# Virus



## computernoob1 (Aug 16, 2012)

hi i am looking for help with a virus that i got downloading a file off the internet
the virus stopped my internet connection and is located in system 32 my opperating system is windows 7.
i used at first microsoft safty scanner installed off a usb stick which imediatly found the virus but when i tried to remove it a mesage appeared saying "windows has had a critical error and will log off in a minute" the loading bar did not start and the computer restarted. i have now tried sevral more anti-virus softwares but they either require internet or cant help me

please any help would be apreciated


----------



## computernoob1 (Aug 16, 2012)

???


----------



## computernoob1 (Aug 16, 2012)

????


----------



## computernoob1 (Aug 16, 2012)

??????


----------



## computernoob1 (Aug 16, 2012)

???????????????


----------



## Mark1956 (May 7, 2011)

Hi Computernoob1 and welcome to TSG. My name is Mark and I will be helping you.

Please follow this guide to use RogueKiller. You will have to download and transfer with your USB stick, and likewise to upload the log report.

One thing you could try is to boot the PC into "Safe Mode with Networking", that may allow you to connect to the internet but do not run any scans in Safe mode unless instructed to do so only use it to download the tools used and upload the results. You can get into Safe Mode by tapping the F8 key from the moment you switch on, this should bring up a menu, use the arrow keys on your keyboard to highlight "Safe Mode with Networking" and hit the Enter key.

Download RogueKiller (by tigzy) and save direct to your Desktop.

On the web page click on this:









Quit all running programs
Start RogueKiller.exe
Wait until Prescan has finished.
Ensure all boxes are ticked under "Report" tab.
Click on Scan.
Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
NOTE: *DO NOT attempt to remove anything that the scan detects.*


----------



## computernoob1 (Aug 16, 2012)

so i ran the scan like you said and copyed the report here it is

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: scott #1 [Admin rights]
Mode: Scan -- Date: 08/23/2012 16:51:09
¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] ohoriq.exe -- C:\Users\scott #1\AppData\Roaming\Uggopiu\ohoriq.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 22 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : {7998CA2C-F224-E208-E585-E63363E8B74E} ("C:\Users\scott #1\AppData\Roaming\Uggopiu\ohoriq.exe") -> FOUND
[SUSP PATH] HKUS\S-1-5-21-794785944-1427257573-3050441696-1004[...]\Run : {7998CA2C-F224-E208-E585-E63363E8B74E} ("C:\Users\scott #1\AppData\Roaming\Uggopiu\ohoriq.exe") -> FOUND
[SUSP PATH] {51421C7D-819D-46F3-96BF-17F84702F4FC}.job @ : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo -> FOUND
[SUSP PATH] {53C95B99-4EBE-4C3C-868C-EBEB89D97C17}.job @ : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo -> FOUND
[SUSP PATH] {826AB468-5774-47F5-8DCC-9A9C551A7CAF}.job @ : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo -> FOUND
[SUSP PATH] {AC54762C-0980-4493-AF7B-F54D33C545F9}.job @ : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo -> FOUND
[SUSP PATH] {B2A9FD40-FC82-47E5-8B48-24B5DFE93844}.job @ : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo -> FOUND
[SUSP PATH] {D15EF3EC-1F57-4419-A229-1AF3A82C1620}.job @ : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo -> FOUND
[SUSP PATH] {D5E94A23-F06E-4A46-AE9F-36C6FA35D0A3}.job @ : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo -> FOUND
[SUSP PATH] {D817DA7D-FACA-4BD5-9C64-A6CB8A8A8E93}.job @ : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo -> FOUND
[SUSP PATH] {D9E2CC70-3A4F-4542-BF7A-FDC77006AE32}.job @ : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo -> FOUND
[SUSP PATH] nnnv0.8702459693948403.exe.lnk @scott white : C:\Windows\System32\rundll32.exe|C:\Users\SCOTTW~1\AppData\Local\Temp\nnnv0.8702459693948403.exe -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowDownloads (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : c:\windows\installer\{b68e7a3f-8d17-e5a5-7c98-639179dd429b}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{b68e7a3f-8d17-e5a5-7c98-639179dd429b}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{b68e7a3f-8d17-e5a5-7c98-639179dd429b}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND
[Susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND
[ZeroAccess][Sig found] services.exe : c:\windows\system32\services.exe --> FOUND
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6475GSX ATA Device +++++
--- User ---
[MBR] b5809dd9b7363cbacf8a39c691158121
[BSP] 25aa688f1fa44ddf8277e6c522f05859 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 399 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 819200 | Size: 304589 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 624617472 | Size: 305491 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WD Elements 1042 USB Device +++++
--- User ---
[MBR] 86e86500f391fe82a7853ff8afcab95d
[BSP] c1cd6b56c8dc06e05e299708dc67314b : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt

and the safe mode did not work

thanks for the help


----------



## Mark1956 (May 7, 2011)

Ok, you have the ZeroAccess rootkit infection, please follow all the advice given in the "Everyone must read this--" thread at the top of the Malware forum in respect of changing passwords.

Please now follow these instructions to run Combofix, hopefully after this has been run you will get your internet connection back, but we will see, let me know how it goes and post the log.

*STEP 1*
*NOTE:* If you have already used Combofix please delete the icon from your desktop.

