devmonsrv.exe"
+ "Bluetooth Media Service"    "Provides Bluetooth Media Profiles support"    "Intel Corporation"    "c:\program files (x86)\intel\bluetooth\mediasrv.exe"
+ "Bluetooth OBEX Service"    "Provides Bluetooth File Transfer Protocol support."    "Intel Corporation"    "c:\program files (x86)\intel\bluetooth\obexsrv.exe"
+ "Bonjour Service"    "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence."    "Apple Inc."    "c:\program files\bonjour\mdnsresponder.exe"
+ "BTHSSecurityMgr"    "Manages the 802.1x security between two Bluetooth® High Speed connections."    "Intel® Corporation"    "c:\program files\intel\bluetoothhs\bthssecuritymgr.exe"
+ "cphs"    "Intel® Content Protection HECI Service - enables communication with the Content Protection FW"    "Intel Corporation"    "c:\windows\syswow64\intelcphecisvc.exe"
+ "Creative ALchemy AL6 Licensing Service"    "Provides licensing services for Creative ALchemy."    "Creative Labs"    "c:\program files (x86)\common files\creative labs shared\service\al6licensing.exe"
+ "Creative Audio Engine Licensing Service"    "Provides licensing services for Creative Audio Engine."    "Creative Labs"    "c:\program files (x86)\common files\creative labs shared\service\ctaelicensing.exe"
+ "CTAudSvcService"    "Creative Audio Service"    "Creative Technology Ltd"    "c:\program files (x86)\creative\shared files\ctaudsvc.exe"
+ "CtHdaSvc"    "Creative High Definition Audio Service"    "Creative Technology Ltd"    "c:\windows\syswow64\cthdasvc.exe"
+ "EvtEng"    "Manages the event trace messages for all the Intel® PROSet/Wireless Software components."    "Intel® Corporation"    "c:\program files\intel\wifi\bin\evteng.exe"
+ "gupdate"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    "Google Inc."    "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    "Google Inc."    "c:\program files (x86)\google\update\googleupdate.exe"
+ "IAStorDataMgrSvc"    "Provides storage event notification and manages communication between the storage driver and user space applications."    "Intel Corporation"    "c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe"
+ "IDriverT"    "Provides support for the Running Object Table for InstallShield Drivers"    "Macrovision Corporation"    "c:\program files (x86)\common files\installshield\driver\1050\intel 32\idrivert.exe"
+ "Intel® Capability Licensing Service Interface"    "Version: 1.23.219.2"    "Intel® Corporation"    "c:\program files\intel\icls client\heciserver.exe"
+ "iPod Service"    "iPod hardware management services"    "Apple Inc."    "c:\program files\ipod\bin\ipodservice.exe"
+ "jhi_service"    "Intel® Dynamic Application Loader Host Interface Service - Allows applications to access the local Intel ® DAL"    "Intel Corporation"    "c:\program files (x86)\intel\intel® management engine components\dal\jhi_service.exe"
+ "LMS"    "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces."    "Intel Corporation"    "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "MozillaMaintenance"    "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled."    "Mozilla Foundation"    "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "MyWiFiDHCPDNS"    "Wireless PAN DHCP and DNS Server"    ""    "c:\program files\intel\wifi\bin\pandhcpdns.exe"
+ "N360"    "Norton 360"    "Symantec Corporation"    "c:\program files (x86)\norton 360\engine\20.3.0.36\ccsvchst.exe"
+ "nvsvc"    "Provides system and desktop level support to the NVIDIA display driver"    "NVIDIA Corporation"    "c:\windows\system32\nvvsvc.exe"
+ "nvUpdatusService"    "NVIDIA Settings Update Manager service, used to check new updates from NVIDIA server."    "NVIDIA Corporation"    "c:\program files (x86)\nvidia corporation\nvidia update core\daemonu.exe"
+ "ose"    "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc"    "Office Software Protection Platform Service (unlocalized description)"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "RegSrvc"    "Provides registry access to all Intel® PROSet/Wireless Software components"    "Intel® Corporation"    "c:\program files\common files\intel\wirelesscommon\regsrvc.exe"
