Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C:\Windows\svchost.ext Trojan.Agent


  • Please log in to reply
10 replies to this topic

#1 dzig

dzig

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 05 April 2013 - 05:13 PM

I was referred here from Norton Internet Security Forum to try and solve my NIS/malware problem. Basically the problem I started with was my NIS program window would open for 1-2 seconds then close, after that I was unable to open the program anymore. It's seems to be running in the background but program window will not open.

  

Norton Internet Security 20.3.0.36
Windows 7 Professional
7601.18044.amd64fre.win7sp1_gdr.130104-1431
 

 

NIS Forum link (Shows history of what I have done so far)

http://community.norton.com/t5/Norton-Internet-Security-Norton/NIS-program-window-disappears-within-2-seconds-of-opening/td-p/937893

 

 Thank you for any help!



BC AdBot (Login to Remove)

 


#2 dzig

dzig
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 05 April 2013 - 05:14 PM

Sorry title should be C:\Windows\svchost.exe not ext.



#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:04 PM

Posted 05 April 2013 - 11:47 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run
  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg
  • Click Reboot computer
  • Please post the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply
  • Due to forum upgrade you may face issues posting the TDSSkiller log.Just last few lines of log is sufficient

===================================================

RKILL
  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another.) and save it to your desktop:
  • Link 1
  • Link 2

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

===================================================

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    esetsmartinstaller_enu.png

    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button

===================================================

Junkware Removal Tool by thisisu
  • Please download Junkware Removal Tool
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply.

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • TDSSKiller log
  • RKILL log
  • ESET log
  • Junkware removal tool log

 



#4 dzig

dzig
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 06 April 2013 - 10:01 AM

TDSSKiller log:

07:50:49.0005 4452  Scan finished
07:50:49.0005 4452  ============================================================
07:50:49.0005 4444  Detected object count: 1
07:50:49.0005 4444  Actual detected object count: 1
07:51:00.0019 4444  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user
07:51:00.0019 4444  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip
07:51:33.0044 2096  Deinitialize success

 

 

RKILL log:

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/06/2013 07:56:29 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 04/06/2013 07:56:33 AM
Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s)

 

 

ESET log:

C:\Users\Darin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7VDUVKUP\winamp563_full_emusic-7plus_en-us.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Darin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RI1I7VFW\ApnToolbarInstaller[1].exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

 

 

Junkware removal tool log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Professional x64
Ran by Darin on 06-Apr-13 at  8:47:40.49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{00000000-6e41-4fd3-8538-502f5495e5fc}

 

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"

