Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with svchost.exe maybe more


  • Please log in to reply
18 replies to this topic

#1 DougakaEasy

DougakaEasy

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 26 March 2013 - 10:41 AM

About 1.5 weeks ago I was watching some episodes of Family Guy online from a "free" site that I have used many times before without any problems.  http://www.free-tv-video-online.me/  This site links to pages that are embeded to video files of other sites. As I said, I've used it many times with no problems. After watching 2 episodes, I clicked on a link to watch a third. As the page opened I noticed what appeared to be a pop-up or more accurately a pop-under. I thought it was strange because I had an autoupdated NIS 2012 and have pop-ups blocked by IE10.

I immediately noticed something was wrong. The NIS icon in the tray disappeared and the system went directly into a reboot cycle. After it rebooted NIS did NOT load. When I clicked on the icon to start up NIS my laptop BSOD'd. This was followed by many reboots manually and many BSOD's.

 
I tried all of the following attempts to repair.

I tried updating NIS and full scan in safe mode. No threats found, no improvements. After normal reboot the main control page of NIS would not load. Still getting BSOD.

Tried NPE with no threats found and still no improvements. NIS panel still wouldn't load.

Scanned with updated Spybot S&D. Threat found: Smitfraud-C.generic (C:\Windows\svchost.exe). Threat removed. No improvements and NIS panel still won't load.

Scanned with Malwarebytes. No threats detected. No improvements.

Scanned with Super Antispyware free edition. Detected some kind of problem with a gaming program (Hyperlobby client used for matchmaking for flight sim games) that was installed maybe 2 years? prior to this problem. I let it remove and fix this "problem" that it saw as a Trojan even though I know this program to be safe. Still no improvements. NIS main control panel will not load.


The BSOD errors were telling me that there was a BIOS memory cache problem. I downloaded the latest BIOS update from Toshiba for my laptop (ver. 1.70) and installed it.

I did a Windows control panel add/remove programs uninstall of NIS. I also used the Norton removal tool afterwards to make sure that all components were removed. I downloaded and installed the latest version of NIS using the Norton DL Mgr. Installation progressed normally all the way up to the point where it starts NIS and opens the control panel main of NIS then my pc BSOD'd.

After several attempts to install/repair NIS I finally got it to install cleanly and load. However, after a reboot and/or hibernate restart, NIS home control panel will not load. The only way I can get it to run a full scan is in Windows safe mode because any time you click on the tray icon or click on "Open NIS" from the start menu I either get a quick hourglass and nothing happens or nothing happens at all.

 

I have run Spybot S&D many times since and EVERY time it finds Smitfraud-C.generic (C:\Windows\svchost.exe) over and over again.

I have run Super AntiSpyware free many times with no threats found.

Malware Bytes is not compatible with the latest version of NIS.

I have run a full system scan with the latest version of NIS from Windows safe mode with no threats found.

 

I know this HAS to be a virus. I have never had a single problem before this event.

 

Here are my pc specs:

 

Toshiba Sattelite L675D

Windows 7 Home SP1

AMD Turion II P520 Dual Core 2.30 GHz

4.00 GB of Ram

64 bit OS

 

The following are copies of the blue screen reports that come up after it BSOD's and reboots:

 

Problem signature:   Problem Event Name: BlueScreen   OS Version: 6.1.7601.2.1.0.768.3   Locale ID: 1033

Additional information about the problem:   BCCode: a   BCP1: 0000000000000000   BCP2: 0000000000000002   BCP3: 0000000000000001   BCP4: FFFFF80003099F5E   OS Version: 6_1_7601   Service Pack: 1_0   Product: 768_1

Files that help describe the problem:   C:\Windows\Minidump\031813-36457-01.dmp   C:\Users\Doug\AppData\Local\Temp\WER-86081-0.sysda​ta.xml

Read our privacy statement online:   http://go.microsoft.com/fwlink/?linkid=104288&clci​d=0x0409

If the online privacy statement is not available, please read our privacy statement offline:   C:\windows\system32\en-US\erofflps.txt

_________________________________________

Problem signature:   Problem Event Name: BlueScreen   OS Version: 6.1.7601.2.1.0.768.3   Locale ID: 1033

Additional information about the problem:   BCCode: 1e   BCP1: FFFFFFFFC0000005   BCP2: FFFFFA8005089BB0   BCP3: 0000000000000000   BCP4: 000000007EFA8000   OS Version: 6_1_7601   Service Pack: 1_0   Product: 768_1

Files that help describe the problem:   C:\Windows\Minidump\031813-74381-01.dmp   C:\Users\Doug\AppData\Local\Temp\WER-120729-0.sysd​ata.xml

Read our privacy statement online:   http://go.microsoft.com/fwlink/?linkid=104288&clci​d=0x0409

If the online privacy statement is not available, please read our privacy statement offline:   C:\windows\system32\en-US\erofflps.txt

_____________________________________

Problem signature:   Problem Event Name: BlueScreen   OS Version: 6.1.7601.2.1.0.768.3   Locale ID: 1033

Additional information about the problem:   BCCode: 1e   BCP1: FFFFFFFFC0000005   BCP2: FFFFF8000307026B   BCP3: 0000000000000000   BCP4: 000000007EFA0000   OS Version: 6_1_7601   Service Pack: 1_0   Product: 768_1

Files that help describe the problem:   C:\Windows\Minidump\031813-70652-01.dmp   C:\Users\Doug\AppData\Local\Temp\WER-106860-0.sysd​ata.xml

Read our privacy statement online:   http://go.microsoft.com/fwlink/?linkid=104288&clci​d=0x0409

If the online privacy statement is not available, please read our privacy statement offline:   C:\windows\system32\en-US\erofflps.txt

__________________________________________________ 03/22/2013

Problem signature:   Problem Event Name: BlueScreen   OS Version: 6.1.7601.2.1.0.768.3   Locale ID: 1033

Additional information about the problem:   BCCode: 1e   BCP1: FFFFFFFFC0000005   BCP2: FFFFF800033D9CDA   BCP3: 0000000000000001   BCP4: 0000000000000018   OS Version: 6_1_7601   Service Pack: 1_0   Product: 768_1

Files that help describe the problem:   C:\Windows\Minidump\032213-60450-01.dmp   C:\Users\Doug\AppData\Local\Temp\WER-121696-0.sysd​ata.xml

Read our privacy statement online:   http://go.microsoft.com/fwlink/?linkid=104288&clci​d=0x0409

If the online privacy statement is not available, please read our privacy statement offline:   C:\windows\system32\en-US\erofflps.txt

--------------------------------------------------​----------------------------------------------

Problem signature:   Problem Event Name: BlueScreen   OS Version: 6.1.7601.2.1.0.768.3   Locale ID: 1033

Additional information about the problem:   BCCode: 1e   BCP1: FFFFFFFFC0000005   BCP2: FFFFF8000305826B   BCP3: 0000000000000000   BCP4: 000000007EFA0000   OS Version: 6_1_7601   Service Pack: 1_0   Product: 768_1

Files that help describe the problem:   C:\Windows\Minidump\032413-81619-01.dmp   C:\Users\Doug\AppData\Local\Temp\WER-132304-0.sysd​ata.xml

Read our privacy statement online:   http://go.microsoft.com/fwlink/?linkid=104288&clci​d=0x0409

If the online privacy statement is not available, please read our privacy statement offline:   C:\windows\system32\en-US\erofflps.txt

--------------------------------------------------​-------------------

Problem signature:   Problem Event Name: BlueScreen   OS Version: 6.1.7601.2.1.0.768.3   Locale ID: 1033

Additional information about the problem:   BCCode: 1e   BCP1: FFFFFFFFC0000005   BCP2: FFFFF800033C7CDA   BCP3: 0000000000000001   BCP4: 0000000000000018   OS Version: 6_1_7601   Service Pack: 1_0   Product: 768_1

Files that help describe the problem:   C:\Windows\Minidump\032413-21512-01.dmp   C:\Users\Doug\AppData\Local\Temp\WER-46082-0.sysda​ta.xml

Read our privacy statement online:   http://go.microsoft.com/fwlink/?linkid=104288&clci​d=0x0409

If the online privacy statement is not available, please read our privacy statement offline:   C:\windows\system32\en-US\erofflps.txt

 

I have a copy of the file C:\Users\Doug\AppData\Local\Temp\WER-105456-0.sysd​ata.xml which was one of the first records saved.

