Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another victim of Privitise VPN here....


  • Please log in to reply
9 replies to this topic

#1 Bokkman

Bokkman

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 03 April 2013 - 03:48 AM

Hello,

 

A few hours ago I was looking for torrents, downloaded a file from The Pirate Bay and the file installed Privitise VPN and a handful of other nasties. After deciding that I didn't actually need PVPN, I removed it using the Windows 7 uninstaller tool (along with a bunch of other unrecognised items). I found my browser home page had been changed, so I changed it back.

Then I ran a basic Malwarebytes scan. It came up with 11 items quarantined, which I removed then restarted my machine.

When I opened my web browser, I noticed a 5 second lag - blank white screen (as if it was trying to load, and the address bar had something mentioning 'searchou.com.....' and that sent alarm bells ringing.

I currently have a full Microsoft Security Essentials scan running, however after a quick Google search found this is a popular topic over the last few days.

I did read with interest this post -> http://forums.malwarebytes.org/index.php?showtopic=124494 but I haven't undertaken any steps yet.

 

Your help would be much appreciated.

 



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:54 PM

Posted 03 April 2013 - 06:08 AM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run
  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg
  • Click Reboot computer
  • Please post the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply
  • Due to forum upgrade you may face issues posting the TDSSkiller log.Just last few lines of log is sufficient

===================================================

RKILL

  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another.) and save it to your desktop:
  • Link 1
  • Link 2
  • Link 3
  • Link 4

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

===================================================

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    esetsmartinstaller_enu.png

    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button

===================================================

Junkware Removal Tool by thisisu

  • Please download Junkware Removal Tool
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply.

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • RKILL log
  • ESET log
  • Junkware removal tool log


#3 Bokkman

Bokkman
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 04 April 2013 - 04:11 AM

TDSS and Rkill found nothing.

 

Ok, here we go.

 

 

TDSSKiller log (If you need more, let me know):

 

06:32:45.0880 3524 Scan finished

06:32:45.0895 3524 ============================================================

06:32:45.0911 3904 Detected object count: 0

06:32:45.0911 3904 Actual detected object count: 0

 

RKILL log:

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/04/2013 06:36:55 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\Business\Desktop\rkill\rkill-04-04-2013-06-36-58.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 04/04/2013 06:37:10 AM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)

 

ESET log:

 

C:\Program Files (x86)\FrostWire 5\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Program Files (x86)\MagniPic\sprotector.dll a variant of Win32/SProtector.A application cleaned by deleting (after the next restart) - quarantined
C:\Program Files (x86)\MagniPic\uninstall.exe Win32/SProtector.B application cleaned by deleting - quarantined
C:\Users\Business\AppData\Local\Google\Chrome\User Data\Default\Extensions\akcobjkeebpaiofbkaclbdkcnffmimih\1\515be88d778e83.75827838.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Users\Business\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpiadkanckgddfijmkbleoehbdhihahp\1\515be70dd621f3.83393336.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Users\Business\AppData\Local\Temp\jar_cache1003729926509368591.tmp Java/Exploit.CVE-2012-0507.Z trojan cleaned by deleting - quarantined
C:\Users\Business\AppData\Local\Temp\nsm71BA.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Business\AppData\Roaming\Mozilla\Firefox\Profiles\n936ajd4.default\extensions\staged\vuaeyyaa@q-yyeoya.org\content\bg.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Users\Business\AppData\Roaming\Mozilla\Firefox\Profiles\n936ajd4.default\extensions\ycckua@st-oiu.org\content\bg.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Users\Business\AppData\Roaming\uTorrent\uTorrent.exe a variant of Win32/Bunndle application cleaned by deleting - quarantined


Junkware removal tool log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.1 (04.03.2013:1)
OS: Windows 7 Home Premium x64
Ran by Business on Thu 04/04/2013 at 21:36:57.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs

 

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\freeze.com
Successfully deleted: [Registry Key] hkey_current_user\software\startsearch
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\sprotector
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\sp global
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\sprotector
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"

 

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.1049.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.1049.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\clsoft ltd"
Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\Program Files (x86)\magnipic"
Successfully deleted: [Empty Folder] C:\Users\Business\appdata\local\{99BF8130-3480-4647-874E-BF0F78090D48}