Please download DeFogger and save it to your desktop.
Once downloaded, double-click on the *DeFogger* icon to start the tool.
The application window will appear.
You should now click on the *Disable* button to disable your CD Emulation drivers.
When it prompts you whether or not you want to continue, please click on the *Yes* button to continue.
When the program has completed you will see a *Finished!* message. Click on the *OK* button to exit the program.
If CD Emulation programs are present and have been disabled, *DeFogger* will now ask you to reboot the machine. Please allow it to do so by clicking on the *OK* button.

*STEP 2*
Please download *ComboFix*







from one of the locations below and *save it to your Desktop. <-Important!!!*

Download Mirror #1
Download Mirror #2
Be sure to print out and follow these instructions: *A guide and tutorial on using ComboFix*
*Vista*/*Windows 7* users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. *XP* users need to install the Recovery Console first.

Temporarily *disable* your *anti-virus*, script blocking and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results"_. Click this link to see a list of such programs and how to disable them.
If ComboFix detects an older version of itself, you will be asked to update the program.
ComboFix will begin by showing a Disclaimer. Read it and click *I Agree* if you want to continue.
Follow the prompts and click on *Yes* to continue scanning for malware.
If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the *Continue* button.
When finished, please copy and paste the contents of C:\*ComboFix.txt* (_which will open after reboot_) in your next reply.
Be sure to *re-enable* your anti-virus and other security programs.
_-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security._
If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "_How to Guide_" you printed out earlier.
*NOTE:* if you see a message like this when you attempt to open anything after the reboot *"Illegal Operation attempted on a registry key that has been marked for deletion"* please reboot the system again and the warning should not return.


> *Do NOT use ComboFix* unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, *NOT for general public or personal use*. *Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again.* This site, sUBs and myself *will not* be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read *ComboFix's Disclaimer*.


----------



## computernoob1 (Aug 16, 2012)

downloaded both of them onto a usb stick and saved them onto my desktop the defoger worked but when i tried installing the combo fix one file could not be found or something but i pressed ignor and once it finished it closed down and a message flashed up but it closed down strait a way should i download it again?


----------



## Mark1956 (May 7, 2011)

Run RogueKiller again and when the scan finishes select all the detections that are showing ZeoroAccess and hit the Delete button, post the log and then try to run Combofix again.


----------



## computernoob1 (Aug 16, 2012)

ok i just tried shutting down my computer but it is stuck in logging off is there any hope for my computer


----------



## Mark1956 (May 7, 2011)

If it still has not completed a shutdown push and hold in the power button to force it to shutdown. Then reboot and run RogueKiller to get rid of the main infection as suggested in post 10, that should start to bring it back to life, but there will be more work to do.


----------



## computernoob1 (Aug 16, 2012)

the internet came back on for some weird reson after i turned the computer on so i tried in stalling avg but it started going crazy pop ups on the internet started poping up when ever i clicked somthing and i could not run task manager and get the control pannel up then it starrted with all theese error mesages i dont know what to do please help


----------



## Mark1956 (May 7, 2011)

Why are you trying to install AVG when I had asked you to run RogueKiller


----------



## computernoob1 (Aug 16, 2012)

im not to sure what you mean i ran the scan but i can not see were it tells me that it is a ZeoroAccess thing sorry i did not follow your intructions


----------



## Mark1956 (May 7, 2011)

Not a problem, but if in doubt all you need do is ask.

I should have given more explicit instructions so it is partially my fault.

Run RogueKiller scan and when the results appear click on the Registry tab and uncheck all the detections.

Then click on the Files tab and uncheck the entries for c:\windows\system32\services.exe, leave all the others checked then click on the Delete button. Then post the log.

Next, try running Combofix and post the log.


----------



## computernoob1 (Aug 16, 2012)

ran rogue killer and did what you said but when i ran combo fix it shut down when it was finished i dont know if it worked but no log came up wat should i do


----------



## Mark1956 (May 7, 2011)

Ok, first run RogueKiller again and post the log without attempting to delete anything, this will allow me to see if anything has changed.

Then follow this to run Combofix in a different way.

Open Notepad by clicking on







and in the *Search* box type: *Notepad.exe* and hit *Enter*.
Copy and paste everything in the *code box* below into it.
_-- Note: Make sure Word Wrap is *unchecked* in Notepad by clicking on *Format* in the top menu._

```
KillAll::
Reboot::
```

Save the file as *CFScript.txt* by choosing _Save As..._ in the File Menu, and save it to your Desktop where the ComboFix icon is also located.
Close your browser and* disconnect* from the Internet.
Now use your mouse to *drag*, then *drop* the CFScript.txt file on top of ComboFix.exe as seen in the image below.








This will start ComboFix again and launch the script.
ComboFix may reboot your system when it finishes. This is normal.
A log will be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of *ComboFix.txt* in your next reply.
Be sure to *re-enable* your anti-virus and other security programs *after* the scan is complete.
NOTE: if you see a message like this when you attempt to open anything after the reboot *"Illegal Operation attempted on a registry key that has been marked for deletion"* please reboot the system again and the warning should not return.


----------



## Mark1956 (May 7, 2011)

You have not been back on this site since your last post, please let me know if you wish to continue.


----------



## computernoob1 (Aug 16, 2012)

ye sorry i was away and no combo fix log came up dont know if it worked and the little illigal thing came up like u said


----------



## Mark1956 (May 7, 2011)

Have you looked for the log as per the instructions:



> A log will be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of *ComboFix.txt* in your next reply.