 

~~~ Files

Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
Failed to delete [File] C:\Windows\svchost.exe  [Check for TDL4 Rootkit!]

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06-Apr-13 at  8:56:07.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 


 



#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:04 PM

Posted 07 April 2013 - 02:02 AM

Run TDSSkiller again and select CURE for

 

07:51:00.0019 4444  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip

 

Restart the PC ,run TDSSkiller and make sure it comes out clean

 

Malwarebytes

Please download Malwarebytes Anti-Malware and save it to your desktop. If you already have it installed launch the program and update the database.

  • Make sure you are connected to the Internet and double-click on the it to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

===================================================

Farbar's MiniToolBox
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply

===================================================

Farbar's Service Scanner

Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===================================================

AdwCleaner by Xplode - Search for Adware
  • Please download AdwCleaner by Xplode onto your desktop.
  • Security softwares may flag it as malicious.This is a false positive and can be ignored.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • Click YES if you receive a warning for reboot
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================

Autoruns
 
  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply



  • Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Autoruns log

 



#6 dzig

dzig
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 07 April 2013 - 10:43 AM

Malwarebytes log:

09:07:40.0105 3380  Scan finished
09:07:40.0105 3380  ============================================================
09:07:40.0105 2764  Detected object count: 1
09:07:40.0105 2764  Actual detected object count: 1
09:07:44.0863 2764  \Device\Harddisk0\DR0\# - copied to quarantine
09:07:44.0879 2764  \Device\Harddisk0\DR0 - copied to quarantine
09:07:44.0894 2764  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
09:07:44.0894 2764  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
09:07:44.0894 2764  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
09:07:44.0910 2764  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
09:07:44.0910 2764  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
09:07:44.0910 2764  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
09:07:44.0910 2764  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
09:07:44.0910 2764  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
09:07:44.0910 2764  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
09:07:44.0910 2764  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
09:07:44.0910 2764  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
09:07:44.0910 2764  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
09:07:44.0925 2764  \Device\Harddisk0\DR0\TDLFS\cmd32.dll - copied to quarantine
09:07:44.0925 2764  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
09:07:44.0925 2764  \Device\Harddisk0\DR0 - ok
09:07:44.0925 2764  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
09:07:46.0267 2140  Deinitialize success

 

AFTER REBOOT LOG:

09:09:17.0691 3304  Scan finished
09:09:17.0691 3304  ============================================================
09:09:17.0691 3292  Detected object count: 0
09:09:17.0691 3292  Actual detected object count: 0
09:09:20.0267 2816  Deinitialize success

 

 

 

 

 

MiniToolBox log:

MiniToolBox by Farbar  Version:05-03-2013
Ran by Darin (administrator) on 07-04-2013 at 09:19:10
Running from "C:\Users\Darin\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected)
Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Darin-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.co.comcast.net.

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2
   Physical Address. . . . . . . . . : 48-5B-39-0A-2F-5A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : hsd1.co.comcast.net.
   Description . . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : 48-5B-39-0A-3E-4C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::594c:1552:dc3:f498%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.253(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, April 07, 2013 9:13:31 AM
   Lease Expires . . . . . . . . . . : Monday, April 08, 2013 9:13:30 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 239622969
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-3A-75-F0-48-5B-39-0A-3E-4C
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{1464FF26-5FD1-4CDC-8F78-8CD35FCB6223}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.hsd1.co.comcast.net.:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.0.1

Name:    google.com
Addresses:  2607:f8b0:400f:800::1004
   74.125.225.166
   74.125.225.174
   74.125.225.169
   74.125.225.164
   74.125.225.160
   74.125.225.161
   74.125.225.163
   74.125.225.162
   74.125.225.167