 

~~~ FireFox

Successfully deleted: [File] C:\Users\Business\AppData\Roaming\mozilla\firefox\profiles\n936ajd4.default\user.js
Successfully deleted: [File] C:\Users\Business\AppData\Roaming\mozilla\firefox\profiles\n936ajd4.default\searchplugins\privitize.xml
Successfully deleted: [Folder] C:\Users\Business\AppData\Roaming\mozilla\firefox\profiles\n936ajd4.default\extensions\staged
Successfully deleted the following from C:\Users\Business\AppData\Roaming\mozilla\firefox\profiles\n936ajd4.default\prefs.js

user_pref("aol_toolbar.default.homepage.check", false);
user_pref("aol_toolbar.default.search.check", false);
user_pref("browser.startup.homepage", "hxxp://searchou.com/?id=80d71d7d000000000000e0ca94babd9a");
user_pref("extensions.AMAZONNEW_NS_PH.searchconf", "{\n  \"google\" : {\n    \"urlexp\" : \"hxxp(s)?:\\\\/\\\\/www\\\\.google\\\\..*\\\\/.*[?#&]q=([^&]+)\",\n    \"rankometer\
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("extensions.privitize.admin", false);
user_pref("extensions.privitize.aflt", "orgnl");
user_pref("extensions.privitize.appId", "{301966DF-A84B-4255-AAB9-574B5CE237E4}");
user_pref("extensions.privitize.autoRvrt", "false");
user_pref("extensions.privitize.dfltLng", "");
user_pref("extensions.privitize.dfltSrch", true);
user_pref("extensions.privitize.dnsErr", true);
user_pref("extensions.privitize.excTlbr", true);
user_pref("extensions.privitize.ffxUnstlRst", false);
user_pref("extensions.privitize.hmpg", true);
user_pref("extensions.privitize.hmpgUrl", "hxxp://searchou.com/?id=80d71d7d000000000000e0ca94babd9a");
user_pref("extensions.privitize.hpOld0", "hxxp://amazon.smart-search.com/websearch/ref=bit_bds-y47_serp_ff_us_display?ie=UTF8&tagbase=bds-y47&tbrId=v1_bds-y47_95b4b96c512d45ea
user_pref("extensions.privitize.id", "80d71d7d000000000000e0ca94babd9a");
user_pref("extensions.privitize.instlDay", "15798");
user_pref("extensions.privitize.instlRef", "");
user_pref("extensions.privitize.kw_url", "hxxp://searchou.com/?q={searchTerms}&id=80d71d7d000000000000e0ca94babd9a");
user_pref("extensions.privitize.newTab", true);
user_pref("extensions.privitize.newTabUrl", "hxxp://searchou.com/?id=80d71d7d000000000000e0ca94babd9a");
user_pref("extensions.privitize.prdct", "privitize");
user_pref("extensions.privitize.prtnrId", "privitize");
user_pref("extensions.privitize.rvrt", "false");
user_pref("extensions.privitize.smplGrp", "none");
user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");
user_pref("extensions.privitize.tlbrId", "base");
user_pref("extensions.privitize.tlbrSrchUrl", "hxxp://searchou.com/?id=80d71d7d000000000000e0ca94babd9a&q=");
user_pref("extensions.privitize.vrsn", "1.8.16.22");
user_pref("extensions.privitize.vrsnTs", "1.8.16.2220:47:32");
user_pref("extensions.privitize.vrsni", "1.8.16.22");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/04/2013 at 21:58:58.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Just a note that ESET did take ages (4-5 hours) to complete, and I am not sure that it removed (should have?) anything it found. I think there was an option to delete the nasties, but I followed your instructions very carefully.



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:54 PM

Posted 04 April 2013 - 08:02 AM

Malwarebytes

Please download Malwarebytes Anti-Malware and save it to your desktop. If you already have it installed launch the program and update the database.

  • Make sure you are connected to the Internet and double-click on the it to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

===================================================

Farbar's MiniToolBox
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply

===================================================

Farbar's Service Scanner

Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===================================================

AdwCleaner by Xplode - Search for Adware
  • Please download AdwCleaner by Xplode onto your desktop.
  • Security softwares may flag it as malicious.This is a false positive and can be ignored.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • Click YES if you receive a warning for reboot
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================

Autoruns
 
  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply



  • Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Autoruns log


 



#5 Bokkman

Bokkman
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 05 April 2013 - 12:00 AM

Hi narenxp,

 

Here we go -

 

Malwarebytes log:

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.04.05.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Business :: BUSINESS-P [administrator]

5/04/2013 5:29:09 p.m.
mbam-log-2013-04-05 (17-29-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219824
Time elapsed: 7 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

MiniToolBox log:

 

MiniToolBox by Farbar  Version:05-03-2013
Ran by Business (administrator) on 05-04-2013 at 17:41:55
Running from "C:\Users\Business\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Wireless Network Connection" nexthop=192.168.0.1 metric=1 publish=Yes
add address name="Wireless Network Connection" address=192.168.0.150 mask=255.255.255.0


popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Business-P
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : E0-CA-94-BA-BD-9A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 00-26-6C-ED-DA-79
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : E0-CA-94-BA-BD-9A
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a96e:f5e8:90d9:c04%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.150(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 249612948
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-E5-7E-90-E0-CA-94-BA-BD-9A
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{D30F6E56-7631-48BE-9CBD-CFB7B895B4B1}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:3073:36c2:8339:30c8(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3073:36c2:8339:30c8%13(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.0.1

Name:    google.com
Addresses:  2404:6800:4006:801::1000
   74.125.237.97
   74.125.237.98
   74.125.237.99
   74.125.237.100
   74.125.237.101
   74.125.237.102
   74.125.237.103
   74.125.237.104
   74.125.237.105
   74.125.237.110
   74.125.237.96


Pinging google.com [74.125.237.41] with 32 bytes of data:
Reply from 74.125.237.41: bytes=32 time=50ms TTL=52
Reply from 74.125.237.41: bytes=32 time=50ms TTL=52

Ping statistics for 74.125.237.41:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 50ms, Maximum = 50ms, Average = 50ms