I also asked you to run RogueKiller again and post the log, what happened with that???


----------



## Mark1956 (May 7, 2011)

Three days without a response. If you don't have the time to complete the clean up then I would suggest you do a re-install of Windows as that may give you a quicker resolution.

Please let me know if you wish to proceed and when you will have the time to complete the job.


----------



## computernoob1 (Aug 16, 2012)

im sorry for being away i have searched my whole computer for that combofix log but it wasnt there but here is the rogue killer one
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: scott #1 [Admin rights]
Mode: Remove -- Date: 08/27/2012 17:14:00
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 24 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : hswwsmsytu.exe (C:\ProgramData\hswwsmsytu.exe) -> NOT SELECTED
[SUSP PATH] HKCU\[...]\Run : P5p3M8Qj8NUsIk (C:\ProgramData\P5p3M8Qj8NUsIk.exe) -> NOT SELECTED
[SUSP PATH] HKUS\S-1-5-21-794785944-1427257573-3050441696-1004[...]\Run : hswwsmsytu.exe (C:\ProgramData\hswwsmsytu.exe) -> NOT SELECTED
[SUSP PATH] HKUS\S-1-5-21-794785944-1427257573-3050441696-1004[...]\Run : P5p3M8Qj8NUsIk (C:\ProgramData\P5p3M8Qj8NUsIk.exe) -> NOT SELECTED
[SUSP PATH] {51421C7D-819D-46F3-96BF-17F84702F4FC}.job @ : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo -> NOT SELECTED
[SUSP PATH] {53C95B99-4EBE-4C3C-868C-EBEB89D97C17}.job @ : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo -> NOT SELECTED
[SUSP PATH] {826AB468-5774-47F5-8DCC-9A9C551A7CAF}.job @ : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo -> NOT SELECTED
[SUSP PATH] {AC54762C-0980-4493-AF7B-F54D33C545F9}.job @ : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo -> NOT SELECTED
[SUSP PATH] {B2A9FD40-FC82-47E5-8B48-24B5DFE93844}.job @ : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo -> NOT SELECTED
[SUSP PATH] {D15EF3EC-1F57-4419-A229-1AF3A82C1620}.job @ : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo -> NOT SELECTED
[SUSP PATH] {D5E94A23-F06E-4A46-AE9F-36C6FA35D0A3}.job @ : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo -> NOT SELECTED
[SUSP PATH] {D817DA7D-FACA-4BD5-9C64-A6CB8A8A8E93}.job @ : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo -> NOT SELECTED
[SUSP PATH] {D9E2CC70-3A4F-4542-BF7A-FDC77006AE32}.job @ : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo -> NOT SELECTED
[SUSP PATH] nnnv0.8702459693948403.exe.lnk @scott white : C:\Windows\System32\rundll32.exe|C:\Users\SCOTTW~1\AppData\Local\Temp\nnnv0.8702459693948403.exe -> NOT SELECTED
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> NOT SELECTED
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> NOT SELECTED
[HJ] HKCU\[...]\Advanced : Start_ShowDownloads (0) -> NOT SELECTED
[HJ] HKCU\[...]\Advanced : Start_ShowVideos (0) -> NOT SELECTED
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> NOT SELECTED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NOT SELECTED
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : c:\windows\installer\{b68e7a3f-8d17-e5a5-7c98-639179dd429b}\@ --> REMOVED AT REBOOT
[ZeroAccess][FOLDER] U : c:\windows\installer\{b68e7a3f-8d17-e5a5-7c98-639179dd429b}\U --> RAR ERROR
[ZeroAccess][FOLDER] L : c:\windows\installer\{b68e7a3f-8d17-e5a5-7c98-639179dd429b}\L --> RAR ERROR
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> REMOVED AT REBOOT
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> REMOVED AT REBOOT
[Susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> REPLACED AT REBOOT (c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe)
[ZeroAccess][Sig found] services.exe : c:\windows\system32\services.exe --> CANNOT FIX
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6475GSX ATA Device +++++
--- User ---
[MBR] b5809dd9b7363cbacf8a39c691158121
[BSP] 25aa688f1fa44ddf8277e6c522f05859 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 399 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 819200 | Size: 304589 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 624617472 | Size: 305491 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; 
RKreport[6].txt


----------



## Mark1956 (May 7, 2011)

You appear to have run RogueKiller more often than instructed, please try to stick with my instructions .

First, please uninstall the game Diablo II as it is causing confusion in the log results.

I'd then like you to run RogueKiller one more time, when the scan finishes click on the Delete button and post the log it produces.


----------



## computernoob1 (Aug 16, 2012)

sorry about not following ur instructions but my computer ofte freezes and that so i dont know what worked and what did not also all my pictures and fles are gone it has deleted my whole user acount is there any chance of getting that back??
as every thing is gone is there a way to like delete evrything and start again?
cant find diablo he search doesnt work and all the folders are messed up the folder that it mentions in the log isnt there what should i do?


----------



## Mark1956 (May 7, 2011)

Ok, it will help me to help you if you keep me informed when these problems occur so when I see the logs I know what has been going on. Try to remember I can't see what is happening at your end .

Your system is clearly suffering from this infection, but we need to get the system clean before we can attempt to get it back to normal. If the system is severely corrupted then it may be necessary to do a re-install of Windows as a last resort. 