 

****I know this kinda sucks to put this in like this, but at some point Norton or another program found another virus Alueron or something, but I lost the information with everything that is going on. Sorry. I wish I could add more info on that. It's my belief that it was removed by the program that found it, but I'm not sure.*****

 

I am the point where I don't know what else to do. I was referred to here from the Norton community site. The problem still persists. Any help would be greatly appreciated.

 



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:46 AM

Posted 26 March 2013 - 10:42 AM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run
  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg
  • Click Reboot computer
  • Please post the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply
  • Due to forum upgrade you may face issues posting the TDSSkiller log.Just last few lines of log is sufficient

===================================================

RKILL
  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another.) and save it to your desktop:
  • Link 1
  • Link 2

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

===================================================

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    esetsmartinstaller_enu.png

    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button

===================================================

Junkware Removal Tool by thisisu
  • Please download Junkware Removal Tool
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply.

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • TDSSKiller log
  • RKILL log
  • ESET log
  • Junkware removal tool log



#3 DougakaEasy

DougakaEasy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 26 March 2013 - 11:07 AM

11:55:47.0211 5176  ============================================================
11:55:47.0211 5176  Scan finished
11:55:47.0211 5176  ============================================================
11:55:47.0226 2548  Detected object count: 1
11:55:47.0226 2548  Actual detected object count: 1
11:56:18.0467 2548  \Device\Harddisk0\DR0\# - copied to quarantine
11:56:18.0467 2548  \Device\Harddisk0\DR0 - copied to quarantine
11:56:18.0545 2548  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
11:56:18.0545 2548  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
11:56:18.0545 2548  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:56:18.0561 2548  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:56:18.0561 2548  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
11:56:18.0561 2548  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
11:56:18.0561 2548  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
11:56:18.0561 2548  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:56:18.0576 2548  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:56:18.0576 2548  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:56:18.0576 2548  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
11:56:18.0576 2548  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
11:56:18.0623 2548  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
11:56:18.0623 2548  \Device\Harddisk0\DR0 - ok
11:56:19.0013 2548  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
11:58:15.0358 3656  Deinitialize success

 

If I understood the instructions correctly, I was to set Rootkit.Boot.Pihar.b to cure, correct? That's what it looked like in the pic. Also, at the end of the scan/cure NIS blocked an attack by tsk0008.dta Trojan.Malcol

Did I make a mistake?



#4 DougakaEasy

DougakaEasy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 26 March 2013 - 11:21 AM

rkill log

 

 

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.

 * HOSTS file entries found:

  127.0.0.1 www.007guard.com
  127.0.0.1 007guard.com
  127.0.0.1 008i.com
  127.0.0.1 www.008k.com
  127.0.0.1 008k.com
  127.0.0.1 www.00hq.com
  127.0.0.1 00hq.com
  127.0.0.1 010402.com
  127.0.0.1 www.032439.com
  127.0.0.1 032439.com
  127.0.0.1 www.0scan.com
  127.0.0.1 0scan.com
  127.0.0.1 www.1000gratisproben.com
  127.0.0.1 1000gratisproben.com
  127.0.0.1 1001namen.com
  127.0.0.1 www.1001namen.com
  127.0.0.1 100888290cs.com
  127.0.0.1 www.100888290cs.com
  127.0.0.1 www.100sexlinks.com
  127.0.0.1 100sexlinks.com

  20 out of 15345 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 03/26/2013 12:17:00 PM
Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)



#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:46 AM

Posted 26 March 2013 - 11:23 AM

Restart the PC and make sure to run TDSSkiller once again and post the new log.Post the log together with results from other scans.



#6 DougakaEasy

DougakaEasy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 26 March 2013 - 02:14 PM

Wow........way too many.

Sorry I didn't follow your instructions more thoroughly. I misunderstood. I did run TDSS 2 times originally and also just ran it a third time after I finished the other scans you requested. Here they all are:

 

TDSS scans

 

11:47:56.0825 7876  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:47:58.0034 7876  ============================================================
11:47:58.0034 7876  Current date / time: 2013/03/26 11:47:58.0034
11:47:58.0034 7876  SystemInfo:
11:47:58.0034 7876 
11:47:58.0034 7876  OS Version: 6.1.7601 ServicePack: 1.0
11:47:58.0034 7876  Product type: Workstation
11:47:58.0034 7876  ComputerName: UNDEADACE
11:47:58.0034 7876  UserName: Doug
11:47:58.0034 7876  Windows directory: C:\windows
11:47:58.0034 7876  System windows directory: C:\windows
11:47:58.0034 7876  Running under WOW64
11:47:58.0034 7876  Processor architecture: Intel x64
11:47:58.0034 7876  Number of processors: 2
11:47:58.0034 7876  Page size: 0x1000
11:47:58.0034 7876  Boot type: Normal boot
11:47:58.0034 7876  ============================================================
11:47:59.0817 7876  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:47:59.0833 7876  ============================================================
11:47:59.0833 7876  \Device\Harddisk0\DR0:
11:47:59.0833 7876  MBR partitions:
11:47:59.0833 7876  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23D2E800
11:47:59.0833 7876  ============================================================
11:47:59.0849 7876  C: <-> \Device\Harddisk0\DR0\Partition1
11:47:59.0849 7876  ============================================================
11:47:59.0849 7876  Initialize success
11:47:59.0849 7876  ============================================================
11:48:40.0918 7176  Deinitialize success

 

11:55:47.0211 5176  ============================================================
11:55:47.0211 5176  Scan finished
11:55:47.0211 5176  ============================================================
11:55:47.0226 2548  Detected object count: 1
11:55:47.0226 2548  Actual detected object count: 1
11:56:18.0467 2548  \Device\Harddisk0\DR0\# - copied to quarantine
11:56:18.0467 2548  \Device\Harddisk0\DR0 - copied to quarantine
11:56:18.0545 2548  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
11:56:18.0545 2548  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
11:56:18.0545 2548  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:56:18.0561 2548  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:56:18.0561 2548  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
11:56:18.0561 2548  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
11:56:18.0561 2548  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
11:56:18.0561 2548  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:56:18.0576 2548  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:56:18.0576 2548  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:56:18.0576 2548  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
11:56:18.0576 2548  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
11:56:18.0623 2548  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
11:56:18.0623 2548  \Device\Harddisk0\DR0 - ok
11:56:19.0013 2548  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
11:58:15.0358 3656  Deinitialize success

 