Server:  UnKnown
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  98.138.253.109
   98.139.183.24
   206.190.36.45


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=202ms TTL=48
Reply from 206.190.36.45: bytes=32 time=215ms TTL=48

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 202ms, Maximum = 215ms, Average = 208ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...e0 ca 94 ba bd 9a ......Microsoft Virtual WiFi Miniport Adapter
 12...00 26 6c ed da 79 ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
 11...e0 ca 94 ba bd 9a ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
  1...........................Software Loopback Interface 1
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.150     26
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.150    281
    192.168.0.150  255.255.255.255         On-link     192.168.0.150    281
    192.168.0.255  255.255.255.255         On-link     192.168.0.150    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.150    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.150    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1       1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:9d38:6ab8:3073:36c2:8339:30c8/128
                                    On-link
 11    281 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::3073:36c2:8339:30c8/128
                                    On-link
 11    281 fe80::a96e:f5e8:90d9:c04/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/05/2013 05:21:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/05/2013 01:03:31 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/04/2013 10:17:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/05/2013 07:21:06 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/04/2013 10:15:25 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (04/05/2013 05:21:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/05/2013 01:03:31 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (04/04/2013 10:17:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-01-18 21:27:03.289
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-18 20:34:14.923
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-18 19:53:16.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-18 19:52:37.749
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-18 19:50:03.638
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-18 19:49:41.533
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-18 19:48:39.031
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-18 19:48:29.978
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-18 19:45:46.270
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-18 19:23:35.795
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

µTorrent (Version: 3.3.0.29420)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Reader X (10.1.6) (Version: 10.1.6)
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.923.1)
AMD Catalyst Install Manager (Version: 8.0.873.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.0405.2205.37728)
AMD Media Foundation Decoders (Version: 1.0.70405.2224)
AMD Steady Video Plug-In  (Version: 2.06.0000)
AMD VISION Engine Control Center (Version: 2012.0405.2205.37728)
Angry Birds Seasons (Version: 3.1.1)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ARMA 2 Army of The Czech Republic - Data cache removal
Arma 2: British Armed Forces
ARMA 2: British Armed Forces - Data cache removal
Arma 2: DayZ Mod
Arma 2: Operation Arrowhead Beta
Arma 2: Private Military Company
ARMA 2: Private Military Company - Data cache removal
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.36)
BattlEye for OA Uninstall
BattlEye Uninstall
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.0405.2205.37728)
Catalyst Control Center InstallProxy (Version: 2012.0405.2205.37728)
Catalyst Control Center Localization All (Version: 2012.0405.2205.37728)
CCC Help English (Version: 2012.0405.2204.37728)
ccc-utility64 (Version: 2012.0405.2205.37728)
Conexant HD Audio (Version: 8.54.1.0)
Curse Client (Version: 5.1.1.584)
D3DX10 (Version: 15.4.2368.0902)
DayZ Commander (Version: 0.92.69)
ESET Online Scanner v3
ETDWare PS/2-X64 8.0.8.0_R01 (Version: 8.0.8.0)
Fallout: New Vegas
Final Media Player 2012
FrostWire 5.5.5 (Version: 5.5.5.0)
Google Chrome (Version: 26.0.1410.43)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
iRip (Version: 1.1.0)
iTunes (Version: 11.0.2.26)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 15.4.3502.0922)
Logitech Gaming Software 8.35 (Version: 8.35.18)
MagniPic (Version: 1.0)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Primary Interoperability Assemblies 2005 (Version: 9.0.21022)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
PC Connectivity Solution (Version: 8.15.0.0)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Portforward Static IP Address 1.0.47 (Version: 1.0.47)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30124)
Realtek WLAN Driver (Version: 2.00.0016)
Samsung Mobile phone USB driver Drive Software
Samsung New PC Studio (Version: 1.00.0000)
Samsung New PC Studio USB Driver Installer (Version: 1.00.0000)
Samsung PC Studio 3 USB Driver Installer (Version: 3.2.0.70701)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.15.0)
Sid Meier's Civilization V
Skype Click to Call (Version: 6.6.11664)
Skype™ 6.1 (Version: 6.1.129)
Star Wars: The Old Republic (Version: 1.00)
Steam (Version: 1.0.0.0)
StuffIt Expander 2011 (Version: 15.0.1.17)
System Requirements Lab CYRI (Version: 5.0.6.0)
TOSHIBA ConfigFree (Version: 8.0.35)
TOSHIBA Disc Creator (Version: 2.1.0.4 for x64)
TOSHIBA Face Recognition (Version: 3.1.3.64)
TOSHIBA Hardware Setup (Version: 2.00.14)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
TOSHIBA Media Controller (Version: 1.0.80.8.64)
TOSHIBA Recovery Media Creator (Version: 2.1.0.5 for x64)
TOSHIBA ReelTime (Version: 1.7.16.64)
TOSHIBA Service Station (Version: 2.1.45)
TOSHIBA Speech System Applications (Version: 1.00.2518)
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password (Version: 2.00.07)
TOSHIBA Value Added Package (Version: 1.3.22.64)
TOSHIBA Web Camera Application (Version: 2.0.1.1)
TOSHIBA Wireless LAN Indicator (Version: 1.0.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VLC media player 2.0.5 (Version: 2.0.5)
Windows Driver Package - Nokia pccsmcfd  (10/12/2007 6.85.4.0) (Version: 10/12/2007 6.85.4.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
World of Tanks
World of Warcraft (Version: 5.2.0.16769)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 35%
Total physical RAM: 3686.87 MB
Available physical RAM: 2382.6 MB