+ "SftService"    "SoftThinks Agent Service"    "SoftThinks SAS"    "c:\program files (x86)\alienrespawn\sftservice.exe"
+ "Steam Client Service"    "Steam Client Service monitors and updates Steam content"    "Valve Corporation"    "c:\program files (x86)\common files\steam\steamservice.exe"
+ "Stereo Service"    "Provides system support for NVIDIA Stereoscopic 3D driver"    "NVIDIA Corporation"    "c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe"
+ "UNS"    "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device."    "Intel Corporation"    "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "VMUSBArbService"    "Arbitration and enumeration of USB devices for virtual machines"    "VMware, Inc."    "c:\program files (x86)\common files\vmware\usb\vmware-usbarbitrator64.exe"
+ "vmware-view-usbd"    "Provides VMware View USB redirections services."    "VMware, Inc."    "c:\program files\vmware\vmware view\client\bin\vmware-view-usbd.exe"
+ "WinDefend"    "Protection against spyware and potentially unwanted software"    "Microsoft Corporation"    "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc"    "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnetwk.exe"
+ "wsnm"    "Provides View Client services."    "VMware, Inc."    "c:\program files\vmware\vmware view\client\bin\wsnm.exe"
+ "ZeroConfigService"    "Manages the zero configuration service for all the Intel® PROSet/Wireless Software components."    "Intel® Corporation"    "c:\program files\intel\wifi\bin\zeroconfigservice.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "adp94xx"    "Adaptec Windows SAS/SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci"    "Adaptec Windows SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320"    "Adaptec StorPort Ultra320 SCSI Driver (X64)"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpu320.sys"
+ "aliide"    "ALi mini IDE Driver"    "Acer Laboratories Inc."    "c:\windows\system32\drivers\aliide.sys"
+ "amdsata"    "AHCI 1.2 Device Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs"    "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform"    "AMD Technologies Inc."    "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata"    "Storage Filter Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdxata.sys"
+ "AMPPAL"    "Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter"    "Windows ® Win 7 DDK provider"    "c:\windows\system32\drivers\amppal.sys"
+ "AMPPALP"    "Intel® Centrino® Wireless Bluetooth® + High Speed Protocol"    "Windows ® Win 7 DDK provider"    "c:\windows\system32\drivers\amppal.sys"
+ "arc"    "Adaptec RAID Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arc.sys"
+ "arcsas"    "Adaptec SAS RAID WS03 Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arcsas.sys"
+ "b06bdrv"    "Broadcom NetXtreme II GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a"    "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver."    "Broadcom Corporation"    "c:\windows\system32\drivers\b57nd60a.sys"
+ "BHDrvx64"    "SONAR Engine Driver"    "Symantec Corporation"    "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\bashdefs\20130301.001\bhdrvx64.sys"
+ "BrFiltLo"    "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp"    "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid"    "Brotehr Serial I/F Driver (WDM)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm"    "Brother Serial driver (WDM version)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm"    "Brother USB MDM Driver "    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer"    "Brother USB Serial Driver"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbser.sys"
+ "btmaux"    "Bluetooth Auxiliary Driver"    "Intel Corporation"    "c:\windows\system32\drivers\btmaux.sys"
+ "btmhsf"    "Bluetooth HighSpeed Filter Driver"    "Intel Corporation"    "c:\windows\system32\drivers\btmhsf.sys"
+ "ccSet_N360"    "Common Client Settings Driver"    "Symantec Corporation"    "c:\windows\system32\drivers\n360x64\1403000.024\ccsetx64.sys"
+ "cmdide"    "CMD PCI IDE Bus Driver"    "CMD Technology, Inc."    "c:\windows\system32\drivers\cmdide.sys"
+ "CtClsFlt"    "Video Class Upper Filter Driver (64-bit)"    "Creative Technology Ltd."    "c:\windows\system32\drivers\ctclsflt.sys"