12:00:05.0770 3540  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:00:05.0911 3540  ============================================================
12:00:05.0911 3540  Current date / time: 2013/03/26 12:00:05.0911
12:00:05.0911 3540  SystemInfo:
12:00:05.0911 3540 
12:00:05.0911 3540  OS Version: 6.1.7601 ServicePack: 1.0
12:00:05.0911 3540  Product type: Workstation
12:00:05.0911 3540  ComputerName: UNDEADACE
12:00:05.0911 3540  UserName: Doug
12:00:05.0911 3540  Windows directory: C:\windows
12:00:05.0911 3540  System windows directory: C:\windows
12:00:05.0911 3540  Running under WOW64
12:00:05.0911 3540  Processor architecture: Intel x64
12:00:05.0911 3540  Number of processors: 2
12:00:05.0911 3540  Page size: 0x1000
12:00:05.0911 3540  Boot type: Normal boot
12:00:05.0911 3540  ============================================================
12:00:07.0674 3540  BG loaded
12:00:08.0298 3540  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:00:08.0348 3540  ============================================================
12:00:08.0348 3540  \Device\Harddisk0\DR0:
12:00:08.0368 3540  MBR partitions:
12:00:08.0368 3540  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23D2E800
12:00:08.0368 3540  ============================================================
12:00:08.0768 3540  C: <-> \Device\Harddisk0\DR0\Partition1
12:00:08.0768 3540  ============================================================
12:00:08.0768 3540  Initialize success
12:00:08.0768 3540  ============================================================
12:14:43.0628 3492  Deinitialize success

 

14:59:38.0820 3844  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:59:39.0335 3844  ============================================================
14:59:39.0335 3844  Current date / time: 2013/03/26 14:59:39.0335
14:59:39.0335 3844  SystemInfo:
14:59:39.0335 3844 
14:59:39.0335 3844  OS Version: 6.1.7601 ServicePack: 1.0
14:59:39.0335 3844  Product type: Workstation
14:59:39.0335 3844  ComputerName: UNDEADACE
14:59:39.0335 3844  UserName: Doug
14:59:39.0335 3844  Windows directory: C:\windows
14:59:39.0335 3844  System windows directory: C:\windows
14:59:39.0335 3844  Running under WOW64
14:59:39.0335 3844  Processor architecture: Intel x64
14:59:39.0335 3844  Number of processors: 2
14:59:39.0335 3844  Page size: 0x1000
14:59:39.0335 3844  Boot type: Normal boot
14:59:39.0335 3844  ============================================================
14:59:42.0050 3844  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:59:42.0050 3844  ============================================================
14:59:42.0050 3844  \Device\Harddisk0\DR0:
14:59:42.0050 3844  MBR partitions:
14:59:42.0050 3844  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23D2E800
14:59:42.0050 3844  ============================================================
14:59:42.0096 3844  C: <-> \Device\Harddisk0\DR0\Partition1
14:59:42.0096 3844  ============================================================
14:59:42.0096 3844  Initialize success
14:59:42.0096 3844  ============================================================
14:59:57.0462 1776  Deinitialize success

 

15:03:41.0911 2348  ============================================================
15:03:41.0911 2348  Scan finished
15:03:41.0911 2348  ============================================================
15:03:41.0911 2708  Detected object count: 0
15:03:41.0911 2708  Actual detected object count: 0
15:04:15.0560 3668  Deinitialize success

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/26/2013 12:16:53 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.

 * HOSTS file entries found:

  127.0.0.1 www.007guard.com
  127.0.0.1 007guard.com
  127.0.0.1 008i.com
  127.0.0.1 www.008k.com
  127.0.0.1 008k.com
  127.0.0.1 www.00hq.com
  127.0.0.1 00hq.com
  127.0.0.1 010402.com
  127.0.0.1 www.032439.com
  127.0.0.1 032439.com
  127.0.0.1 www.0scan.com
  127.0.0.1 0scan.com
  127.0.0.1 www.1000gratisproben.com
  127.0.0.1 1000gratisproben.com
  127.0.0.1 1001namen.com
  127.0.0.1 www.1001namen.com
  127.0.0.1 100888290cs.com
  127.0.0.1 www.100888290cs.com
  127.0.0.1 www.100sexlinks.com
  127.0.0.1 100sexlinks.com

  20 out of 15345 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 03/26/2013 12:17:00 PM
Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)

 

 

ESET Results

 

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm 
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm 
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm 
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm 
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm 
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.03.2013_11.51.23\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.03.2013_11.51.23\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.TJ trojan cleaned by deleting - quarantined
C:\Users\autorun.inf Win32/Ramnit.A virus cleaned by deleting - quarantined
C:\Users\Doug\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe multiple threats cleaned by deleting - quarantined
C:\Users\Doug\Documents\Backup\tools\7zip_installer_d3632641.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Users\Doug\Documents\My Archives\Windows XP Pro SP3 - Activated\WXPVOL_EN.iso a variant of Win32/PSWTool.RAS.A application deleted - quarantined
 


 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Home Premium x64
Ran by Doug on Tue 03/26/2013 at 14:40:04.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}

 

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\kt_bho_dll.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\kt_bho.kettlebho
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\kt_bho.kettlebho.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2399412
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2786898
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"

 

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
Successfully deleted [File] C:\windows\svchost.exe  [Check for TDL4 Rootkit!]

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\Doug\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Doug\appdata\locallow\conduit"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/26/2013 at 14:50:06.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



 


Edited by DougakaEasy, 26 March 2013 - 02:17 PM.


#7 DougakaEasy

DougakaEasy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 26 March 2013 - 04:39 PM

Is there anything more I should do? Is there a better antivirus / internet security program than Norton? I know that is mostly a matter of opinion in some circles, but I'd just as soon pay for something that would protect my pc better than NIS has than continue to pay good money for a program that was defeated fairly easy.



#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:46 AM

Posted 26 March 2013 - 09:50 PM

Malwarebytes

Please download Malwarebytes Anti-Malware and save it to your desktop. If you already have it installed launch the program and update the database.

  • Make sure you are connected to the Internet and double-click on the it to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

===================================================

Farbar's MiniToolBox
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply

===================================================

Farbar's Service Scanner

Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===================================================

AdwCleaner by Xplode - Search for Adware
  • Please download AdwCleaner by Xplode onto your desktop.
  • Security softwares may flag it as malicious.This is a false positive and can be ignored.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • Click YES if you receive a warning for reboot
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================

Autoruns
 
  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply



  • Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Autoruns log


 



#9 DougakaEasy

DougakaEasy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 27 March 2013 - 10:22 PM

Sorry it took so long to reply. Work ya know.  :wink:  Well here's all you requested......

 

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.28.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Doug :: UNDEADACE [administrator]

3/27/2013 10:37:08 PM
mbam-log-2013-03-27 (22-37-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231418
Time elapsed: 19 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MiniToolBox by Farbar  Version:05-03-2013
Ran by Doug (administrator) on 27-03-2013 at 23:01:05
Running from "C:\Users\Doug\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

There are 15325 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : UndeadAce
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : UndeadAce

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : UndeadAce
   Description . . . . . . . . . . . : Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 00-26-4D-CB-9A-5A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::d909:a6d3:e5eb:4674%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, March 26, 2013 5:32:38 PM
   Lease Expires . . . . . . . . . . : Sunday, May 04, 2149 5:32:17 AM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 318776909
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-B8-A9-A0-88-AE-1D-4C-4A-DC
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 88-AE-1D-4C-4A-DC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.UndeadAce:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {ED1800DC-AA7C-4260-B995-E1963E8533C8}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : UndeadAce
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:3cea:ed0:bbc4:1f40(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3cea:ed0:bbc4:1f40%12(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{34DDDB42-9820-4B3F-827A-6F11CD45B0C9}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server: 
Address:  192.168.2.1

Name:    google.com
Addresses:  2607:f8b0:4002:802::1004
   173.194.37.39
   173.194.37.34
   173.194.37.37
   173.194.37.46
   173.194.37.36
   173.194.37.33
   173.194.37.41
   173.194.37.38
   173.194.37.40
   173.194.37.35
   173.194.37.32


Pinging google.com [173.194.37.78] with 32 bytes of data:
Reply from 173.194.37.78: bytes=32 time=41ms TTL=54
Reply from 173.194.37.78: bytes=32 time=28ms TTL=54

Ping statistics for 173.194.37.78:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 28ms, Maximum = 41ms, Average = 34ms
Server: 
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  98.139.183.24
   206.190.36.45
   98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=110ms TTL=49
Reply from 206.190.36.45: bytes=32 time=110ms TTL=49

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 110ms, Maximum = 110ms, Average = 110ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 26 4d cb 9a 5a ......Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
 10...88 ae 1d 4c 4a dc ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.4     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.4    281
      192.168.2.4  255.255.255.255         On-link       192.168.2.4    281
    192.168.2.255  255.255.255.255         On-link       192.168.2.4    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.4    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.4    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:9d38:6ab8:3cea:ed0:bbc4:1f40/128
                                    On-link
 11    281 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::3cea:ed0:bbc4:1f40/128
                                    On-link
 11    281 fe80::d909:a6d3:e5eb:4674/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/27/2013 10:53:25 PM) (Source: TestWorker) (User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher


System errors:
=============
Error: (03/27/2013 10:31:53 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service.