Total Pagefile: 7371.92 MB
Available Pagefile: 5927.82 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.29 MB

========================= Partitions: =====================================

1 Drive c: (S3A8666D006) (Fixed) (Total:286.04 GB) (Free:109.23 GB) NTFS

========================= Users: ========================================

User accounts for \\BUSINESS-P

Administrator            Business                 Guest                   


**** End of log ****

 

Farbar's Service Scanner log:

 

Farbar Service Scanner Version: 03-03-2013
Ran by Business (administrator) on 05-04-2013 at 17:44:00
Running from "C:\Users\Business\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

AdwCleaner log:

 

# AdwCleaner v2.200 - Logfile created 04/05/2013 at 17:46:06
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Business - BUSINESS-P
# Boot Mode : Normal
# Running from : C:\Users\Business\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Alexa Internet
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Found : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Found : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Found : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

File : C:\Users\Business\AppData\Roaming\Mozilla\Firefox\Profiles\n936ajd4.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Business\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2707 octets] - [05/04/2013 17:46:06]

########## EOF - C:\AdwCleaner[R1].txt - [2767 octets] ##########

 

Autoruns log:

 

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" "" "14/07/2009 5:49 p.m."
+ "rdpclip" "" "" "File not found: rdpclip" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "13/03/2013 7:01 a.m."
+ "00TCrdMain" "TOSHIBA Flash Cards" "TOSHIBA Corporation" "c:\program files\toshiba\flashcards\tcrdmain.exe" "8/05/2010 7:44 p.m."
+ "ETDCtrl" "ETD Control Center" "ELAN Microelectronics Corp." "c:\program files\elantech\etdctrl.exe" "11/11/2010 5:28 a.m."
+ "IntelliPoint" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe" "29/07/2011 2:24 p.m."
+ "Launch LCore" "Logitech Gaming Framework" "Logitech Inc." "c:\program files\logitech gaming software\lcore.exe" "24/07/2012 1:26 p.m."
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe" "25/01/2013 8:57 p.m."
+ "SmartAudio" "SmartAudio CPL (32bit)" "Conexant Systems, Inc." "c:\program files\conexant\saii\sacpl.exe" "14/06/2012 8:58 a.m."
+ "SmartFaceVWatcher" "SmartFaceVWatcher" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevwatcher.exe" "19/10/2009 10:24 p.m."
+ "SmoothView" "SmoothView" "TOSHIBA Corporation" "c:\program files\toshiba\smoothview\smoothview.exe" "28/07/2009 6:37 p.m."
+ "TosReelTimeMonitor" "Monitor of TOSHIBA ReelTime" "TOSHIBA Corporation" "c:\program files\toshiba\reeltime\tosreeltimemonitor.exe" "9/07/2010 11:29 p.m."
+ "TosSENotify" "" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\toswaitsrv.exe" "5/02/2010 9:43 p.m."
+ "TosVolRegulator" " Toshiba Volume Regulator" "TOSHIBA Corporation" "c:\program files\toshiba\tosvolregulator\tosvolregulator.exe" "11/11/2009 6:35 p.m."
+ "TPwrMain" "TOSHIBA Power Saver" "TOSHIBA Corporation" "c:\program files\toshiba\power saver\tpwrmain.exe" "28/09/2010 4:32 p.m."
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" "" "5/04/2013 5:48 p.m."
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe" "3/12/2012 8:34 p.m."
+ "AMD AVT" "" "" "File not found: AMD Accelerated Video Transcoding device initialization" ""
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe" "16/11/2012 3:18 p.m."
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe" "21/02/2013 9:10 a.m."
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" "6/04/2012 2:54 p.m."
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "3/03/2011 3:52 p.m."
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "14/07/2009 12:58 p.m."
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" "3/03/2011 3:52 p.m."
+ "Google Chrome" "Google Chrome" "Google Inc." "c:\program files (x86)\google\chrome\application\26.0.1410.43\installer\chrmstp.exe" "22/03/2013 9:35 a.m."
+ "Internet Explorer" "" "" "File not found: C:\windows\system32\ie4uinit.exe" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe" "14/07/2009 12:42 p.m."
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" "" "3/04/2013 9:57 p.m."
+ "(Default)" "" "" "File not found: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" ""
+ "KiesAirMessage" "" "" "File not found: C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup" ""
+ "KiesPreload" "" "" "File not found: C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" ""
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe" "13/05/2008 7:14 a.m."
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" "" "14/07/2009 5:53 p.m."
+ "video/mp4" "MIME Video Detector for IE" "Advanced Micro Devices" "c:\program files\amd\steadyvideo\videomimefilter.dll" "21/05/2011 4:40 a.m."
+ "video/x-flv" "MIME Video Detector for IE" "Advanced Micro Devices" "c:\program files\amd\steadyvideo\videomimefilter.dll" "21/05/2011 4:40 a.m."
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" "" "14/07/2009 5:53 p.m."
+ "skype-ie-addon-data" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll" "31/01/2013 11:31 p.m."
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "14/07/2009 5:53 p.m."
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll" "25/01/2013 8:57 p.m."
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "14/07/2009 5:53 p.m."
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll" "15/12/2012 9:52 a.m."
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "14/07/2009 5:53 p.m."
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll" "25/01/2013 8:57 p.m."
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "14/07/2009 5:53 p.m."
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll" "6/04/2012 2:56 p.m."
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll" "14/07/2009 2:32 p.m."
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "14/07/2009 5:53 p.m."
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll" "14/07/2009 2:09 p.m."
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "3/03/2011 4:24 p.m."
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "" "File not found: C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll" ""
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "3/03/2011 4:24 p.m."
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll" "19/12/2012 2:02 a.m."
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "Apache Software Foundation" "c:\program files (x86)\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll" "11/08/2012 3:51 a.m."