   74.125.225.168
   74.125.225.165


Pinging google.com [74.125.225.163] with 32 bytes of data:
Reply from 74.125.225.163: bytes=32 time=14ms TTL=56
Reply from 74.125.225.163: bytes=32 time=15ms TTL=56

Ping statistics for 74.125.225.163:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 14ms, Maximum = 15ms, Average = 14ms
Server:  UnKnown
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  206.190.36.45
   98.139.183.24
   98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=146ms TTL=51
Reply from 98.139.183.24: bytes=32 time=426ms TTL=51

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 146ms, Maximum = 426ms, Average = 286ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...48 5b 39 0a 2f 5a ......Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2
 10...48 5b 39 0a 3e 4c ......Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.253     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.253    266
    192.168.0.253  255.255.255.255         On-link     192.168.0.253    266
    192.168.0.255  255.255.255.255         On-link     192.168.0.253    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.253    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.253    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10    266 fe80::/64                On-link
 10    266 fe80::594c:1552:dc3:f498/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134512] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134512] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/06/2013 10:44:36 AM) (Source: Application Error) (User: )
Description: Faulting application name: iTunes.exe, version: 11.0.1.12, time stamp: 0x50c8fc7e
Faulting module name: PROPSYS.dll, version: 7.0.7601.17514, time stamp: 0x4ce7b983
Exception code: 0xc0000005
Fault offset: 0x000036d6
Faulting process id: 0x15bc
Faulting application start time: 0xiTunes.exe0
Faulting application path: iTunes.exe1
Faulting module path: iTunes.exe2
Report Id: iTunes.exe3


System errors:
=============
Error: (04/07/2013 09:13:31 AM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%2

Error: (04/07/2013 09:12:38 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/07/2013 09:08:35 AM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%2

Error: (04/07/2013 09:07:46 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/07/2013 09:06:51 AM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%2

Error: (04/07/2013 09:05:53 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/06/2013 10:47:34 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (04/06/2013 10:44:36 AM) (Source: Application Error)(User: )
Description: iTunes.exe11.0.1.1250c8fc7ePROPSYS.dll7.0.7601.175144ce7b983c0000005000036d615bc01ce32e5c78b0f64C:\Program Files (x86)\iTunes\iTunes.exeC:\Windows\system32\PROPSYS.dll43acc3bd-9ed9-11e2-8a85-485b390a2f5a


=========================== Installed Programs ============================

Adobe AIR (Version: 3.3.0.3650)
Adobe Community Help (Version: 3.3.0)
Adobe Community Help (Version: 3.3.0.800)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.235)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader X (10.1.6) (Version: 10.1.6)
AI Suite (Version: 1.06.09)
Amazon Cloud Drive (Version: 1.10.00.0)
Amazon MP3 Downloader 1.0.17 (Version: 1.0.17)
Amazon MP3 Uploader (Version: 1.0.8)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AnswerWorks 5.0 English Runtime (Version: 5.0.7)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
ASUSUpdate
ATI Catalyst Install Manager (Version: 3.0.812.0)
ATI Catalyst Registration (Version: 3.00.0000)
ATI Stream SDK v2 Developer (Version: 2.3.0.0)
Audible Download Manager (Version: 6.6.0.15)
AudibleManager (Version: 2001878222.48.56.35458282)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0126.1749.31909)
Catalyst Control Center InstallProxy (Version: 2011.0126.1749.31909)
CCC Help English (Version: 2011.0126.1748.31909)
ccc-core-static (Version: 2011.0126.1749.31909)
ccc-utility64 (Version: 2011.0126.1749.31909)
Coupon Printer for Windows (Version: 5.0.0.1)
CrystalDiskInfo 4.0.1 (Version: 4.0.1)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
doubleTwist (Version: 3.2.2.17028)
Epson Copy Utility 3.5 (Version: 3.5.0.0)
Epson Event Manager (Version: 2.30.01)
EPSON Scan
ESET Online Scanner v3
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
FileASSASSIN (Version: 1.06)
Garmin City Navigator North America NT 2012.40 Update (Version: 15.40.0.0)
Garmin Lifetime Updater (Version: 2.1.11)
Garmin POI Loader (Version: 2.5.4.0)
Garmin USB Drivers (Version: 2.3.0.0)
Garmin WebUpdater (Version: 2.5.5)
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.135)
Intel® Matrix Storage Manager
IrfanView (remove only)
iTunes (Version: 11.0.1.12)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 17 (Version: 6.0.170)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Marvell Miniport Driver (Version: 11.10.5.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Camera Codec Pack (Version: 16.0.0652.0621)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Live Add-in 1.4 (Version: 2.0.3008.0)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.14.0)