+ "cthda"    "Creative High Definition Audio Device Driver"    "Creative Technology Ltd"    "c:\windows\system32\drivers\cthda.sys"
+ "ebdrv"    "Broadcom NetXtreme II 10 GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\evbda.sys"
+ "eeCtrl"    "Symantec Eraser Control Driver"    "Symantec Corporation"    "c:\program files (x86)\common files\symantec shared\eengine\eectrl64.sys"
+ "elxstor"    "Storport Miniport Driver for LightPulse HBAs"    "Emulex"    "c:\windows\system32\drivers\elxstor.sys"
+ "EMSC"    "Embedded System Control"    "Windows ® Win 7 DDK provider"    "c:\windows\system32\drivers\emsc.sys"
+ "EraserUtilRebootDrv"    "Symantec Eraser Utility Driver"    "Symantec Corporation"    "c:\program files (x86)\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
+ "GEARAspiWDM"    "CD DVD Filter"    "GEAR Software Inc."    "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcmon"    "VMware USB Driver."    "VMware, Inc."    "c:\windows\system32\drivers\hcmon.sys"
+ "hcw85cir"    "Hauppauge WinTV 885 Consumer IR Driver for eHome"    "Hauppauge Computer Works, Inc."    "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD"    "Smart Array SAS/SATA Controller Media Driver"    "Hewlett-Packard Company"    "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor"    "Intel Rapid Storage Technology driver - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV"    "Intel Matrix Storage Manager driver - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastorv.sys"
+ "ibtfltcoex"    "Intel® Centrino® Wireless (Bluetooth Adapter) Driver"    "Intel Corporation"    "c:\windows\system32\drivers\ibtfltcoex.sys"
+ "IDSVia64"    "Symantec Intrusion Prevention Driver"    "Symantec Corporation"    "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\ipsdefs\20130309.001\idsvia64.sys"
+ "igfx"    "Intel Graphics Kernel Mode Driver"    "Intel Corporation"    "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp"    "Intel/ICP Raid Storport Driver"    "Intel Corp./ICP vortex GmbH"    "c:\windows\system32\drivers\iirsp.sys"
+ "intaud_WaveExtensible"    "Intel® WiDi Solution"    "Intel Corporation"    "c:\windows\system32\drivers\intelaud.sys"
+ "IntcDAud"    "Intel® Display Audio Driver"    "Intel® Corporation"    "c:\windows\system32\drivers\intcdaud.sys"
+ "iusb3hcs"    "Intel® USB 3.0 Host Controller Switch Driver"    "Intel Corporation"    "c:\windows\system32\drivers\iusb3hcs.sys"
+ "iusb3hub"    "Intel® USB 3.0 Hub Driver"    "Intel Corporation"    "c:\windows\system32\drivers\iusb3hub.sys"
+ "iusb3xhc"    "Intel® USB 3.0 eXtensible Host Controller Driver"    "Intel Corporation"    "c:\windows\system32\drivers\iusb3xhc.sys"
+ "iwdbus"    "Intel® WiDi Solution"    "Intel Corporation"    "c:\windows\system32\drivers\iwdbus.sys"
+ "L1C"    "Atheros Ar81xx series PCI-E Gigabit Ethernet Controller"    "Atheros Communications, Inc."    "c:\windows\system32\drivers\l1c62x64.sys"
+ "LSI_FC"    "LSI Fusion-MPT FC Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS"    "LSI Fusion-MPT SAS Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2"    "LSI SAS Gen2 Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI"    "LSI Fusion-MPT SCSI Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas"    "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64"    "LSI Corporation"    "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR"    "LSI MegaRAID Software RAID Driver"    "LSI Corporation, Inc."    "c:\windows\system32\drivers\megasr.sys"
+ "MEIx64"    "Intel® Management Engine Interface"    "Intel Corporation"    "c:\windows\system32\drivers\hecix64.sys"
+ "NAVENG"    "AV Engine"    "Symantec Corporation"    "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\virusdefs\20130311.016\eng64.sys"
+ "NAVEX15"    "AV Engine"    "Symantec Corporation"    "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\virusdefs\20130311.016\ex64.sys"
+ "NETwNs64"    "Intel® Wireless WiFi Link Driver"    "Intel Corporation"    "c:\windows\system32\drivers\netwsw00.sys"
+ "nfrd960"    "IBM ServeRAID Controller Driver"    "IBM Corporation"    "c:\windows\system32\drivers\nfrd960.sys"