Error: (03/27/2013 11:10:04 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.


Microsoft Office Sessions:
=========================
Error: (03/27/2013 10:53:25 PM) (Source: TestWorker)(User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher


=========================== Installed Programs ============================

Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.2)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Reader X (10.1.6) (Version: 10.1.6)
Amazon Links (Version: 2.02)
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.765.0)
Battlelog Web Plugins (Version: 1.140.0)
Belkin Setup and Router Monitor
Black and White
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Full Existing (Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Full New (Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Light (Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Previews Common (Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0315.1050.17562)
Catalyst Control Center Localization All (Version: 2010.0315.1050.17562)
CCC Help Chinese Standard (Version: 2010.0315.1049.17562)
CCC Help Chinese Traditional (Version: 2010.0315.1049.17562)
CCC Help Czech (Version: 2010.0315.1049.17562)
CCC Help Danish (Version: 2010.0315.1049.17562)
CCC Help Dutch (Version: 2010.0315.1049.17562)
CCC Help English (Version: 2010.0315.1049.17562)
CCC Help Finnish (Version: 2010.0315.1049.17562)
CCC Help French (Version: 2010.0315.1049.17562)
CCC Help German (Version: 2010.0315.1049.17562)
CCC Help Greek (Version: 2010.0315.1049.17562)
CCC Help Hungarian (Version: 2010.0315.1049.17562)
CCC Help Italian (Version: 2010.0315.1049.17562)
CCC Help Japanese (Version: 2010.0315.1049.17562)
CCC Help Korean (Version: 2010.0315.1049.17562)
CCC Help Norwegian (Version: 2010.0315.1049.17562)
CCC Help Polish (Version: 2010.0315.1049.17562)
CCC Help Portuguese (Version: 2010.0315.1049.17562)
CCC Help Russian (Version: 2010.0315.1049.17562)
CCC Help Spanish (Version: 2010.0315.1049.17562)
CCC Help Swedish (Version: 2010.0315.1049.17562)
CCC Help Thai (Version: 2010.0315.1049.17562)
CCC Help Turkish (Version: 2010.0315.1049.17562)
ccc-core-static (Version: 2010.0315.1050.17562)
ccc-utility64 (Version: 2010.0315.1050.17562)
Comcast Desktop Software (v1.2.0.9) (Version: 23)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Desktop Doctor (Version: 2.5.5)
ESET Online Scanner v3
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
Google Chrome (Version: 25.0.1364.172)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
HTC Driver Installer (Version: 2.0.7.018)
HTC Sync (Version: 2.0.40)
IL-2 Sturmovik 1946 (Version: 1.00.0000)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Junk Mail filter update (Version: 15.4.3502.0922)
Label@Once 1.0 (Version: 1.0)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Web Access S/MIME (Version: 6.5.7651.60)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
Nero 12 (Version: 12.0.02000)
Nero Audio Pack 1 (Version: 11.0.11500.110.0)
Nero BackItUp (Version: 12.0.2001)
Nero BackItUp Help (CHM) (Version: 12.0.3000)
Nero Blu-ray Player (Version: 12.0.14300)
Nero Blu-ray Player Help (CHM) (Version: 12.0.4000)
Nero Burning ROM (Version: 12.0.20000)
Nero Burning ROM Help (CHM) (Version: 12.0.3000)
Nero ControlCenter (Version: 11.0.15200)
Nero ControlCenter Help (CHM) (Version: 12.0.5000)
Nero Core Components (Version: 11.0.18100)
Nero Disc Menus Basic (Version: 12.0.11500)
Nero Effects Basic (Version: 12.0.11500)
Nero Express (Version: 12.0.20000)
Nero Express Help (CHM) (Version: 12.0.5000)
Nero Kwik Media (Version: 1.18.18200)
Nero Kwik Media Help (CHM) (Version: 12.0.4000)
Nero Kwik Themes Basic (Version: 12.0.11500)
Nero PiP Effects Basic (Version: 12.0.11500)
Nero Recode (Version: 12.0.24000)
Nero Recode Help (CHM) (Version: 12.0.4000)
Nero RescueAgent (Version: 12.0.9000)
Nero RescueAgent Help (CHM) (Version: 12.0.3000)
Nero SharedVideoCodecs (Version: 1.0.12100.2.0)
Nero Update (Version: 11.0.11800.31.0)
Nero Video (Version: 12.0.3000)
Nero Video Help (CHM) (Version: 12.0.4000)
Norton Internet Security (Version: 20.3.0.36)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PowerISO (Version: 4.7)
Prerequisite installer (Version: 12.0.0002)
Quickbooks Financial Center (Version: 2.02)
QuickTime (Version: 7.72.80.56)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.17.304.2010)
Realtek HDMI Audio Driver for ATI (Version: 6.0.1.5992)
Realtek High Definition Audio Driver (Version: 6.0.1.6069)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30111)
Realtek WLAN Driver (Version: 2.00.0012)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.6.0)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.6.1014)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
TOSHIBA Application Installer (Version: 9.0.1.0)
TOSHIBA Assist (Version: 3.00.10)
TOSHIBA Bulletin Board (Version: 1.6.07.64)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA eco Utility (Version: 1.2.11.64)
TOSHIBA Face Recognition (Version: 3.1.3.64)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.6C)
TOSHIBA Hardware Setup (Version: 1.63.0.21C)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
Toshiba Laptop Checkup (Version: 2.0.3.198)
TOSHIBA Media Controller (Version: 1.0.80.3.64)
TOSHIBA Media Controller Plug-in (Version: 1.0.5.10)
Toshiba Online Backup (Version: 1.2.0.38)
TOSHIBA PC Health Monitor (Version: 1.6.0.64)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.6.06.64)
TOSHIBA Service Station (Version: 2.1.40)
TOSHIBA Supervisor Password (Version: 1.63.0.9C)
TOSHIBA Value Added Package (Version: 1.3.3.64)
TOSHIBA Web Camera Application (Version: 1.1.1.15)
ToshibaRegistration (Version: 1.0.4)
Total Video Converter 3.71 100812
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Utility Common Driver (Version: 1.0.52.1C)
VLC media player 2.0.5 (Version: 2.0.5)
Welcome App (Start-up experience) (Version: 12.0.14000)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR 4.00 (64-bit) (Version: 4.00.0)
WModem Driver Installer (Version: 2.0.6.9)
Xvid Video Codec (Version: 1.3.2)

========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 3835.68 MB
Available physical RAM: 1944.8 MB
Total Pagefile: 7669.55 MB
Available Pagefile: 5547.81 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.91 MB