As you cannot find Diablo then you may have to re-install it after we have finished. RogueKiller may delete some of its files but that is a risk we have to take at this stage.

Please run RogueKiller again as directed in my last post. Let me know of any problems you have.


----------



## computernoob1 (Aug 16, 2012)

2 logs came up i think 1 came after i pressed delete so this is that 1
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : scott #1 [Admin rights]
Mode : Remove -- Date : 09/02/2012 18:26:13
¤¤¤ Bad processes : 3 ¤¤¤
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 26 ¤¤¤
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> DELETED
[TASK][ROGUE ST] 4788 : wscript.exe -> DELETED
[TASK][SUSP PATH] {51421C7D-819D-46F3-96BF-17F84702F4FC} : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo II\Diablo II.exe -> DELETED
[TASK][SUSP PATH] {53C95B99-4EBE-4C3C-868C-EBEB89D97C17} : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo II\Diablo II.exe -> DELETED
[TASK][SUSP PATH] {826AB468-5774-47F5-8DCC-9A9C551A7CAF} : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo II\Diablo II.exe -> DELETED
[TASK][SUSP PATH] {AC54762C-0980-4493-AF7B-F54D33C545F9} : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo II\Diablo II.exe -> DELETED
[TASK][SUSP PATH] {B2A9FD40-FC82-47E5-8B48-24B5DFE93844} : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo II\Diablo II.exe -> DELETED
[TASK][SUSP PATH] {D15EF3EC-1F57-4419-A229-1AF3A82C1620} : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo II\Diablo II.exe -> DELETED
[TASK][SUSP PATH] {D5E94A23-F06E-4A46-AE9F-36C6FA35D0A3} : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo II\Diablo II.exe -> DELETED
[TASK][SUSP PATH] {D817DA7D-FACA-4BD5-9C64-A6CB8A8A8E93} : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo II\Diablo II.exe -> DELETED
[TASK][SUSP PATH] {D9E2CC70-3A4F-4542-BF7A-FDC77006AE32} : C:\Users\scott #1\Desktop\****\game ****\Diablo II Lord of Destruction (v1.13c)\Diablo II\Diablo II.exe -> DELETED
[STARTUP][BLACKLIST DLL] nnnv0.8702459693948403.exe.lnk @scott white : C:\Windows\System32\rundll32.exe|C:\Users\SCOTTW~1\AppData\Local\Temp\nnnv0.8702459693948403.exe,SuppS -> DELETED
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSearch (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowDownloads (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILEASSO] HKLM\[...]\command : (C:\Program Files (x86)\Internet Explorer\iexplore.exe) -> REPLACED ("C:\Program Files (x86)\Internet Explorer\iexplore.exe")
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{b68e7a3f-8d17-e5a5-7c98-639179dd429b}\U --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> REPLACED AT REBOOT (C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe)
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤


----------



## Mark1956 (May 7, 2011)

From that log it looks like we are making some progress, please do exactly the same thing again and post the log. Make sure you copy the entire log as the last one is missing the bottom section.


----------



## Mark1956 (May 7, 2011)

Are you still with us?


----------



## computernoob1 (Aug 16, 2012)

ye sorry i was away again and here is the log 2 came up so this is the 1 that came after i pressed delete
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : scott #1 [Admin rights]
Mode : Remove -- Date : 09/05/2012 15:57:50
¤¤¤ Bad processes : 2 ¤¤¤
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 6 ¤¤¤
[TASK][PREVRUN] ProgramDataUpdater : C:\Windows\System32\rundll32.exe -> DELETED
[TASK][PREVRUN] Proxy : C:\Windows\System32\rundll32.exe -> DELETED
[TASK][PREVRUN] SR : C:\Windows\System32\rundll32.exe -> DELETED
[TASK][PREVRUN] IpAddressConflict1 : C:\Windows\System32\rundll32.exe -> DELETED
[TASK][PREVRUN] IpAddressConflict2 : C:\Windows\System32\rundll32.exe -> DELETED
[FILEASSO] HKLM\[...]\command : ("C:\Program Files (x86)\Internet Explorer\iexplore.exe") -> REPLACED ("C:\Program Files (x86)\Internet Explorer\iexplore.exe")
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6475GSX ATA Device +++++
--- User ---
[MBR] b5809dd9b7363cbacf8a39c691158121
[BSP] 25aa688f1fa44ddf8277e6c522f05859 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 399 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 819200 | Size: 304589 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 624617472 | Size: 305491 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[10].txt >>
RKreport[10].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; 
RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

and thanks so much


----------



## Mark1956 (May 7, 2011)

Looks like we are still making progress. Run RogueKiller again and post the log, then run Combofix and see if it will produce a log and post it if it does.


----------



## computernoob1 (Aug 16, 2012)

i ran rogue killer bt didnt press delete as u didnt say s heres thhe log:
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : scott #1 [Admin rights]
Mode : Scan -- Date : 09/06/2012 16:33:35
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 1 ¤¤¤
[FILEASSO] HKLM\[...]\command : ("C:\Program Files (x86)\Internet Explorer\iexplore.exe") -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6475GSX ATA Device +++++
--- User ---
[MBR] b5809dd9b7363cbacf8a39c691158121
[BSP] 25aa688f1fa44ddf8277e6c522f05859 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 399 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 819200 | Size: 304589 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 624617472 | Size: 305491 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[12].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[1].txt ; RKreport[2].txt ; 
RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; 
RKreport[8].txt ; RKreport[9].txt


----------



## Mark1956 (May 7, 2011)

That log is looking a lot better, what happened with Combofix?