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "3/03/2011 4:24 p.m."
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll" "15/12/2012 9:52 a.m."
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "5/04/2013 5:49 p.m."
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll" "8/12/2012 12:02 p.m."
+ "Skype add-on for Internet Explorer" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll" "31/01/2013 11:31 p.m."
+ "SteadyVideoBHO Class" "This plugin allows the user to turn AMD SteadyVideo on or off when video is detected on the web." "Advanced Micro Devices" "c:\program files\amd\steadyvideo\steadyvideo.dll" "14/02/2012 7:32 a.m."
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll" "22/09/2010 10:47 a.m."
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "5/04/2013 5:52 p.m."
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll" "19/12/2012 1:32 a.m."
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll" "8/12/2012 12:15 p.m."
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\oracle\javafx 2.1 runtime\bin\jp2ssv.dll" "6/07/2012 10:21 a.m."
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\oracle\javafx 2.1 runtime\bin\ssv.dll" "6/07/2012 10:22 a.m."
+ "Skype Browser Helper" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll" "31/01/2013 11:38 p.m."
+ "SteadyVideoBHO Class" "This plugin allows the user to turn AMD SteadyVideo on or off when video is detected on the web." "Advanced Micro Devices" "c:\program files (x86)\amd\steadyvideo\steadyvideo.dll" "14/02/2012 7:32 a.m."
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll" "22/09/2010 10:01 a.m."
+ "Windows Live Messenger Companion Helper" "Windows Live Messenger Companion Core" "Microsoft Corporation" "c:\program files (x86)\windows live\companion\companioncore.dll" "23/09/2010 8:12 p.m."
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" "" "13/03/2013 7:01 a.m."
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll" "8/12/2012 12:02 p.m."
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" "" "13/03/2013 7:01 a.m."
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll" "8/12/2012 12:15 p.m."
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "13/03/2013 7:01 a.m."
+ "Skype Click to Call" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll" "31/01/2013 11:31 p.m."
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" "" "13/03/2013 7:01 a.m."
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll" "23/09/2010 8:12 p.m."
+ "Messenger Companion (Ctrl+Shift+C)" "Windows Live Messenger Companion Core" "Microsoft Corporation" "c:\program files (x86)\windows live\companion\companioncore.dll" "23/09/2010 8:12 p.m."
+ "Skype Click to Call" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll" "31/01/2013 11:38 p.m."
"Task Scheduler" "" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.6 r602" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe" "1/03/2013 3:40 p.m."
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe" "2/06/2011 1:46 p.m."
+ "\ConfigFree Startup Programs" "ConfigFree Task Tray Menu" "TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\configfree\ndstray.exe" "3/06/2010 8:03 p.m."
+ "\Final Media Player Update Checker" "Bitberry Software Update Checker" "Bitberry Software" "c:\program files (x86)\finalmediaplayer\fmpcheckforupdates.exe" "12/03/2011 2:24 a.m."
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "9/03/2010 7:10 p.m."
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "9/03/2010 7:10 p.m."
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe" "25/01/2013 8:56 p.m."
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll" "23/09/2010 8:12 p.m."
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "11/06/2009 9:36 a.m."
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "14/07/2009 1:24 p.m."
+ "\Microsoft_Hardware_Launch_IPoint_exe" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe" "29/07/2011 2:24 p.m."
"HKLM\System\CurrentControlSet\Services" "" "" "" "15/02/2013 8:13 p.m."
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe" "3/12/2012 8:34 p.m."
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe" "1/03/2013 3:40 p.m."
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe" "8/06/2011 2:54 p.m."
+ "AMD FUEL Service" "Provides FUEL Functionality" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe" "6/04/2012 2:57 p.m."
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe" "18/05/2012 4:06 p.m."
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe" "31/08/2011 6:52 p.m."
+ "cfWiMAXService" "This is WiMAX Control Service of ConfigFree. Please do not stop this servce when you are using ConfigFree with Intel WiMAX device." "TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\configfree\cfiwmxsvcs64.exe" "28/01/2010 8:42 p.m."
+ "ConfigFree Service" "You can't stop this service, if you want to keep ConfigFree functionality fine." "TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\configfree\cfsvcs.exe" "6/03/2009 9:32 p.m."
+ "fsssvc" "This service enables Family Safety on the computer. If this service is not running, Family Safety will not work." "Microsoft Corporation" "c:\program files (x86)\windows live\family safety\fsssvc.exe" "23/09/2010 8:16 p.m."
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "9/03/2010 7:10 p.m."
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "9/03/2010 7:10 p.m."
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe" "3/03/2012 10:13 a.m."
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe" "21/02/2013 9:10 a.m."
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe" "14/07/2012 11:40 a.m."
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe" "25/01/2013 8:55 p.m."
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe" "25/01/2013 8:56 p.m."
+ "ServiceLayer" "ServiceLayer Module" "Nokia." "c:\program files (x86)\pc connectivity solution\servicelayer.exe" "7/04/2008 7:17 p.m."
+ "Skype C2C Service" "Skype Click to Call Update Service" "Skype Technologies S.A." "c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe" "31/01/2013 11:38 p.m."
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe" "9/01/2013 1:55 a.m."
+ "Steam Client Service" "Steam Client Service monitors and updates Steam content" "Valve Corporation" "c:\program files (x86)\common files\steam\steamservice.exe" "19/05/2012 9:39 a.m."
+ "TMachInfo" "TOSHIBA Machine Information Service" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba service station\tmachinfo.exe" "2/07/2010 6:51 a.m."