========================= Partitions: =====================================

1 Drive c: (TI105838W0G) (Fixed) (Total:286.59 GB) (Free:180.84 GB) NTFS

========================= Users: ========================================

User accounts for \\UNDEADACE

Administrator            Doug                     Guest                   


**** End of log ****


Farbar Service Scanner Version: 03-03-2013
Ran by Doug (administrator) on 27-03-2013 at 23:08:45
Running from "C:\Users\Doug\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


# AdwCleaner v2.115 - Logfile created 03/27/2013 at 23:11:16
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Doug - UNDEADACE
# Boot Mode : Normal
# Running from : C:\Users\Doug\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Partner Service

***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2001 octets] - [27/03/2013 23:10:51]
AdwCleaner[S1].txt - [1974 octets] - [27/03/2013 23:11:16]

########## EOF - C:\AdwCleaner[S1].txt - [2034 octets] ##########


"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "00TCrdMain" "TOSHIBA Flash Cards" "TOSHIBA Corporation" "c:\program files\toshiba\flashcards\tcrdmain.exe"
+ "HSON" "HotStartOn" "TOSHIBA Corporation" "c:\program files\toshiba\tbs\hson.exe"
+ "RtHDVBg" "HD Audio Background Process" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravbg64.exe"
+ "RtHDVCpl" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravcpl64.exe"
+ "SmoothView" "SmoothView" "TOSHIBA Corporation" "c:\program files\toshiba\smoothview\smoothview.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
+ "TosSENotify" "" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\toswaitsrv.exe"
+ "TosVolRegulator" " Toshiba Volume Regulator" "TOSHIBA Corporation" "c:\program files\toshiba\tosvolregulator\tosvolregulator.exe"
+ "TPwrMain" "TOSHIBA Power Saver" "TOSHIBA Corporation" "c:\program files\toshiba\power saver\tpwrmain.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "HWSetup" "HWSetup" "TOSHIBA Electronics, Inc." "c:\program files\toshiba\utilities\hwsetup.exe"
+ "InstaLAN" "" "Affinegy, Inc." "c:\program files (x86)\belkin\router setup and monitor\belkinroutermonitor.exe"
+ "KeNotify" "KeNotify MFC Application" "TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\utilities\kenotify.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "SVPWUTIL" "SVPWUTIL Application" "TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\utilities\svpwutil.exe"
"C:\Users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "OneNote 2010 Screen Clipper and Launcher.lnk" "Microsoft OneNote Quick Launcher" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onenotem.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Google Chrome" "Google Chrome" "Google Inc." "c:\program files (x86)\google\chrome\application\25.0.1364.172\installer\chrmstp.exe"
+ "Internet Explorer" "" "" "File not found: C:\windows\system32\ie4uinit.exe"
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 10.0\acrobat elements\contextmenu64.dll"
+ "NeroShellExt Class" "Nero Burning ROM Shell Extension" "Nero AG" "c:\program files (x86)\common files\nero\neroshellext\x64\neroshellext.dll"
+ "PowerISO" "PowerISOShell DLL" "PowerISO Computing, Inc." "c:\program files (x86)\poweriso\pwrisosh.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton internet security

\engine64\20.3.0.36\navshext.dll"
+ "TVCShellExt" "TVCShellExt Module" "" "c:\program files (x86)\total video converter\tvcshellextx64.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 10.0\acrobat elements\contextmenu.dll"
+ "NeroShellExt Class" "Nero Burning ROM Shell Extension" "Nero AG" "c:\program files (x86)\common files\nero\neroshellext\neroshellext.dll"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "NeroShellExt Class" "Nero Burning ROM Shell Extension" "Nero AG" "c:\program files (x86)\common files\nero\neroshellext\x64\neroshellext.dll"
+ "PowerISO" "PowerISOShell DLL" "PowerISO Computing, Inc." "c:\program files (x86)\poweriso\pwrisosh.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "NeroShellExt Class" "Nero Burning ROM Shell Extension" "Nero AG" "c:\program files (x86)\common files\nero\neroshellext\neroshellext.dll"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 10.0\acrobat elements\contextmenu64.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "PowerISO" "PowerISOShell DLL" "PowerISO Computing, Inc." "c:\program files (x86)\poweriso\pwrisosh.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton internet security

\engine64\20.3.0.36\navshext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 10.0\acrobat elements\contextmenu.dll"
+ "NBShellHook Class" "Nero BackItUp" "Nero AG" "c:\program files (x86)\nero\nero 12\nero backitup\nbshell.dll"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "NBShellHook.6.0" "Nero BackItUp" "Nero AG" "c:\program files (x86)\nero\nero 12\nero backitup\nbshell.dll"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office

\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office

\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office

\office14\grooveex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Conversion Toolbar Helper" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "Norton Identity Protection" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\20.3.0.36\coieplg.dll"
+ "Norton Vulnerability Protection" "IPS Browser Helper DLL" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\20.3.0.36\ips\ipsbho.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\urlredir.dll"
+ "SmartSelect Class" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files (x86)\spybot - search & destroy\sdhelper.dll"
+ "TOSHIBA Media Controller Plug-in" "TOSHIBA Media Controller Plug-in " "<TOSHIBA>" "c:\program files (x86)\toshiba\toshiba media controller plug-in\toshibamediacontrollerie.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
+ "Windows Live Messenger Companion Helper" "Windows Live Messenger Companion Core" "Microsoft Corporation" "c:\program files (x86)\windows live\companion\companioncore.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Adobe PDF" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Norton Toolbar" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\20.3.0.36\coieplg.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnie.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "Messenger Companion (Ctrl+Shift+C)" "Windows Live Messenger Companion Core" "Microsoft Corporation" "c:\program files (x86)\windows live\companion\companioncore.dll"
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnie.dll"
+ "Spybot - Search & Destroy Configuration" "SBSD IE Protection" "Safer Networking Limited" "c:\program files (x86)\spybot - search & destroy\sdhelper.dll"
"Task Scheduler" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.6 r602" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe

\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows

media player\wmpnscfg.exe"
+ "\Microsoft_Hardware_Launch_IPoint_exe" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe"
+ "\Norton Internet Security\Norton Error Analyzer" "Symantec Error Reporting" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\20.3.0.36\symerr.exe"
+ "\Norton Internet Security\Norton Error Processor" "Symantec Error Reporting" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\20.3.0.36\symerr.exe"
+ "\Norton WSC Integration" "WSCStub" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\20.3.0.36\wscstub.exe"
+ "\scvhost" "" "" "File not found: \\.\globalroot\Device\HarddiskVolume2\Windows\scvhost.exe"
+ "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "\thpm5466142515532903469" "" "" "File not found: \\.\globalroot\Device\HarddiskVolume2\Users\Doug\AppData\Local\Temp\thpm5466142515532903469.tmp"
+ "\thpm6175815688012314335" "" "" "File not found: \\.\globalroot\Device\HarddiskVolume2\Users\Doug\AppData\Local\Temp\thpm6175815688012314335.tmp"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore64.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:

\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AffinegyService" "Affinegy Mobility Management support" "Affinegy, Inc." "c:\program files (x86)\belkin\router setup and monitor\belkinservice.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "Microsoft SharePoint Workspace Audit Service" "Microsoft SharePoint Workspace" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\groove.exe"
+ "NIS" "Norton Internet Security" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\20.3.0.36\ccsvchst.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files