Norton Internet Security (Version: 20.3.0.36)
Octoshape Streaming Services
PC Probe II (Version: 1.04.81)
PDF Settings CS5 (Version: 10.0)
Quicken 2010 (Version: 19.1.7.14)
QuickTime (Version: 7.70.80.34)
Realtek High Definition Audio Driver (Version: 6.0.1.5959)
Samsung CLP-310 Series
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
Silicon Laboratories USBXpress Device (Driver Removal)
SSDlife Free (Version: 1.1.15)
The Lord of the Rings FREE Trial  (Version: 1.00.0000)
TOPO!
TurboV (Version: 1.01.03)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Virtual Weather Station (Version: 6.0.63)
WeatherLink 5.9.2 (Version: 5.9.2)
Winamp (Version: 5.63 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live ID Sign-in Assistant (Version: 6.500.3146.0)
Windows XP Mode (Version: 1.3.7600.16423)
WMV9/VC-1 Video Playback (Version: 1.00.0000)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 20%
Total physical RAM: 12279.11 MB
Available physical RAM: 9715.44 MB
Total Pagefile: 24556.4 MB
Available Pagefile: 21684.24 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.57 MB

========================= Partitions: =====================================

1 Drive c: (SSD System Disk - Windows 7) (Fixed) (Total:119.05 GB) (Free:63.14 GB) NTFS
3 Drive e: (Storage Drive) (Fixed) (Total:596.17 GB) (Free:186.24 GB) NTFS

========================= Users: ========================================

User accounts for \\DARIN-PC

Administrator            Darin                    Guest                   


**** End of log ****

 

 

 

 

 

 

Farbar's Service Scanner log:

Farbar Service Scanner Version: 03-03-2013
Ran by Darin (administrator) on 07-04-2013 at 09:27:15
Running from "C:\Users\Darin\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

 

 

AdwCleaner log:

# AdwCleaner v2.200 - Logfile created 04/07/2013 at 09:32:43
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Darin - DARIN-PC
# Boot Mode : Normal
# Running from : C:\Users\Darin\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [1565 octets] - [07/04/2013 09:30:30]
AdwCleaner[S1].txt - [1524 octets] - [07/04/2013 09:32:43]

########## EOF - C:\AdwCleaner[S1].txt - [1584 octets] ##########

 

 

 

Autoruns log:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "02-Apr-13 8:03 PM"
+ "IAAnotif" "Event Monitor User Notification Tool" "Intel Corporation" "c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe" "04-Jun-09 8:03 PM"
+ "RtHDVCpl" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravcpl64.exe" "14-Oct-09 2:58 AM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" "" "07-Apr-13 9:33 AM"
+ "EEventManager" "EEventManager Application" "SEIKO EPSON CORPORATION" "c:\program files (x86)\epson software\event manager\eeventmanager.exe" "02-Apr-09 9:41 PM"
+ "Samsung PanelMgr" "" "" "c:\windows\samsung\panelmgr\ssmmgr.exe" "27-Aug-09 11:36 PM"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" "26-Jan-11 4:41 PM"
+ "vws" "" "Ambient, LLC" "c:\vws\vws.exe" "02-Mar-12 12:33 PM"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "23-Mar-10 8:07 AM"
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "13-Jul-09 5:58 PM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" "23-Mar-10 8:07 AM"
+ "Internet Explorer" "" "" "File not found: C:\Windows\system32\ie4uinit.exe" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe" "13-Jul-09 5:42 PM"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" "" "13-Jul-09 10:53 PM"
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll" "28-Feb-10 3:24 AM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" "" "05-Dec-11 5:35 PM"
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll" "15-Aug-12 11:46 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" "" "07-Apr-13 9:33 AM"
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll" "15-Aug-12 11:39 PM"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "13-Jul-09 10:53 PM"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine64\20.3.0.36\navshext.dll" "14-Feb-13 2:06 AM"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll" "15-Aug-12 11:46 PM"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "13-Jul-09 10:53 PM"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll" "15-Aug-12 11:39 PM"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "13-Jul-09 10:53 PM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll" "14-Dec-12 2:52 PM"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll" "15-Aug-12 11:46 PM"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "13-Jul-09 10:53 PM"
+ "FAExt" "FileASSASSIN Shell Extension" "Malwarebytes" "c:\program files (x86)\fileassassin\fileassassinext.dll" "30-Mar-07 4:34 PM"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll" "15-Aug-12 11:39 PM"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "13-Jul-09 10:53 PM"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll" "15-Aug-12 11:46 PM"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "13-Jul-09 10:53 PM"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll" "15-Aug-12 11:39 PM"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "13-Jul-09 10:53 PM"