+ "TODDSrv" "TDCSrv Application" "TOSHIBA Corporation" "c:\windows\system32\toddsrv.exe" "20/10/2010 6:10 p.m."
+ "TosCoSrv" "TOSHIBA Power Saver manages power saving settings supported by TOSHIBA. These settings will not work if the service has stopped." "TOSHIBA Corporation" "c:\program files\toshiba\power saver\toscosrv.exe" "28/09/2010 4:32 p.m."
+ "TOSHIBA HDD SSD Alert Service" "TOSHIBA HDD SSD Alert" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\tossmartsrv.exe" "5/02/2010 9:43 p.m."
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll" "14/07/2009 2:29 p.m."
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe" "22/09/2010 10:46 a.m."
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe" "21/11/2010 12:18 a.m."
"HKLM\System\CurrentControlSet\Services" "" "" "" "15/02/2013 8:13 p.m."
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys" "6/12/2008 12:54 p.m."
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys" "2/05/2007 6:30 a.m."
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys" "28/02/2007 1:04 p.m."
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys" "14/07/2009 12:19 p.m."
+ "amd_sata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amd_sata.sys" "5/11/2010 12:52 p.m."
+ "amd_xata" "Stor Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amd_xata.sys" "5/11/2010 12:52 p.m."
+ "amdiox64" "AMD IO Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdiox64.sys" "19/02/2010 4:17 a.m."
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys" "8/06/2011 2:49 p.m."
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys" "8/06/2011 2:16 p.m."
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys" "19/03/2010 1:45 p.m."
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys" "21/03/2009 7:36 a.m."
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys" "20/03/2010 5:18 a.m."
+ "androidusb" "ADB Interface" "Google Inc" "c:\windows\system32\drivers\ssadadb.sys" "15/01/2009 10:27 a.m."
+ "AODDriver4.1" "AMD OverDrive Service Driver" "Advanced Micro Devices" "c:\program files\ati technologies\ati.ace\fuel\amd64\aoddriver2.sys" "6/03/2012 10:55 p.m."
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys" "25/05/2007 10:27 a.m."
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys" "15/01/2009 8:27 a.m."
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys" "14/02/2009 11:18 a.m."
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys" "27/04/2009 12:14 a.m."
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys" "7/08/2006 2:51 p.m."
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys" "7/08/2006 2:51 p.m."
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys" "7/08/2006 2:51 p.m."
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys" "7/08/2006 2:51 p.m."
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys" "7/08/2006 2:51 p.m."
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys" "10/08/2006 1:11 a.m."
+ "BVRPMPR5a64" "BVRP NDIS 5.0 MPR Protocol Driver" "Avanquest Software" "c:\windows\system32\drivers\bvrpmpr5a64.sys" "22/02/2007 6:56 a.m."
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys" "14/07/2009 12:19 p.m."
+ "CnxtHdAudService" "64-bit High Definition Audio Function Driver" "Conexant Systems Inc." "c:\windows\system32\drivers\chdrt64.sys" "14/02/2011 5:42 p.m."
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys" "1/01/2009 5:29 a.m."
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys" "4/02/2009 11:52 a.m."
+ "ETD" "ETD Kernel Center" "ELAN Microelectronics Corp." "c:\windows\system32\drivers\etd.sys" "11/11/2010 5:10 p.m."
+ "FwLnk" "TOSHIBA Firmware Linkage 64-bit Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\fwlnk.sys" "7/07/2009 1:51 p.m."
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys" "4/05/2012 8:56 a.m."
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys" "11/05/2009 9:26 p.m."
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys" "21/04/2010 7:32 a.m."
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys" "11/06/2010 1:46 p.m."
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys" "14/12/2005 10:47 a.m."
+ "L1C" "Atheros L1c PCI-E Gigabit Ethernet Controller" "Atheros Communications, Inc." "c:\windows\system32\drivers\l1c62x64.sys" "20/04/2011 10:24 p.m."
+ "LGBusEnum" "Logitech WingMan Virtual Bus Enumerator Driver" "Logitech Inc." "c:\windows\system32\drivers\lgbusenum.sys" "24/11/2009 2:36 p.m."
+ "LGSHidFilt" "Logitech Gaming HID Filter Driver." "Logitech Inc." "c:\windows\system32\drivers\lgshidfilt.sys" "8/02/2012 2:12 a.m."
+ "LGVirHid" "Logitech GamePanel Virtual Hid Device Driver" "Logitech Inc." "c:\windows\system32\drivers\lgvirhid.sys" "24/11/2009 2:36 p.m."
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys" "10/12/2008 11:46 a.m."
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys" "19/05/2009 1:20 p.m."
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys" "19/05/2009 1:31 p.m."
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys" "17/04/2009 11:13 a.m."
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys" "19/05/2009 2:09 p.m."
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys" "19/05/2009 2:25 p.m."
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys" "7/06/2006 10:11 a.m."
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys" "20/03/2010 9:59 a.m."
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys" "20/03/2010 9:45 a.m."
+ "pccsmcfd" "PCCS Mode Change Filter Driver" "Nokia" "c:\windows\system32\drivers\pccsmcfdx64.sys" "18/09/2007 1:53 a.m."
+ "PGEffect" "TOSHIBA Universal Camera Filter Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\pgeffect.sys" "17/01/2011 3:09 p.m."
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys" "23/01/2009 12:05 p.m."
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys" "19/05/2009 2:18 p.m."
+ "RSUSBSTOR" "Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsustor.sys" "22/09/2010 2:47 p.m."
+ "RTL8192Ce" "Realtek RTL81892CE NDIS Driverr" "Realtek Semiconductor Corporation                           " "c:\windows\system32\drivers\rtl8192ce.sys" "5/01/2011 5:50 a.m."
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys" "14/09/2006 2:18 a.m."
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys" "25/09/2008 7:28 a.m."
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys" "2/10/2008 10:56 a.m."
+ "ssadbus" "SAMSUNG Android USB Composite Device Driver" "MCCI Corporation" "c:\windows\system32\drivers\ssadbus.sys" "13/05/2011 2:06 a.m."
+ "ssadmdfl" "SAMSUNG Android USB Modem (Filter)" "MCCI Corporation" "c:\windows\system32\drivers\ssadmdfl.sys" "13/05/2011 2:08 a.m."