(x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared

\officesoftwareprotectionplatform\osppsvc.exe"
+ "PCCUJobMgr" "Job Manager service for common client services" "Symantec Corporation" "c:\program files (x86)\norton pc checkup\engine\2.0.3.198\ccsvchst.exe"
+ "SBSDWSCService" "Spybot-S&D Security Center integration" "Safer Networking Ltd." "c:\program files (x86)\spybot - search & destroy\sdwinsec.exe"
+ "sprtsvc_ddoctorv2" "SupportSoft Sprocket Service" "SupportSoft, Inc." "c:\program files (x86)\comcast\desktop doctor\bin\sprtsvc.exe"
+ "TMachInfo" "TOSHIBA Machine Information Service" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba service station\tmachinfo.exe"
+ "TODDSrv" "TDCSrv Application" "TOSHIBA Corporation" "c:\windows\system32\toddsrv.exe"
+ "TosCoSrv" "TOSHIBA Power Saver manages power saving settings supported by TOSHIBA. These settings will not work if the service has stopped." "TOSHIBA Corporation" "c:\program files

\toshiba\power saver\toscosrv.exe"
+ "TOSHIBA eco Utility Service" "TOSHIBA eco Utility Service" "TOSHIBA Corporation" "c:\program files\toshiba\teco\tecoservice.exe"
+ "TOSHIBA HDD SSD Alert Service" "TOSHIBA HDD SSD Alert" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\tossmartsrv.exe"
+ "TPCHSrv" "TOSHIBA PC Health Monitor" "TOSHIBA Corporation" "c:\program files\toshiba\tphm\tpchsrv.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows

media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "AgereSoftModem" "SoftModem Device Driver" "LSI Corp" "c:\windows\system32\drivers\agrsm64.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atipmdag.sys"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Stor Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "AtiPcie" "AMD PCIE Filter Driver for ATI PCIE chipset" "Advanced Micro Devices Inc." "c:\windows\system32\drivers\atipcie.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BHDrvx64" "SONAR Engine Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.3.0.36\definitions\bashdefs

\20130322.001\bhdrvx64.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "ccSet_NIS" "Common Client Settings Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1403000.024\ccsetx64.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "dg_ssudbus" "SAMSUNG USB Composite Device Driver (MSS Ver.3)" "DEVGURU Co., LTD.(www.devguru.co.kr)" "c:\windows\system32\drivers\ssudbus.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eectrl64.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "HTCAND64" "ADB Interface" "HTC, Corporation" "c:\windows\system32\drivers\androidusb.sys"
+ "HtcUsbMdmV64" "USB Modem/Serial Device Driver" "QUALCOMM Incorporated" "c:\windows\system32\drivers\htcusbmdmv64.sys"
+ "HtcVCom32" "USB Modem/Serial Device Driver" "QUALCOMM Incorporated" "c:\windows\system32\drivers\htcvcomv64.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "IDSVia64" "Symantec Intrusion Prevention Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.3.0.36\definitions\ipsdefs

\20130327.001\idsvia64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "LPCFilter" "LPCFilter" "COMPAL ELECTRONIC INC." "c:\windows\system32\drivers\lpcfilter.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "NAVENG" "AV Engine" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.3.0.36\definitions\virusdefs\20130327.018\eng64.sys"
+ "NAVEX15" "AV Engine" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.3.0.36\definitions\virusdefs\20130327.018\ex64.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PGEffect" "TOSHIBA Universal Camera Filter Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\pgeffect.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSUSBSTOR" "Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsustor.sys"
+ "RTHDMIAzAudService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rthdmivx.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver                " "Realtek                                            " "c:\windows\system32\drivers\rt64win7.sys"
+ "rtl8192se" "Realtek RTL81892SE NDIS Driverr" "Realtek Semiconductor Corporation                           " "c:\windows\system32\drivers\rtl8192se.sys"
+ "SASDIFSV" "SASDIFSV64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv64.sys"
+ "SASKUTIL" "SASKUTIL64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil64.sys"
+ "SCDEmu" "PowerISO Virtual Drive" "PowerISO Computing, Inc." "c:\windows\system32\drivers\scdemu.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SRTSP" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1403000.024\srtsp64.sys"
+ "SRTSPX" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1403000.024\srtspx64.sys"
+ "ssudmdm" "SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)" "DEVGURU Co., LTD.(www.devguru.co.kr)" "c:\windows\system32\drivers\ssudmdm.sys"
+ "stexstor" "Promise  SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SymDS" "Symantec Data Store" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1403000.024\symds64.sys"
+ "SymEFA" "Symantec Extended File Attributes" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1403000.024\symefa64.sys"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent64x86.sys"
+ "SymIRON" "Iron Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1403000.024\ironx64.sys"
+ "SymNetS" "Network Security Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1403000.024\symnets.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "tdcmdpst" "TOSHIBA ODD Writing Driver for x64." "TOSHIBA Corporation." "c:\windows\system32\drivers\tdcmdpst.sys"
+ "TVALZ" "TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalz_o.sys"
+ "TVALZFL" "TOSHIBA TVALZ Filter Driver for x64" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalzfl.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codecp.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "VIDC.FFDS" "" "" "c:\windows\syswow64\ff_vfw.dll"
+ "vidc.XVID" "" "" "c:\windows\syswow64\xvidvfw.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files\playready\prdmowrapper.dll"
+ "SFVCaptureFilter" "SmartFaceVCapt" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcapt.dll"
+ "Xvid MPEG-4 Video Decoder" "" "" "c:\windows\system32\xvid.ax"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "AC3Filter" "ac3filter" "" "c:\program files (x86)\total video converter\ac3filter.cpl"
+ "ATI Ticker" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "FLV Source Filter" "FLV Source Filter" "SWiSHzone.com Pty Ltd" "c:\program files (x86)\total video converter\flv.ax"
+ "Image Effects" "TimeStam Dynamic Link Library" "" "c:\program files (x86)\toshiba\toshiba web camera application\pgtimefilter.dll"
+ "MMACE Deinterlace" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MPV Decoder Filter" "MPEG-1/2 Decoder Filter for DirectShow" "Gabest" "c:\program files (x86)\total video converter\mpeg2decfilter.ax"
+ "QTSrc" "CLQTSrc" "Cyberlink" "c:\program files (x86)\total video converter\quicktime.ax"
+ "RealAudio Decoder" "RealMedia Splitter" "Gabest" "c:\program files (x86)\total video converter\realmediasplitter.ax"
+ "RealMedia Source" "RealMedia Splitter" "Gabest" "c:\program files (x86)\total video converter\realmediasplitter.ax"
+ "RealMedia Splitter" "RealMedia Splitter" "Gabest" "c:\program files (x86)\total video converter\realmediasplitter.ax"
+ "RealVideo Decoder" "RealMedia Splitter" "Gabest" "c:\program files (x86)\total video converter\realmediasplitter.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "TOSHIBA Progress Monitor" "TOSHIBA Progress Monitor" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\tprogmon.ax"
+ "TOSHIBA WAV Converter" "TOSHIBA Wav Converter" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\twavconv.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Xvid MPEG-4 Video Decoder" "" "" "c:\windows\syswow64\xvid.ax"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "SmartFaceVCP" "SmartFaceVCP" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcp.dll"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Adobe PDF Port Monitor" "Adobe PDF Port  Monitor DLL" "Adobe Systems Inc" "c:\windows\system32\adobepdf.dll"



#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:46 AM

Posted 27 March 2013 - 10:24 PM

Adware cleaner and farbar service scanner logs?

 

Autoruns log is incomplete.



#11 DougakaEasy

DougakaEasy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 27 March 2013 - 10:39 PM

sorry, I could've sworn I included those....