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll" "26-Jan-11 4:42 PM"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll" "13-Jul-09 7:32 PM"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll" "15-Aug-12 11:46 PM"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "13-Jul-09 10:53 PM"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll" "13-Jul-09 7:09 PM"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll" "15-Aug-12 11:39 PM"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "23-Mar-10 7:29 PM"
+ "AudibleShlExt Class" "AudibleExt Module" "Audible, Inc." "e:\audible\audible\bin\audibleext.dll" "09-Apr-09 11:54 AM"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll" "18-Dec-12 7:02 AM"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "23-Mar-10 7:29 PM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll" "14-Dec-12 2:52 PM"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine64\20.3.0.36\navshext.dll" "14-Feb-13 2:06 AM"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll" "15-Aug-12 11:46 PM"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "23-Mar-10 7:29 PM"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll" "15-Aug-12 11:39 PM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "05-Dec-11 5:35 PM"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll" "15-Aug-12 11:46 PM"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll" "15-Aug-12 11:46 PM"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll" "15-Aug-12 11:46 PM"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll" "15-Aug-12 11:46 PM"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll" "15-Aug-12 11:46 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "07-Apr-13 9:33 AM"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll" "15-Aug-12 11:39 PM"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll" "15-Aug-12 11:39 PM"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll" "15-Aug-12 11:39 PM"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll" "15-Aug-12 11:39 PM"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll" "15-Aug-12 11:39 PM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "05-Dec-11 5:35 PM"
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll" "15-Aug-12 11:46 PM"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll" "20-Dec-10 9:48 PM"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll" "30-Mar-09 6:19 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "07-Apr-13 9:33 AM"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll" "18-Dec-12 6:32 AM"
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll" "15-Aug-12 11:39 PM"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll" "25-Sep-12 12:04 AM"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll" "25-Sep-12 12:03 AM"
+ "Norton Identity Protection" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\20.3.0.36\coieplg.dll" "13-Feb-13 8:58 PM"
+ "Norton Vulnerability Protection" "IPS Browser Helper DLL" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\20.3.0.36\ips\ipsbho.dll" "08-Aug-12 12:50 PM"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\urlredir.dll" "20-Dec-10 7:04 PM"
+ "PodcastBHO Class" "1.0" "doubleTwist Corporation" "c:\program files (x86)\common files\doubletwist\iepodcastplugin.dll" "22-Nov-11 3:11 PM"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll" "30-Mar-09 5:28 PM"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" "" "02-Apr-13 7:09 PM"
+ "Norton Toolbar" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\20.3.0.36\coieplg.dll" "13-Feb-13 8:58 PM"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "27-Feb-13 5:48 PM"
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnielinkednotes.dll" "20-Dec-10 11:56 PM"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnie.dll" "18-Jan-12 1:52 AM"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" "" "02-Apr-13 7:09 PM"
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll" "20-Dec-10 9:05 PM"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnie.dll" "18-Jan-12 12:20 AM"
"Task Scheduler" "" "" "" ""
+ "\AdobeAAMUpdater-1.0-Darin-PC-Darin" "Adobe Updater Startup Utility" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe" "15-Feb-10 5:11 AM"
+ "\ASUS\ASUS RegRun Loader" "" "ASUSTeK Computer Inc." "c:\program files (x86)\asus\aasp\1.01.02\asloader.exe" "19-Aug-09 8:13 PM"
+ "\ASUS\ASUS Update Checker" "UpdateChecker MFC Application" "" "c:\program files (x86)\asus\asusupdate\updatechecker\updatechecker.exe" "10-Dec-08 11:45 PM"
+ "\ASUS\Cpu Level Up Hook Lanunch" "" "" "c:\program files (x86)\asus\ai suite\cpuleveluphooklaunch.exe" "11-Oct-07 3:09 AM"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "10-Jun-09 2:36 PM"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "13-Jul-09 6:24 PM"
+ "\Norton Internet Security\Norton Error Analyzer" "Symantec Error Reporting" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\20.3.0.36\symerr.exe" "25-Jan-13 12:36 PM"