+ "ssadmdm" "SAMSUNG Android USB Modem Drivers" "MCCI Corporation" "c:\windows\system32\drivers\ssadmdm.sys" "13/05/2011 2:08 a.m."
+ "ssadserd" "SAMSUNG Android USB Diagnostic Serial Port (WDM)" "MCCI Corporation" "c:\windows\system32\drivers\ssadserd.sys" "13/05/2011 2:09 a.m."
+ "sscdbus" "SAMSUNG USB Composite Device Driver" "MCCI Corporation" "c:\windows\system32\drivers\sscdbus.sys" "11/11/2010 10:37 a.m."
+ "sscdmdfl" "SAMSUNG Mobile Modem Filter" "MCCI Corporation" "c:\windows\system32\drivers\sscdmdfl.sys" "11/11/2010 10:41 a.m."
+ "sscdmdm" "SAMSUNG Mobile Modem Drivers" "MCCI Corporation" "c:\windows\system32\drivers\sscdmdm.sys" "11/11/2010 10:41 a.m."
+ "stexstor" "Promise  SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys" "18/02/2009 12:03 p.m."
+ "tdcmdpst" "TOSHIBA ODD Writing Driver for x64." "TOSHIBA Corporation." "c:\windows\system32\drivers\tdcmdpst.sys" "30/07/2009 9:39 p.m."
+ "TFsExDisk" "TFsExDisk" "" "File not found: C:\windows\System32\Drivers\TFsExDisk.sys" ""
+ "TVALZ" "TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalz_o.sys" "14/07/2009 3:19 p.m."
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys" "28/11/2012 12:38 p.m."
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys" "14/07/2009 12:19 p.m."
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys" "31/01/2009 2:18 p.m."
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "15/02/2013 10:05 p.m."
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "14/07/2009 2:28 p.m."
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "5/04/2013 5:48 p.m."
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm" "14/07/2009 2:06 p.m."
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll" "21/11/2010 12:59 a.m."
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "14/07/2009 5:53 p.m."
+ "AMD MJPEG Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll" "6/04/2012 2:55 p.m."
+ "ATI MPEG Audio Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll" "6/04/2012 2:55 p.m."
+ "ATI MPEG File Writer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll" "6/04/2012 2:55 p.m."
+ "ATI MPEG Multiplexer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll" "6/04/2012 2:55 p.m."
+ "ATI MPEG Video Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll" "6/04/2012 2:55 p.m."
+ "ATI MPEG Video Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll" "6/04/2012 2:55 p.m."
+ "ATI Video Rotation Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll" "6/04/2012 2:55 p.m."
+ "ATI Video Scaler Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll" "6/04/2012 2:55 p.m."
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files\playready\prsource.dll" "23/04/2009 10:11 p.m."
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files\playready\prdmowrapper.dll" "23/04/2009 10:11 p.m."
+ "SFVCaptureFilter" "SmartFaceVCapt" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcapt.dll" "19/10/2009 10:24 p.m."
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "14/07/2009 5:53 p.m."
+ "AMD MJPEG Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll" "6/04/2012 2:50 p.m."
+ "ATI MPEG Audio Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll" "6/04/2012 2:50 p.m."
+ "ATI MPEG File Writer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll" "6/04/2012 2:50 p.m."
+ "ATI MPEG Multiplexer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll" "6/04/2012 2:50 p.m."
+ "ATI MPEG Video Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll" "6/04/2012 2:50 p.m."
+ "ATI MPEG Video Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll" "6/04/2012 2:50 p.m."
+ "ATI Ticker" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax" "6/04/2012 2:54 p.m."
+ "ATI Video Rotation Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll" "6/04/2012 2:50 p.m."
+ "ATI Video Scaler Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll" "6/04/2012 2:50 p.m."
+ "Avi Source" "" "" "File not found: C:\Program Files (x86)\iriver\iriver plus 3\plugins\AviSF.dll" ""
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "23/09/2010 8:28 p.m."
+ "FunUnify Async Filter" "TODO: <파일 설명>" "TODO: <회사 이름>" "c:\program files (x86)\samsung\samsung new pc studio\funcodecfilter.ax" "10/04/2009 2:59 p.m."
+ "FunUnify Audio Trnas Filter" "TODO: <파일 설명>" "TODO: <회사 이름>" "c:\program files (x86)\samsung\samsung new pc studio\funcodecfilter.ax" "10/04/2009 2:59 p.m."
+ "FunUnify Codec Filter" "TODO: <파일 설명>" "TODO: <회사 이름>" "c:\program files (x86)\samsung\samsung new pc studio\funcodecfilter.ax" "10/04/2009 2:59 p.m."
+ "FunUnify Encoder Filter" "TODO: <파일 설명>" "TODO: <회사 이름>" "c:\program files (x86)\samsung\samsung new pc studio\funcodecfilter.ax" "10/04/2009 2:59 p.m."
+ "FunUnify Video Trans Filter" "TODO: <파일 설명>" "TODO: <회사 이름>" "c:\program files (x86)\samsung\samsung new pc studio\funcodecfilter.ax" "10/04/2009 2:59 p.m."
+ "Image Effects" "TimeStam Dynamic Link Library" "TOSHIBA CORPORATION." "c:\program files (x86)\toshiba\toshiba web camera application\pgtimefilter.dll" "8/02/2011 11:56 p.m."
+ "KTF MUSIC AoD Sourcer" "KTF MUSIC AoD Sourcer" "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsasrc.dll" "8/07/2008 6:29 p.m."
+ "KTF MUSIC AoD WMT Splitter" "KTF MUSIC AoD WMT Splitter" "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsawms.dll" "8/07/2008 6:23 p.m."
+ "KTF MUSIC Audio Decoder" "KTF MUSIC Audio Decoder" "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsadec.dll" "8/07/2008 6:20 p.m."
+ "KTF MUSIC Audio Effector" "KTF MUSIC Audio Effector" "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsaef.dll" "8/07/2008 6:22 p.m."
+ "KTF MUSIC MPEG Splitter" "KTF MUSIC MPEG Splitter" "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsmpgs.dll" "8/07/2008 6:24 p.m."
+ "KTF MUSIC VoD Audio Effector" "KTF MUSIC VoD Audio Effector" "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsvae.dll" "8/07/2008 9:23 p.m."
+ "KTF MUSIC VoD Sourcer" "KTF MUSIC VoD Sourcer" "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsvsrc.dll" "8/07/2008 10:15 p.m."
+ "KTF MUSIC VoD Video Effector" "KTF MUSIC VoD Video Effector" "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsvve.dll" "8/07/2008 9:19 p.m."
+ "KTF MUSIC VoD WMT Splitter" "KTF MUSIC VoD WMT Splitter " "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsvwms.dll" "8/07/2008 9:26 p.m."
+ "MMACE Deinterlace" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll" "6/04/2012 2:55 p.m."
+ "MMACE ProcAmp" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll" "6/04/2012 2:55 p.m."
+ "MMACE SoftEmu" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll" "6/04/2012 2:55 p.m."