+ "NVHDA"    "NVIDIA HDMI Audio Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvhda64v.sys"
+ "nvkflt"    "NVIDIA Windows Kernel Mode Driver, Version 296.16 "    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvkflt.sys"
+ "nvlddmkm"    "NVIDIA Windows Kernel Mode Driver, Version 296.16 "    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvlddmkm.sys"
+ "nvpciflt"    "NVIDIA Windows Kernel Mode Driver, Version 296.16 "    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvpciflt.sys"
+ "nvraid"    "NVIDIA® nForce™ RAID Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor"    "NVIDIA® nForce™ Sata Performance Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvstor.sys"
+ "NvStUSB"    "Stereoscopic 3D USB controller driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvstusb.sys"
+ "ql2300"    "QLogic Fibre Channel Stor Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx"    "QLogic iSCSI Storport Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql40xx.sys"
+ "RSPCIESTOR"    "Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7"    "Realtek Semiconductor Corp."    "c:\windows\system32\drivers\rtspstor.sys"
+ "secdrv"    "Macrovision SECURITY Driver"    "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."    "c:\windows\system32\drivers\secdrv.sys"
+ "Serial"    "Brotehr Serial I/F Driver (WDM)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\serial.sys"
+ "SiSRaid2"    "SiS RAID Stor Miniport Driver"    "Silicon Integrated Systems Corp."    "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4"    "SiS AHCI Stor-Miniport Driver"    "Silicon Integrated Systems"    "c:\windows\system32\drivers\sisraid4.sys"
+ "SRTSP"    "Symantec AutoProtect"    "Symantec Corporation"    "c:\windows\system32\drivers\n360x64\1403000.024\srtsp64.sys"
+ "SRTSPX"    "Symantec AutoProtect"    "Symantec Corporation"    "c:\windows\system32\drivers\n360x64\1403000.024\srtspx64.sys"
+ "sscdbus"    "SAMSUNG USB Composite Device Driver"    "MCCI Corporation"    "c:\windows\system32\drivers\sscdbus.sys"
+ "sscdmdfl"    "SAMSUNG Mobile Modem Filter"    "MCCI Corporation"    "c:\windows\system32\drivers\sscdmdfl.sys"
+ "sscdmdm"    "SAMSUNG Mobile Modem Drivers"    "MCCI Corporation"    "c:\windows\system32\drivers\sscdmdm.sys"
+ "sscdserd"    "SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)"    "MCCI Corporation"    "c:\windows\system32\drivers\sscdserd.sys"
+ "ST_ACCEL"    "STM Accelerometer Device Driver"    "STMicroelectronics"    "c:\windows\system32\drivers\st_accel.sys"
+ "stdcfltn"    "Disk Class Filter Driver for Accelerometer"    "ST Microelectronics"    "c:\windows\system32\drivers\stdcfltn.sys"
+ "stexstor"    "Promise  SuperTrak EX Series Driver for Windows "    "Promise Technology"    "c:\windows\system32\drivers\stexstor.sys"
+ "SymDS"    "Symantec Data Store"    "Symantec Corporation"    "c:\windows\system32\drivers\n360x64\1403000.024\symds64.sys"
+ "SymEFA"    "Symantec Extended File Attributes"    "Symantec Corporation"    "c:\windows\system32\drivers\n360x64\1403000.024\symefa64.sys"
+ "SymEvent"    "Symantec Event Library"    "Symantec Corporation"    "c:\windows\system32\drivers\symevent64x86.sys"
+ "SymIRON"    "Iron Driver"    "Symantec Corporation"    "c:\windows\system32\drivers\n360x64\1403000.024\ironx64.sys"
+ "SymNetS"    "Network Security Driver"    "Symantec Corporation"    "c:\windows\system32\drivers\n360x64\1403000.024\symnets.sys"
+ "SynTP"    "Synaptics Touchpad Driver"    "Synaptics Incorporated"    "c:\windows\system32\drivers\syntp.sys"
+ "USBAAPL64"    "Apple Mobile Device USB Driver"    "Apple, Inc."    "c:\windows\system32\drivers\usbaapl64.sys"
+ "viaide"    "VIA Generic PCI IDE Bus Driver"    "VIA Technologies, Inc."    "c:\windows\system32\drivers\viaide.sys"
+ "vmusb"    "VMware USB driver"    "VMware, Inc."    "c:\windows\system32\drivers\vmusb.sys"
+ "vsmraid"    "VIA RAID DRIVER FOR AMD-X86-64"    "VIA Technologies Inc.,Ltd"    "c:\windows\system32\drivers\vsmraid.sys"
+ "WDC_SAM"    "Manages WD external storage products."    "Western Digital Technologies"    "c:\windows\system32\drivers\wdcsam64.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid"    "Cinepak® Codec"    "Radius Inc."    "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""