+ "\Norton Management\Norton Error Analyzer" "" "" "File not found: C:\Program Files (x86)\Norton Management\Engine\3.1.0.24\SymErr.exe" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "02-Apr-13 8:03 PM"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe" "19-Apr-11 8:04 PM"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe" "17-May-12 9:06 PM"
+ "AsSysCtrlService" "AsSysCtr Application" "ASUSTeK Computer Inc." "c:\program files (x86)\asus\assysctrlservice\1.00.02\assysctrlservice.exe" "19-Aug-09 5:56 AM"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "09-Mar-10 12:10 AM"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "09-Mar-10 12:10 AM"
+ "IAANTMON" "RAID Monitor" "Intel Corporation" "c:\program files (x86)\intel\intel matrix storage manager\iaantmon.exe" "04-Jun-09 8:02 PM"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe" "03-Apr-05 11:41 PM"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe" "12-Dec-12 3:32 PM"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe" "14-Dec-12 2:51 PM"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe" "14-Dec-12 2:51 PM"
+ "MDM" "Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\vs7debug\mdm.exe" "19-Mar-03 3:55 AM"
+ "Microsoft SharePoint Workspace Audit Service" "Microsoft SharePoint Workspace" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\groove.exe" "20-Sep-12 7:18 AM"
+ "NIS" "Norton Internet Security" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\20.3.0.36\ccsvchst.exe" "17-Dec-12 6:58 PM"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe" "09-Jan-10 10:16 PM"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe" "11-Aug-09 8:00 PM"
+ "SwitchBoard" "Adobe SwitchBoard" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\switchboard\switchboard.exe" "19-Feb-10 2:50 PM"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll" "13-Jul-09 7:29 PM"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe" "30-Mar-09 6:19 PM"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe" "20-Nov-10 5:18 AM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "02-Apr-13 8:03 PM"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys" "05-Dec-08 5:54 PM"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys" "01-May-07 11:30 AM"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys" "27-Feb-07 6:04 PM"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys" "13-Jul-09 5:19 PM"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys" "19-Apr-11 7:53 PM"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys" "19-Apr-11 7:22 PM"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys" "18-Mar-10 6:45 PM"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys" "20-Mar-09 12:36 PM"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys" "19-Mar-10 10:18 AM"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys" "24-May-07 3:27 PM"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys" "14-Jan-09 1:27 PM"
+ "AsIO" "" "" "c:\windows\syswow64\drivers\asio.sys" "03-Aug-09 1:03 AM"
+ "AsUpIO" "" "" "c:\windows\syswow64\drivers\asupio.sys" "05-Jul-09 8:21 PM"
+ "AtiHDAudioService" "AMD High Definition Audio Function Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\atihdw76.sys" "17-Nov-10 6:02 AM"
+ "AtiHdmiService" "ATI High Definition Audio Function Driver" "ATI Technologies, Inc." "c:\windows\system32\drivers\atihdmi.sys" "28-Jan-10 7:03 PM"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys" "13-Feb-09 4:18 PM"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys" "26-Apr-09 5:14 AM"
+ "BHDrvx64" "SONAR Engine Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.3.0.36\definitions\bashdefs\20130322.001\bhdrvx64.sys" "15-Mar-13 11:18 PM"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys" "06-Aug-06 7:51 PM"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys" "06-Aug-06 7:51 PM"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys" "06-Aug-06 7:51 PM"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys" "06-Aug-06 7:51 PM"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys" "06-Aug-06 7:51 PM"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys" "09-Aug-06 6:11 AM"
+ "ccSet_NIS" "Common Client Settings Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1403000.024\ccsetx64.sys" "16-Aug-12 3:18 PM"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys" "13-Jul-09 5:19 PM"
+ "DgiVecp" "" "" "File not found: C:\Windows\system32\Drivers\DgiVecp.sys" ""
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys" "31-Dec-08 10:29 AM"
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eectrl64.sys" "31-Jul-12 5:36 PM"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys" "03-Feb-09 4:52 PM"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eraserutilrebootdrv.sys" "31-Jul-12 5:36 PM"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys" "03-May-12 1:56 PM"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys" "11-May-09 2:26 AM"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys" "20-Apr-10 12:32 PM"
+ "iaStor" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys" "04-Jun-09 7:53 PM"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys" "10-Jun-10 6:46 PM"