----------



## computernoob1 (Aug 16, 2012)

ye its stuck on deleteing files for like 3hours just thought i would show u tht though


----------



## computernoob1 (Aug 16, 2012)

no sorry deteting folders if it means anything


----------



## Mark1956 (May 7, 2011)

Ok, sounds like there is something in your system that could be causing problems for Combofix. If it has not finished by the time you read this shut the system down by holding in the power button.

Please follow this to post the DDS logs.

We need to see some additional information about what is happening in your machine. 
Please download *DDS* by sUBs from one of the following links and save it to your desktop.`
DDS is a specialized tool that produces a *Psuedo HijackThis Report* (a scaled down and simplified version of 'HJT lines') that provides the same + more information in a condensed format.

*Link 1*
*Link 2*
*Link 3*
*NOTE* If your Anti Virus attempts to block the download please disable it following the instructions at the end of this guide.

Double click on the *DDS* icon, allow it to run.
A small box will open, with an explanation about the tool. 
When done, *DDS* will open two (2) logs.
* 1. DDS.txt
2. Attach.txt*
 Save both reports to your desktop.
 The instruction here asks you to attach the Attach.txt.








*Instead of attaching, please copy & paste both logs into your next reply.*
Close the program window, and delete the program from your desktop.
*Please note:* You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection. 
Run the scan, enable your A/V and reconnect to the internet. 
Information on A/V control *HERE*


----------



## computernoob1 (Aug 16, 2012)

ok my computer fell asleep and now the combofix window is the onlything up the rest is blank and it is saying please wait im going to turn off the power now and i logged on normaly and its all black

oh wait naw its coming up but it took a really long time no two combofix windows one black one blue keep poping up then closing downand the computer went black for a minute +no internet

sorry for the running comentry im watching it as it happens and i thought maby something might be important should i continue?


----------



## Mark1956 (May 7, 2011)

You can wait a while to see what happens next, but it sounds as if something is causing a problem for Combofix so I need to see the DDS logs.

If it remains unchanged and your hard drive light isn't flashing then hold in the power button to shut it down. If the light is flashing then Combofix is probably still working so wait a while.

If anything odd happens, you get error messages or no internet then reboot and it should clear up.


----------



## computernoob1 (Aug 16, 2012)

i rebooted it but still no internet so i will download the program off a usb stick and my computer whenever i turn it on it says toshiba tempro has stopped working if it means anything


----------



## computernoob1 (Aug 16, 2012)

here are logs

==== Installed Programs ======================
.
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4) MUI
Adobe Shockwave Player 11.6
Age of Empires III - The Asian Dynasties
Age of Mythology Gold Edition 1.00
ALOT Appbar
AMD USB Filter Driver
AMD VISION Engine Control Center
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
µTorrent
BBC iPlayer Desktop
Bejeweled 2 Deluxe
Bejeweled 3
Bing Bar
Bing Bar Platform
blinkx beat
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chicken Invaders 3 - Revenge of the Yolk
Chuzzle Deluxe
CodecC
Coupon Printer for Windows
D3DX10
DC Universe Online Live
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
Disney Pirates of the Caribbean Online
DivX Setup
Driver Robot
DriverUpdate
Fable III
FATE
Final Drive: Nitro
FriendsChecker
Funmoods on IE and Chrome
GameSpy Arcade
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High-Definition Video Playback
HP Deskjet 3050 J610 series Help
HP Photo Creations
HP Update
Insaniquarium Deluxe
iNTERNET Turbo
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
MagicDisc 2.7.106
McAfee Security Scan Plus
McAfee SiteAdvisor
Medieval II Total War
Medieval II Total War : Kingdoms : Americas
Medieval II Total War : Kingdoms : Britannia
Medieval II Total War : Kingdoms : Crusades
Medieval II Total War : Kingdoms : Teutonic
Mesh Runtime
Microsoft .NET Framework 1.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual J# .NET Redistributable Package 1.1
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero Kwik Media
Nero Multimedia Suite 10 Essentials
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NeroKwikMedia Help (CHM)
Norton AntiVirus
Penguins!
Pirates of the Caribbean
Plants vs. Zombies - Game of the Year
Pokemon Black & White PC [Hyperdrive25]
Polar Bowler
PoxNora 1.4.7.0
PricePeep for Internet Explorer
Reader Library by Sony
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek USB 2.0 Reader Driver
RealUpgrade 1.1
Search-Results Toolbar
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype Click to Call
Skype™ 5.10
Slingo Deluxe
SPORE™
SPORE™ Creepy & Cute Parts Pack
SPORE™ Galactic Adventures
Spotify
Star wars Battlefront II version 1.3
StarCraft II
Steam
SweetIM for Messenger 3.6
SweetPacks Toolbar for Internet Explorer 4.5
swMSM
The Battle for Middle-earth (tm) II
The Last Hope of the Third Age
The Lord of the Rings, The Rise of the Witch-king
The Lord of the Rings: War in the North
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
TOSHIBA Online Product Information
TOSHIBA Places Icon Utility
TOSHIBA Recovery Media Creator
TOSHIBA Recovery Media Creator Reminder
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA TEMPRO
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
TRORMCLauncher
Tunngle beta
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update Installer for WildTangent Games App
Update Manager for SweetPacks 1.0
uTorrentControl Toolbar
uTorrentControl2 Toolbar
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.11
Warcraft III
Wedding Dash 2 - Rings Around the World
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalleri
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Meshin etäyhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
WinRAR 4.01 (32-bit)
Wondershare 1-Click PC Care (Version 7.5.3)
Wondershare PC Care Toolbar v6.2
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Free Antivirus + Firewall
ZoneAlarm Security
Zuma Deluxe
.
==== End Of File ===========================