+ "Moto Image Decoder Filter" "image filter" "mobileleader" "c:\program files (x86)\samsung\samsung new pc studio\npsimgfilter.ax" "28/11/2008 6:39 p.m."
+ "Ogg Multiplexer" "" "" "File not found: C:\Program Files (x86)\iriver\iriver plus 3\plugins\OggDS.dll" ""
+ "Ogg Splitter" "" "" "File not found: C:\Program Files (x86)\iriver\iriver plus 3\plugins\OggDS.dll" ""
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "23/09/2010 8:28 p.m."
+ "SubPicture Filter" "subpicture filter" "mobileleader" "c:\program files (x86)\samsung\samsung new pc studio\npssubpicture.dll" "12/03/2009 2:06 p.m."
+ "TOSHIBA Progress Monitor" "TOSHIBA Progress Monitor" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\tprogmon.ax" "9/02/2006 9:34 p.m."
+ "TOSHIBA WAV Converter" "TOSHIBA Wav Converter" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\twavconv.ax" "16/03/2005 4:46 a.m."
+ "Vorbis Decoder" "" "" "File not found: C:\Program Files (x86)\iriver\iriver plus 3\plugins\OggDS.dll" ""
+ "Vorbis Encoder" "" "" "File not found: C:\Program Files (x86)\iriver\iriver plus 3\plugins\OggDS.dll" ""
+ "Windows Media Video Decoder" "Windows Media Video Decoder" "Microsoft Corporation" "c:\program files (x86)\samsung\samsung new pc studio\wmvds32.ax" "29/04/2000 6:01 a.m."
+ "Windows Media Video Decoder" "Windows Media Video Decoder V8" "Microsoft Corporation" "c:\program files (x86)\samsung\samsung new pc studio\wmv8ds32.ax" "2/03/2001 5:27 a.m."
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "23/09/2010 8:28 p.m."
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "23/09/2010 8:28 p.m."
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "23/09/2010 8:28 p.m."
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "23/09/2010 8:28 p.m."
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "23/09/2010 8:28 p.m."
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "23/09/2010 8:28 p.m."
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" "" "14/07/2009 5:53 p.m."
+ "SmartFaceVCP" "SmartFaceVCP" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcp.dll" "19/10/2009 10:25 p.m."
+ "tosWirelessLANIndicatorCP" "Credential Provider Dll for TOSHIBA Wireless LAN Indicator" "TOSHIBA CORPORATION" "c:\windows\system32\toswirelesslanindicatorcp.dll" "17/02/2011 8:40 p.m."
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll" "22/09/2010 10:47 a.m."
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" "" "15/03/2012 7:20 p.m."
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll" "31/08/2011 6:44 p.m."
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll" "22/09/2010 10:00 a.m."
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll" "22/09/2010 10:00 a.m."
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" "" "15/03/2012 7:20 p.m."
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll" "31/08/2011 6:53 p.m."
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll" "22/09/2010 10:45 a.m."
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll" "22/09/2010 10:45 a.m."
 



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:54 PM

Posted 05 April 2013 - 01:05 AM

You didnot remove the entries detected by Adware cleaner.

 

Restart the PC and let me know if you have any issues



#7 Bokkman

Bokkman
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 05 April 2013 - 01:46 AM

Sorry about that.

Some of your instructions have to be read multiple times as some functions you mention are not the same on some of the tools you want me to run.

 

Here is the log after adwcleaner is 'run' (search button?)

 

# AdwCleaner v2.200 - Logfile created 04/05/2013 at 19:39:55
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Business - BUSINESS-P
# Boot Mode : Normal
# Running from : C:\Users\Business\Desktop\Logs\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

File : C:\Users\Business\AppData\Roaming\Mozilla\Firefox\Profiles\n936ajd4.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Business\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [1017 octets] - [05/04/2013 19:32:13]
AdwCleaner[R3].txt - [890 octets] - [05/04/2013 19:39:55]
AdwCleaner[S1].txt - [2840 octets] - [05/04/2013 17:47:15]
AdwCleaner[S2].txt - [1078 octets] - [05/04/2013 19:32:46]

########## EOF - C:\AdwCleaner[R3].txt - [1069 octets] ##########

 

Here is the log after 'delete' button is pressed:

 

# AdwCleaner v2.200 - Logfile created 04/05/2013 at 19:41:00
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Business - BUSINESS-P
# Boot Mode : Normal
# Running from : C:\Users\Business\Desktop\Logs\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

File : C:\Users\Business\AppData\Roaming\Mozilla\Firefox\Profiles\n936ajd4.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Business\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [1017 octets] - [05/04/2013 19:32:13]
AdwCleaner[R3].txt - [1138 octets] - [05/04/2013 19:39:55]
AdwCleaner[S1].txt - [2840 octets] - [05/04/2013 17:47:15]
AdwCleaner[S2].txt - [1078 octets] - [05/04/2013 19:32:46]
AdwCleaner[S3].txt - [1070 octets] - [05/04/2013 19:41:00]

########## EOF - C:\AdwCleaner[S3].txt - [1130 octets] ##########



#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:54 PM

Posted 05 April 2013 - 01:50 AM

Restart the PC and let me know if you have any issues



#9 Bokkman

Bokkman
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 05 April 2013 - 01:55 AM

Ever since Malwarebytes removed a bunch last night (before you asked me to), I haven't noticed my browser being hijacked (which was the only symptom I experienced and what prompted me to come here for help).

I'm confident that whatever it was, has gone, and also maybe a handful of other hidden ones were picked up as well.

 

Thanks for your help.



#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:54 PM

Posted 05 April 2013 - 02:17 AM

That looks good

Remove temporary and junk files

Download Temp file cleaner from HERE.Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode
 

Create a new restore point

Follow this guide to turn off and turn on your restore points

Windows XP

Vista & windows 7

Windows 8

Turn off your system restore-It deletes old infected restore points.Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old versions of java and flash player from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/ & http://www.adobe.com/support/flashplayer/downloads.html

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

Best Practices for Safe Computing - Prevention of Malware Infection

Simple and easy ways to keep your computer safe and secure on the Internet


Safe surfing :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users