+ "IDSVia64" "Symantec Intrusion Prevention Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.3.0.36\definitions\ipsdefs\20130405.001\idsvia64.sys" "28-Aug-12 8:48 PM"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys" "13-Dec-05 3:47 PM"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys" "14-Oct-09 3:31 AM"
+ "iPodDrv" "doubleTwist iPod Driver" "Windows ® Codename Longhorn DDK provider" "c:\windows\system32\drivers\ipoddrv.sys" "09-Apr-09 10:07 PM"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys" "09-Dec-08 4:46 PM"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys" "18-May-09 6:20 PM"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys" "18-May-09 6:31 PM"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys" "16-Apr-09 4:13 PM"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys" "20-Aug-12 10:49 AM"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys" "18-May-09 7:09 PM"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys" "18-May-09 7:25 PM"
+ "MTsensor" "ATK0110 ACPI Utility" "" "c:\windows\system32\drivers\asacpi.sys" "15-Jul-09 9:31 PM"
+ "mv91xx" "Marvell magni Windows Driver" "Marvell Semiconductor, Inc." "c:\windows\system32\drivers\mv91xx.sys" "09-Oct-09 4:00 AM"
+ "NAVENG" "AV Engine" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.3.0.36\definitions\virusdefs\20130406.008\eng64.sys" "20-Dec-12 3:24 AM"
+ "NAVEX15" "AV Engine" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.3.0.36\definitions\virusdefs\20130406.008\ex64.sys" "20-Dec-12 3:22 AM"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys" "06-Jun-06 3:11 PM"
+ "nusb3hub" "USB 3.0 Hub Driver" "NEC Electronics Corporation" "c:\windows\system32\drivers\nusb3hub.sys" "25-Sep-09 7:58 AM"
+ "nusb3xhc" "USB 3.0 Host Controller Driver" "NEC Electronics Corporation" "c:\windows\system32\drivers\nusb3xhc.sys" "25-Sep-09 7:58 AM"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys" "19-Mar-10 2:59 PM"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys" "19-Mar-10 2:45 PM"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys" "22-Jan-09 5:05 PM"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys" "18-May-09 7:18 PM"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys" "13-Sep-06 7:18 AM"
+ "silabenm" "Silicon Labs VCP Serial Enumerator" "Silicon Laboratories, Inc." "c:\windows\system32\drivers\silabenm.sys" "18-Jun-07 10:18 AM"
+ "silabser" "Silicon Labs CP210x USB to UART Bridge Driver" "Silicon Laboratories" "c:\windows\system32\drivers\silabser.sys" "08-Jul-08 2:36 PM"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys" "24-Sep-08 12:28 PM"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys" "01-Oct-08 3:56 PM"
+ "SIUSBXP" "SiUSBXp.sys" "Silicon Laboratories" "c:\windows\system32\drivers\siusbxp.sys" "03-Nov-09 4:16 PM"
+ "SRTSP" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1403000.024\srtsp64.sys" "25-Jan-13 3:26 PM"
+ "SRTSPX" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1403000.024\srtspx64.sys" "25-Jan-13 3:30 PM"
+ "SSPORT" "Port Contention Driver" "Samsung Electronics" "c:\windows\system32\drivers\ssport.sys" "11-Aug-05 5:07 PM"
+ "stexstor" "Promise  SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys" "17-Feb-09 5:03 PM"
+ "SymDS" "Symantec Data Store" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1403000.024\symds64.sys" "16-Jan-13 7:56 PM"
+ "SymEFA" "Symantec Extended File Attributes" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1403000.024\symefa64.sys" "18-Jan-13 6:31 PM"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent64x86.sys" "23-May-12 6:52 PM"
+ "SymIRON" "Iron Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1403000.024\ironx64.sys" "23-Jul-12 6:34 PM"
+ "SymNetS" "Network Security Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1403000.024\symnets.sys" "20-Jul-12 8:07 PM"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys" "28-Sep-12 11:32 AM"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys" "13-Jul-09 5:19 PM"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys" "30-Jan-09 7:18 PM"
+ "yukonw7" "" "" "c:\windows\system32\drivers\yk62x64.sys" "28-Sep-09 2:19 AM"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "13-Feb-13 4:20 AM"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "13-Jul-09 7:28 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "07-Apr-13 9:33 AM"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm" "13-Jul-09 7:06 PM"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll" "20-Nov-10 5:59 AM"
+ "VIDC.FFDS" "" "" "c:\windows\syswow64\ff_vfw.dll" "17-Dec-08 12:22 PM"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "13-Jul-09 10:53 PM"
+ "ATI Ticker" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax" "26-Jan-11 4:41 PM"
+ "Audible Words Codec" "Audible Audio Files DirectShow Source Filter" "Audible, Inc." "c:\windows\syswow64\awrdscdc.ax" "02-Oct-09 4:43 PM"
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files (x86)\google\google earth\client\wavdest.ax" "26-Feb-13 7:25 PM"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax" "19-Dec-08 11:26 AM"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax" "19-Dec-08 11:26 AM"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax" "19-Dec-08 11:26 AM"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax" "19-Dec-08 11:26 AM"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax" "19-Dec-08 11:26 AM"