and

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421
Run by scott #1 at 18:56:05 on 2012-09-08
.
============== Running Processes ===============
.
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Wondershare\1-Click PC Care\CareMon.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Users\scott #1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
c:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\Users\scott #1\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://home.sweetim.com/?barid={35303CD4-C892-4E21-A7B1-011F766BB1C3}
uURLSearchHooks: Wondershare PC Care Toolbar: {bee9ae08-b4e5-4021-ae8b-0befc64d537b} - C:\Program Files (x86)\Wondershare PC Care Toolbar\IE\6.2\pccareToolbarIE.dll
uURLSearchHooks: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files (x86)\uTorrentControl\prxtbuToerror.dll
mURLSearchHooks: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files (x86)\uTorrentControl\prxtbuToerror.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 : {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: CodecC Class: {3ec9fe54-c6bd-4c5a-b7f5-a50433c87c0f} - C:\ProgramData\CodecC\bhoclass.dll
BHO: CodecC Class: {56fd8d70-0aa2-443f-a549-a4651a8d0aa7} - C:\ProgramData\CodecC\bhoclass.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: ALOT Appbar Helper: {85f5cf95-ec8f-49fc-bb3f-38c79455cba2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Wondershare PC Care Toolbar: {bee9ae08-b4e5-4021-ae8b-0befc64d537b} - C:\Program Files (x86)\Wondershare PC Care Toolbar\IE\6.2\pccareToolbarIE.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
BHO: Softonic Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files (x86)\uTorrentControl\prxtbuToerror.dll
BHO: SweetPacks Browser Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO: PricePeep: {fd6d90c0-e6ee-4bc6-b9f7-9ed319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll
BHO: FriendsChecker: {fed6a736-129b-49c7-857e-25fc91e87db3} - C:\Program Files (x86)\FriendsChecker\DynConIE\DynConIE.dll
TB: Softonic Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: ALOT Appbar: {a531d99c-5a22-449b-83da-872725c6d0ed} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files (x86)\uTorrentControl\prxtbuToerror.dll
TB: SweetPacks Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: Wondershare PC Care Toolbar: {bee9ae08-b4e5-4021-ae8b-0befc64d537b} - C:\Program Files (x86)\Wondershare PC Care Toolbar\IE\6.2\pccareToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
uRun: [Hide IP Easy] C:\Program Files (x86)\HideIPEasy\HideIPEasy.exe
uRun: [Auto Hide IP] C:\Program Files (x86)\AutoHideIP\AutoHideIP.exe
uRun: [Super Hide IP] C:\Program Files (x86)\SuperHideIP\SuperHideIP.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Spotify] "C:\Users\scott #1\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\scott #1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
mRun: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [combofix] C:\ComboFix\CF16921.3XE /c C:\ComboFix\Combobatch.bat
dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: Interfaces\{2B694762-3605-45DB-8BAD-4DABEABF4970}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{2B694762-3605-45DB-8BAD-4DABEABF4970}\2445F40756E6A7F6E656D284 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{2B694762-3605-45DB-8BAD-4DABEABF4970}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2B694762-3605-45DB-8BAD-4DABEABF4970}\A41636B6723702E6564777F627B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2B694762-3605-45DB-8BAD-4DABEABF4970}\A61636B672372C0AE6564777F627B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2B694762-3605-45DB-8BAD-4DABEABF4970}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 : {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: CodecC Class: {3EC9FE54-C6BD-4C5A-B7F5-A50433C87C0F} - C:\ProgramData\CodecC\bhoclass.dll
BHO-X64: CodecC - No File
BHO-X64: CodecC Class: {56FD8D70-0AA2-443F-A549-A4651A8D0AA7} - C:\ProgramData\CodecC\bhoclass.dll
BHO-X64: CodecC - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: ALOT Appbar Helper: {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
BHO-X64: ALOT Appbar Helper - No File
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Wondershare PC Care Toolbar: {bee9ae08-b4e5-4021-ae8b-0befc64d537b} - C:\Program Files (x86)\Wondershare PC Care Toolbar\IE\6.2\pccareToolbarIE.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
BHO-X64: Softonic Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Search-Results Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files (x86)\uTorrentControl\prxtbuToerror.dll
BHO-X64: uTorrentControl - No File
BHO-X64: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO-X64: SWEETIE - No File
BHO-X64: PricePeep: {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll
BHO-X64: PricePeep - No File
BHO-X64: FriendsChecker: {FED6A736-129B-49C7-857E-25FC91E87DB3} - C:\Program Files (x86)\FriendsChecker\DynConIE\DynConIE.dll
BHO-X64: FriendsChecker - No File
TB-X64: Softonic Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: ALOT Appbar: {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files (x86)\uTorrentControl\prxtbuToerror.dll
TB-X64: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB-X64: Wondershare PC Care Toolbar: {bee9ae08-b4e5-4021-ae8b-0befc64d537b} - C:\Program Files (x86)\Wondershare PC Care Toolbar\IE\6.2\pccareToolbarIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
mRun-x64: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun-x64: [combofix] C:\ComboFix\CF16921.3XE /c C:\ComboFix\Combobatch.bat
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
2 CareMon;CareMon
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? AVGIDSAgent;AVGIDSAgent
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? GamesAppService;GamesAppService
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? McComponentHostService;McAfee Security Scan Component Host Service
R? McMPFSvc;McAfee Personal Firewall Service
R? Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service
R? osppsvc;Office Software Protection Platform
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader
R? SkypeUpdate;Skype Updater
R? SrvHsfHDA;SrvHsfHDA