 

Farbar Service Scanner Version: 03-03-2013
Ran by Doug (administrator) on 27-03-2013 at 23:08:45
Running from "C:\Users\Doug\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

# AdwCleaner v2.115 - Logfile created 03/27/2013 at 23:10:51
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Doug - UNDEADACE
# Boot Mode : Normal
# Running from : C:\Users\Doug\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****

Found : Partner Service

***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1878 octets] - [27/03/2013 23:10:51]

########## EOF - C:\AdwCleaner[R1].txt - [1938 octets] ##########

 

 

This is all of the file autoruns saves in its entirety

 

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "00TCrdMain" "TOSHIBA Flash Cards" "TOSHIBA Corporation" "c:\program files\toshiba\flashcards\tcrdmain.exe"
+ "HSON" "HotStartOn" "TOSHIBA Corporation" "c:\program files\toshiba\tbs\hson.exe"
+ "RtHDVBg" "HD Audio Background Process" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravbg64.exe"
+ "RtHDVCpl" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravcpl64.exe"
+ "SmoothView" "SmoothView" "TOSHIBA Corporation" "c:\program files\toshiba\smoothview\smoothview.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
+ "TosSENotify" "" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\toswaitsrv.exe"
+ "TosVolRegulator" " Toshiba Volume Regulator" "TOSHIBA Corporation" "c:\program files\toshiba\tosvolregulator\tosvolregulator.exe"
+ "TPwrMain" "TOSHIBA Power Saver" "TOSHIBA Corporation" "c:\program files\toshiba\power saver\tpwrmain.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "HWSetup" "HWSetup" "TOSHIBA Electronics, Inc." "c:\program files\toshiba\utilities\hwsetup.exe"
+ "InstaLAN" "" "Affinegy, Inc." "c:\program files (x86)\belkin\router setup and monitor\belkinroutermonitor.exe"
+ "KeNotify" "KeNotify MFC Application" "TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\utilities\kenotify.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "SVPWUTIL" "SVPWUTIL Application" "TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\utilities\svpwutil.exe"
"C:\Users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "OneNote 2010 Screen Clipper and Launcher.lnk" "Microsoft OneNote Quick Launcher" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onenotem.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Google Chrome" "Google Chrome" "Google Inc." "c:\program files (x86)\google\chrome\application\25.0.1364.172\installer\chrmstp.exe"
+ "Internet Explorer" "" "" "File not found: C:\windows\system32\ie4uinit.exe"
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 10.0\acrobat elements\contextmenu64.dll"
+ "NeroShellExt Class" "Nero Burning ROM Shell Extension" "Nero AG" "c:\program files (x86)\common files\nero\neroshellext\x64\neroshellext.dll"
+ "PowerISO" "PowerISOShell DLL" "PowerISO Computing, Inc." "c:\program files (x86)\poweriso\pwrisosh.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine64\20.3.0.36\navshext.dll"
+ "TVCShellExt" "TVCShellExt Module" "" "c:\program files (x86)\total video converter\tvcshellextx64.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 10.0\acrobat elements\contextmenu.dll"
+ "NeroShellExt Class" "Nero Burning ROM Shell Extension" "Nero AG" "c:\program files (x86)\common files\nero\neroshellext\neroshellext.dll"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "NeroShellExt Class" "Nero Burning ROM Shell Extension" "Nero AG" "c:\program files (x86)\common files\nero\neroshellext\x64\neroshellext.dll"
+ "PowerISO" "PowerISOShell DLL" "PowerISO Computing, Inc." "c:\program files (x86)\poweriso\pwrisosh.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "NeroShellExt Class" "Nero Burning ROM Shell Extension" "Nero AG" "c:\program files (x86)\common files\nero\neroshellext\neroshellext.dll"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 10.0\acrobat elements\contextmenu64.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "PowerISO" "PowerISOShell DLL" "PowerISO Computing, Inc." "c:\program files (x86)\poweriso\pwrisosh.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine64\20.3.0.36\navshext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 10.0\acrobat elements\contextmenu.dll"
+ "NBShellHook Class" "Nero BackItUp" "Nero AG" "c:\program files (x86)\nero\nero 12\nero backitup\nbshell.dll"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "NBShellHook.6.0" "Nero BackItUp" "Nero AG" "c:\program files (x86)\nero\nero 12\nero backitup\nbshell.dll"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Conversion Toolbar Helper" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "Norton Identity Protection" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\20.3.0.36\coieplg.dll"
+ "Norton Vulnerability Protection" "IPS Browser Helper DLL" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\20.3.0.36\ips\ipsbho.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\urlredir.dll"
+ "SmartSelect Class" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files (x86)\spybot - search & destroy\sdhelper.dll"
+ "TOSHIBA Media Controller Plug-in" "TOSHIBA Media Controller Plug-in " "<TOSHIBA>" "c:\program files (x86)\toshiba\toshiba media controller plug-in\toshibamediacontrollerie.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
+ "Windows Live Messenger Companion Helper" "Windows Live Messenger Companion Core" "Microsoft Corporation" "c:\program files (x86)\windows live\companion\companioncore.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Adobe PDF" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Norton Toolbar" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\20.3.0.36\coieplg.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnie.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "Messenger Companion (Ctrl+Shift+C)" "Windows Live Messenger Companion Core" "Microsoft Corporation" "c:\program files (x86)\windows live\companion\companioncore.dll"
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnie.dll"
+ "Spybot - Search & Destroy Configuration" "SBSD IE Protection" "Safer Networking Limited" "c:\program files (x86)\spybot - search & destroy\sdhelper.dll"
"Task Scheduler" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.6 r602" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Microsoft_Hardware_Launch_IPoint_exe" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe"
+ "\Norton Internet Security\Norton Error Analyzer" "Symantec Error Reporting" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\20.3.0.36\symerr.exe"
+ "\Norton Internet Security\Norton Error Processor" "Symantec Error Reporting" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\20.3.0.36\symerr.exe"
+ "\Norton WSC Integration" "WSCStub" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\20.3.0.36\wscstub.exe"
+ "\scvhost" "" "" "File not found: \\.\globalroot\Device\HarddiskVolume2\Windows\scvhost.exe"
+ "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "\thpm5466142515532903469" "" "" "File not found: \\.\globalroot\Device\HarddiskVolume2\Users\Doug\AppData\Local\Temp\thpm5466142515532903469.tmp"
+ "\thpm6175815688012314335" "" "" "File not found: \\.\globalroot\Device\HarddiskVolume2\Users\Doug\AppData\Local\Temp\thpm6175815688012314335.tmp"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore64.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AffinegyService" "Affinegy Mobility Management support" "Affinegy, Inc." "c:\program files (x86)\belkin\router setup and monitor\belkinservice.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "Microsoft SharePoint Workspace Audit Service" "Microsoft SharePoint Workspace" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\groove.exe"
+ "NIS" "Norton Internet Security" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\20.3.0.36\ccsvchst.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "PCCUJobMgr" "Job Manager service for common client services" "Symantec Corporation" "c:\program files (x86)\norton pc checkup\engine\2.0.3.198\ccsvchst.exe"
+ "SBSDWSCService" "Spybot-S&D Security Center integration" "Safer Networking Ltd." "c:\program files (x86)\spybot - search & destroy\sdwinsec.exe"
+ "sprtsvc_ddoctorv2" "SupportSoft Sprocket Service" "SupportSoft, Inc." "c:\program files (x86)\comcast\desktop doctor\bin\sprtsvc.exe"
+ "TMachInfo" "TOSHIBA Machine Information Service" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba service station\tmachinfo.exe"
+ "TODDSrv" "TDCSrv Application" "TOSHIBA Corporation" "c:\windows\system32\toddsrv.exe"
+ "TosCoSrv" "TOSHIBA Power Saver manages power saving settings supported by TOSHIBA. These settings will not work if the service has stopped." "TOSHIBA Corporation" "c:\program files\toshiba\power saver\toscosrv.exe"
+ "TOSHIBA eco Utility Service" "TOSHIBA eco Utility Service" "TOSHIBA Corporation" "c:\program files\toshiba\teco\tecoservice.exe"
+ "TOSHIBA HDD SSD Alert Service" "TOSHIBA HDD SSD Alert" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\tossmartsrv.exe"
+ "TPCHSrv" "TOSHIBA PC Health Monitor" "TOSHIBA Corporation" "c:\program files\toshiba\tphm\tpchsrv.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "AgereSoftModem" "SoftModem Device Driver" "LSI Corp" "c:\windows\system32\drivers\agrsm64.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atipmdag.sys"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Stor Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "AtiPcie" "AMD PCIE Filter Driver for ATI PCIE chipset" "Advanced Micro Devices Inc." "c:\windows\system32\drivers\atipcie.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BHDrvx64" "SONAR Engine Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.3.0.36\definitions\bashdefs\20130322.001\bhdrvx64.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "ccSet_NIS" "Common Client Settings Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1403000.024\ccsetx64.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "dg_ssudbus" "SAMSUNG USB Composite Device Driver (MSS Ver.3)" "DEVGURU Co., LTD.(www.devguru.co.kr)" "c:\windows\system32\drivers\ssudbus.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eectrl64.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "HTCAND64" "ADB Interface" "HTC, Corporation" "c:\windows\system32\drivers\androidusb.sys"
+ "HtcUsbMdmV64" "USB Modem/Serial Device Driver" "QUALCOMM Incorporated" "c:\windows\system32\drivers\htcusbmdmv64.sys"
+ "HtcVCom32" "USB Modem/Serial Device Driver" "QUALCOMM Incorporated" "c:\windows\system32\drivers\htcvcomv64.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "IDSVia64" "Symantec Intrusion Prevention Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.3.0.36\definitions\ipsdefs\20130327.001\idsvia64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "LPCFilter" "LPCFilter" "COMPAL ELECTRONIC INC." "c:\windows\system32\drivers\lpcfilter.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "NAVENG" "AV Engine" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.3.0.36\definitions\virusdefs\20130327.018\eng64.sys"
+ "NAVEX15" "AV Engine" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.3.0.36\definitions\virusdefs\20130327.018\ex64.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PGEffect" "TOSHIBA Universal Camera Filter Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\pgeffect.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSUSBSTOR" "Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsustor.sys"
+ "RTHDMIAzAudService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rthdmivx.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver                " "Realtek                                            " "c:\windows\system32\drivers\rt64win7.sys"
+ "rtl8192se" "Realtek RTL81892SE NDIS Driverr" "Realtek Semiconductor Corporation                           " "c:\windows\system32\drivers\rtl8192se.sys"
+ "SASDIFSV" "SASDIFSV64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv64.sys"
+ "SASKUTIL" "SASKUTIL64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil64.sys"
+ "SCDEmu" "PowerISO Virtual Drive" "PowerISO Computing, Inc." "c:\windows\system32\drivers\scdemu.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SRTSP" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1403000.024\srtsp64.sys"
+ "SRTSPX" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1403000.024\srtspx64.sys"
+ "ssudmdm" "SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)" "DEVGURU Co., LTD.(www.devguru.co.kr)" "c:\windows\system32\drivers\ssudmdm.sys"
+ "stexstor" "Promise  SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SymDS" "Symantec Data Store" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1403000.024\symds64.sys"
+ "SymEFA" "Symantec Extended File Attributes" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1403000.024\symefa64.sys"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent64x86.sys"
+ "SymIRON" "Iron Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1403000.024\ironx64.sys"
+ "SymNetS" "Network Security Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1403000.024\symnets.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "tdcmdpst" "TOSHIBA ODD Writing Driver for x64." "TOSHIBA Corporation." "c:\windows\system32\drivers\tdcmdpst.sys"
+ "TVALZ" "TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalz_o.sys"
+ "TVALZFL" "TOSHIBA TVALZ Filter Driver for x64" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalzfl.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codecp.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "VIDC.FFDS" "" "" "c:\windows\syswow64\ff_vfw.dll"
+ "vidc.XVID" "" "" "c:\windows\syswow64\xvidvfw.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files\playready\prdmowrapper.dll"
+ "SFVCaptureFilter" "SmartFaceVCapt" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcapt.dll"
+ "Xvid MPEG-4 Video Decoder" "" "" "c:\windows\system32\xvid.ax"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "AC3Filter" "ac3filter" "" "c:\program files (x86)\total video converter\ac3filter.cpl"
+ "ATI Ticker" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "FLV Source Filter" "FLV Source Filter" "SWiSHzone.com Pty Ltd" "c:\program files (x86)\total video converter\flv.ax"
+ "Image Effects" "TimeStam Dynamic Link Library" "" "c:\program files (x86)\toshiba\toshiba web camera application\pgtimefilter.dll"
+ "MMACE Deinterlace" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MPV Decoder Filter" "MPEG-1/2 Decoder Filter for DirectShow" "Gabest" "c:\program files (x86)\total video converter\mpeg2decfilter.ax"
+ "QTSrc" "CLQTSrc" "Cyberlink" "c:\program files (x86)\total video converter\quicktime.ax"
+ "RealAudio Decoder" "RealMedia Splitter" "Gabest" "c:\program files (x86)\total video converter\realmediasplitter.ax"
+ "RealMedia Source" "RealMedia Splitter" "Gabest" "c:\program files (x86)\total video converter\realmediasplitter.ax"
+ "RealMedia Splitter" "RealMedia Splitter" "Gabest" "c:\program files (x86)\total video converter\realmediasplitter.ax"
+ "RealVideo Decoder" "RealMedia Splitter" "Gabest" "c:\program files (x86)\total video converter\realmediasplitter.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "TOSHIBA Progress Monitor" "TOSHIBA Progress Monitor" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\tprogmon.ax"
+ "TOSHIBA WAV Converter" "TOSHIBA Wav Converter" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\twavconv.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Xvid MPEG-4 Video Decoder" "" "" "c:\windows\syswow64\xvid.ax"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "SmartFaceVCP" "SmartFaceVCP" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcp.dll"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Adobe PDF Port Monitor" "Adobe PDF Port  Monitor DLL" "Adobe Systems Inc" "c:\windows\system32\adobepdf.dll"
 