+ "Creative Correct TimeStamp Filter"    "Creative Correct TimeStamp Filter"    "Creative Technology Ltd."    "c:\program files (x86)\creative\shared files\ctfrfix.ax"
+ "Creative H264 No Quality Control Filter"    "Creative No Quality Control  Filter"    "Creative Technology Ltd."    "c:\program files (x86)\integrated webcam\live! central\cth264noqc.ax"
+ "Creative MJPEG Decoder 2"    "Decoder"    "Creative Technology Ltd."    "c:\program files (x86)\creative\shared files\ctmjpgdec2.ax"
+ "Creative Video Processing Filter"    "Creative Video Processing Filter"    "Creative Technology Ltd."    "c:\program files (x86)\creative\shared files\vidprocu.ax"
+ "DS Video Buffer Filter"    "WiDiAgent.dll COM object."    "Intel Corporation"    "c:\program files (x86)\common files\intel corporation\widiagent\dsbuffer_video.ax"
+ "Intel® Mux Renderer"    "Intel® TS Mux / Network Renderer"    "Intel Corporation"    "c:\program files (x86)\common files\intel corporation\widiagent\intelmux.dll"
+ "Intel®WiDi H264 encoder"    ""    ""    "c:\program files (x86)\common files\intel corporation\widiagent\h264_enc_filter.dll"
+ "MainConcept AAC Encoder"    "AAC audio encoder filter"    "MainConcept GmbH"    "c:\program files (x86)\common files\intel corporation\mainconcept filters\mc_enc_aac_ds.ax"
+ "QIC1802 Demux"    "QIC1802 Demux"    "Quanta Computer Inc."    "c:\program files (x86)\integrated webcam\live! central\qicdemux.ax"
+ "RealPlayer Audio Filter"    "Audio Filter Plugin"    "RealNetworks, Inc."    "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter"    "Audio Filter Plugin"    "RealNetworks, Inc."    "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter"    "Audio Filter Plugin"    "RealNetworks, Inc."    "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "WD Audio Filter"    "WiDi Audio Source Filter."    "Intel Corporation"    "c:\program files (x86)\common files\intel corporation\widiagent\wdaudiofilter.dll"
+ "WD Secure Source Filter"    "Intel® WiDi Secure Video Source Filter."    "Intel Corporation"    "c:\program files (x86)\common files\intel corporation\widiagent\wdsecuresourcefilter.dll"
+ "WDSource Filter"    "WiDi Video Source Filter."    "Intel Corporation"    "c:\program files (x86)\common files\intel corporation\widiagent\wdsourcefilter.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls"    ""    ""    ""
+ "C:\Windows\System32\nvinitx.dll"    "NVIDIA shim initialization dll, Version 296.16 "    "NVIDIA Corporation"    "c:\windows\system32\nvinitx.dll"
+ "C:\Windows\system32\nvinitx.dll"    "NVIDIA shim initialization dll, Version 296.16 "    "NVIDIA Corporation"    "c:\windows\system32\nvinitx.dll"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls"    ""    ""    ""
+ "C:\Windows\SysWOW64\nvinit.dll"    "NVIDIA shim initialization dll, Version 296.16 "    "NVIDIA Corporation"    "c:\windows\syswow64\nvinit.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"    ""    ""    ""
+ "igfxcui"    "igfxdev Module"    "Intel Corporation"    "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries"    ""    ""    ""
+ "mdnsNSP"    "Bonjour Namespace Provider"    "Apple Inc."    "c:\program files (x86)\bonjour\mdnsnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64"    ""    ""    ""
+ "mdnsNSP"    "Bonjour Namespace Provider"    "Apple Inc."    "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages"    ""    ""    ""
+ "wsauth"    "VMware View LSA Authentication Provider"    "VMware, Inc."    "c:\windows\system32\wsauth.dll"
"C:\Users\ThunderXL\AppData\Local\Microsoft\Windows Sidebar\Settings.ini"    ""    ""    ""
+ ""    ""    ""    "C:\Program Files\Windows Sidebar\Gadgets\Norton.Gadget"
 



#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:52 PM

Posted 11 March 2013 - 10:15 PM

Download

 

http://download.bleepingcomputer.com/win-services/7/iphlpsvc.reg

 

Launch it and click YES

 

Restart the PC and let me know if you have any more issues.

 

Clear infections quarantined by norton.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users