R? SrvHsfV92;SrvHsfV92
R? SrvHsfWinac;SrvHsfWinac
R? TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO)
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? TunngleService;TunngleService
R? WatAdminSvc;Windows Activation Technologies Service
R? wlcrasvc;Windows Live Mesh remote connections service
R? WSDPrintDevice;WSD Print Support via UMB
S? AdobeARMservice;Adobe Acrobat Update Service
S? AMD External Events Utility;AMD External Events Utility
S? amdkmdag;amdkmdag
S? amdkmdap;amdkmdap
S? Application Updater;Application Updater
S? AtiHDAudioService;ATI Function Driver for HD Audio Service
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSHA;AVGIDSHA
S? Avgldx64;AVG AVI Loader Driver
S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx64;AVG Anti-Rootkit Driver
S? Avgtdia;AVG TDI Driver
S? avgtp;avgtp
S? avgwd;AVG WatchDog
S? BHDrvx64;BHDrvx64
S? BtFilter;Bluetooth LowerFilter Class Filter Driver
S? ccHP;Symantec Hash Provider
S? cfWiMAXService;ConfigFree WiMAX Service
S? ConfigFree Service;ConfigFree Service
S? cvhsvc;Client Virtualization Handler
S? IDSVia64;IDSVia64
S? ISWKL;ZoneAlarm LTD Toolbar ISWKL
S? IswSvc;ZoneAlarm LTD Toolbar IswSvc
S? kl2;kl2
S? L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller
S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
S? NAUpdate;Nero Update
S? NAV;Norton AntiVirus
S? PGEffect;Pangu effect driver
S? QIOMem;Generic IO & Memory Access
S? Sftfs;Sftfs
S? sftlist;Application Virtualization Client
S? Sftplay;Sftplay
S? Sftredir;Sftredir
S? Sftvol;Sftvol
S? sftvsa;Application Virtualization Service Agent
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? SymIRON;Symantec Iron Driver
S? SYMTDIv;Symantec Vista Network Dispatch Driver
S? tap0901t;TAP-Win32 Adapter V9 (Tunngle)
S? TMachInfo;TMachInfo
S? TOSHIBA eco Utility Service;TOSHIBA eco Utility Service
S? TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service
S? TPCHSrv;TPCH Service
S? TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver
S? usbfilter;AMD USB Filter Driver
S? vToolbarUpdater12.2.6;vToolbarUpdater12.2.6
S? vwififlt;Virtual WiFi Filter Driver
S? vwifimp;Microsoft Virtual WiFi Miniport Service
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-09-07 15:05:27 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-06 16:06:04 98816 ----a-w- C:\Windows\sed.exe
2012-09-06 16:06:04 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-06 16:06:04 256000 ----a-w- C:\Windows\PEV.exe
2012-09-06 16:06:04 208896 ----a-w- C:\Windows\MBR.exe
2012-09-06 14:44:28 -------- d-----w- C:\Users\scott #1\AppData\Local\{1B58B89C-5D8A-42B8-ABDD-AC371929CD32}
2012-09-02 16:27:43 -------- d-----w- C:\Users\scott #1\AppData\Local\{5FE78550-0F81-4D08-9446-835F4B0F8EDA}
2012-09-02 12:27:25 -------- d-----w- C:\Users\scott #1\New folder
2012-09-01 20:52:13 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-09-01 20:50:59 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-09-01 10:19:33 -------- d-----w- C:\Users\scott #1\AppData\Local\{978A6B2A-D445-48F1-AF04-AA6C53AA2D5D}
2012-08-26 19:27:34 -------- d--h--w- C:\Users\scott #1\AppData\Local\{9B4BEB1C-6AB1-44E9-AA25-CF84EC0370E2}
2012-08-26 18:50:06 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-08-26 18:49:29 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-08-25 18:10:50 -------- d--h--w- C:\Users\scott #1\AppData\Local\{6E6096B2-4F46-47DE-AAA2-C213786DA832}
2012-08-25 17:55:15 -------- d--h--w- C:\Users\scott #1\AppData\Local\{0E7F8CE3-BCFD-4721-BDBF-7F265CB62B71}
2012-08-25 17:46:52 -------- d--h--w- C:\Users\scott #1\AppData\Local\{51E892AC-4EAE-4611-80DE-05338BDF8FF0}
2012-08-19 14:46:02 -------- d--h--w- C:\Users\scott #1\AppData\Local\{F7219F80-B471-443F-A5DE-3D2AEA54A8B6}
2012-08-17 22:05:36 -------- d--h--w- C:\Users\scott #1\AppData\Local\{3BF4B94E-A93F-474F-BA8B-05AF53C1A0BD}
2012-08-17 17:52:53 -------- d--h--w- C:\Users\scott #1\AppData\Local\{4427E5FC-3BC9-418E-A949-64360378DB9A}
2012-08-17 17:44:58 328704 ----a-w- C:\Windows\System32\services.exe.F1C598EDD8F802F7
2012-08-16 14:41:02 -------- d--h--w- C:\Users\scott #1\AppData\Local\{B53F23BB-E249-4C19-9901-2333F233BEBB}
2012-08-16 14:36:06 -------- d-----w- C:\Windows\System32\MpEngineStore
2012-08-16 06:40:46 328704 ----a-w- C:\Windows\System32\services.exe.9EEB48A02EB57BC2
2012-08-15 14:50:16 -------- d--h--w- C:\Users\scott #1\AppData\Local\{EB0ADFB4-F50D-402F-8DB9-97ED1DC2FDDA}
2012-08-15 06:32:59 -------- d--h--w- C:\Users\scott #1\AppData\Local\{B5C21B3E-F52F-4BA5-B44F-2287B279EAAE}
2012-08-14 19:39:29 -------- d--h--w- C:\Users\scott #1\AppData\Local\{E373AC96-D373-4E10-BFAF-2F7483D44BC6}
2012-08-14 15:33:29 -------- d--h--w- C:\Users\scott #1\AppData\Local\{114FDF29-4229-4E15-940A-5C5D0F65DFBA}
2012-08-14 00:53:30 -------- d--h--w- C:\Users\scott #1\AppData\Local\{3EBADC0B-BE93-44BB-8990-25F70C24446E}
2012-08-13 14:19:39 -------- d--h--w- C:\Users\scott #1\AppData\Local\{4C29DA09-B50D-49B7-936E-147DD1FF72BB}
2012-08-12 19:28:34 -------- d--h--w- C:\Users\scott #1\AppData\Local\{0E5047B6-CFA4-4478-8675-29FA7C16C963}
2012-08-12 09:25:32 -------- d--h--w- C:\ProgramData\Battle.net
2012-08-12 08:54:40 -------- d--h--w- C:\ProgramData\Blizzard Entertainment
2012-08-12 08:54:39 -------- d--h--w- C:\Program Files (x86)\StarCraft II
2012-08-11 21:03:46 -------- d--h--w- C:\Users\scott #1\SC2-WingsOfLiberty-enGB-Installer
2012-08-09 22:36:56 -------- d--h--w- C:\Users\scott #1\AppData\Local\{E2D975FF-35AF-4888-98DC-6FDCEBB85551}
2012-08-09 21:43:13 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-08-09 21:36:32 -------- d--h--w- C:\Users\scott #1\AppData\Roaming\Uggopiu
2012-08-09 21:36:32 -------- d--h--w- C:\Users\scott #1\AppData\Roaming\Byivq
.
==================== Find3M ====================
.
2012-09-01 20:50:59 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-08-26 15:33:50 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-26 15:33:50 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 18:09:23 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2012-07-03 18:09:22 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2012-07-03 18:09:22 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 18:58:35.66 ===============