+ "FLV Source" "FLV Splitter" "Gabest" "c:\program files (x86)\ffdshow\flvsplitter.ax" "15-Nov-08 10:57 AM"
+ "FLV Splitter" "FLV Splitter" "Gabest" "c:\program files (x86)\ffdshow\flvsplitter.ax" "15-Nov-08 10:57 AM"
+ "FLV4 Video Decoder" "FLV Splitter" "Gabest" "c:\program files (x86)\ffdshow\flvsplitter.ax" "15-Nov-08 10:57 AM"
+ "Matroska Source" "Matroska Splitter" "Gabest" "c:\program files (x86)\ffdshow\matroskasplitter.ax" "10-Dec-08 8:54 AM"
+ "Matroska Splitter" "Matroska Splitter" "Gabest" "c:\program files (x86)\ffdshow\matroskasplitter.ax" "10-Dec-08 8:54 AM"
+ "MMACE Deinterlace" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll" "26-Jan-11 4:41 PM"
+ "MMACE ProcAmp" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll" "26-Jan-11 4:41 PM"
+ "MMACE SoftEmu" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll" "26-Jan-11 4:41 PM"
+ "MP4 Source" "MP4 Splitter" "Gabest" "c:\program files (x86)\ffdshow\mp4splitter.ax" "10-Dec-08 8:53 AM"
+ "MP4 Splitter" "MP4 Splitter" "Gabest" "c:\program files (x86)\ffdshow\mp4splitter.ax" "10-Dec-08 8:53 AM"
+ "Mpeg Source" "Mpeg Splitter" "Gabest" "c:\program files (x86)\ffdshow\mpegsplitter.ax" "20-Jan-08 6:34 AM"
+ "Mpeg Splitter" "Mpeg Splitter" "Gabest" "c:\program files (x86)\ffdshow\mpegsplitter.ax" "20-Jan-08 6:34 AM"
+ "MPEG4 Video Source" "MP4 Splitter" "Gabest" "c:\program files (x86)\ffdshow\mp4splitter.ax" "10-Dec-08 8:53 AM"
+ "MPEG4 Video Splitter" "MP4 Splitter" "Gabest" "c:\program files (x86)\ffdshow\mp4splitter.ax" "10-Dec-08 8:53 AM"
+ "Ogg Source" "Ogg Splitter" "Gabest" "c:\program files (x86)\ffdshow\oggsplitter.ax" "07-Dec-08 11:45 AM"
+ "Ogg Splitter" "Ogg Splitter" "Gabest" "c:\program files (x86)\ffdshow\oggsplitter.ax" "07-Dec-08 11:45 AM"
"HKLM\Software\Wow6432Node\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" "" "13-Jul-09 10:53 PM"
+ "{42553C8F-FF8C-45C9-A37A-C3939F7C016B}" "Microsoft Raw Codec" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\microsoft camera codec pack\microsoftrawcodec.dll" "21-Jun-11 2:10 AM"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" "" "13-Jul-09 10:53 PM"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll" "30-Mar-09 6:19 PM"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" "" "19-Oct-11 4:19 PM"
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll" "30-Aug-11 11:44 PM"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll" "30-Mar-09 5:28 PM"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll" "30-Mar-09 5:28 PM"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" "" "19-Oct-11 4:19 PM"
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll" "30-Aug-11 11:53 PM"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll" "30-Mar-09 6:19 PM"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll" "30-Mar-09 6:19 PM"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" "" "07-Apr-13 9:34 AM"
+ "BJ Language Monitor3_2" "Canon Inkjet Printer Driver" "CANON INC." "c:\windows\system32\cnblm3_2.dll" "13-Jul-09 7:27 PM"
+ "CL31C Langmon" "Language Monitor for Status Monitor" "" "c:\windows\system32\cl31cl6.dll" "03-Dec-06 7:21 PM"
+ "CutePDF Writer Monitor" "" "" "c:\windows\system32\cpwmon64.dll" "12-Jul-07 8:15 PM"
+ "spd__ Langmon" "Language Monitor for Status Monitor" "" "c:\windows\system32\spd__l.dll" "04-Jun-08 12:09 AM"


 



#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:04 PM

Posted 07 April 2013 - 11:52 AM

Malwarebytes log?



#8 dzig

dzig
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 07 April 2013 - 12:55 PM

In my last post I just posted the end of the logs because it said my post was too long. Do you want me post the entire log?



#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:04 PM

Posted 09 April 2013 - 10:04 AM

Not needed
 

That looks good

Remove temporary and junk files

Download Temp file cleaner from HERE.Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode
 

Create a new restore point

Follow this guide to turn off and turn on your restore points

Windows XP

Vista & windows 7

Windows 8

Turn off your system restore-It deletes old infected restore points.Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old versions of java and flash player from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/ & http://www.adobe.com/support/flashplayer/downloads.html

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

Best Practices for Safe Computing - Prevention of Malware Infection

Simple and easy ways to keep your computer safe and secure on the Internet


Safe surfing :)



#10 dzig

dzig
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 09 April 2013 - 05:19 PM

THANK YOU for all your help! You helped remove the problems because Norton Internet Security is back working again.

 

Much appreciated!


Edited by dzig, 09 April 2013 - 05:19 PM.


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:04 PM

Posted 10 April 2013 - 10:20 AM

:welcome:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users