#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:46 AM

Posted 27 March 2013 - 10:44 PM

.


Edited by narenxp, 27 March 2013 - 10:49 PM.


#13 DougakaEasy

DougakaEasy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 27 March 2013 - 10:44 PM

I have in the past, not recently, turned off programs from the startup msconfig.

 

Also, if I haven't said it before, thanks for taking time out of your day to work on a problem that has absolutely nothing to do with or benefit you. You guys are awesome and deserve much, much more praise and gratitude than I can express. Thanks so very, very much for all of it!



#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:46 AM

Posted 27 March 2013 - 10:49 PM

This is happening due to forum upgrade.Launch Adware cleaner and click on DELETE
 
Remove temporary and junk files

Download Temp file cleaner from HERE.Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode
 

Create a new restore point

Follow this guide to turn off and turn on your restore points

Windows XP

Vista & windows 7

Windows 8

Turn off your system restore-It deletes old infected restore points.Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old versions of java and flash player from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/ & http://www.adobe.com/support/flashplayer/downloads.html

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentialsor Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

Best Practices for Safe Computing - Prevention of Malware Infection

Simple and easy ways to keep your computer safe and secure on the Internet


Safe surfing :)



#15 DougakaEasy

DougakaEasy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 27 March 2013 - 10:52 PM

Ok, most of the links you posted didn't load up as hyper links, but I'm sure I can find my way to them. However, I would like those suggestions of antivirus programs that didn't show. I'll install the latest java and flash right away.

 

Thanks again you guys! You deserve so much more praise and thanks than these simple words can say!

 

:bananas:  :guitar:  :thumbup2:  :thumbsup2:  B)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users