----------



## Mark1956 (May 7, 2011)

The Toshiba Tempro I think has something to do with updating the systems drivers, but that can be left until later.

Having now seen the DDS logs I am regretting not asking for them earlier. The biggest problem you have, which is most likely the main reason why Combofix will not finish, is three Anti Virus programs on the system. This needs to be dealt with before we can go any further. There are some other programs that should also be removed.

Please go into Programs and Features via the Control Panel and uninstall all of the following:

µTorrent
Java Auto Updater
Java(TM) 6 Update 20
McAfee Security Scan Plus
McAfee SiteAdvisor
Norton AntiVirus
uTorrentControl Toolbar
uTorrentControl2 Toolbar
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Free Antivirus + Firewall
ZoneAlarm Security
AVG2012
AVG Secure Search
Wondershare 1-Click PC Care (Version 7.5.3)
Wondershare PC Care Toolbar v6.2
SweetIM for Messenger 3.6
SweetPacks Toolbar for Internet Explorer 4.5
PricePeep for Internet Explorer
Update Manager for SweetPacks 1.0
Tunngle beta
ALOT Appbar
Softonic Toolbar (or anything relating to *Ask*)

Then please download and transfer the Uninstall Tools from the following links onto the desktop of the problem PC and run each one. Follow any prompts given and reboot after 
each one completes.

AVG Removal tool
Norton Uninstall Tool
ZoneAlarm removal tool
McAfee Removal Tool

Once that is done download and install this: Microsoft Security Essentials

When that is completed please run Combofix again, with the above programs removed it should complete and produce a log after the reboot.

Give me all the details of any problems encountered.


----------



## computernoob1 (Aug 16, 2012)

some of the programs listed were not there
the mcafee wasnt there and the removal program said incomplete uninstallation because of an error obtaining full permissions for cleanup
combofix worked so thats good took a long time though this is the log:

ComboFix 12-09-06.01 - scott #1 09/09/2012 12:48:54.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5735.4113 [GMT 1:00]
Running from: C:\Users\scott #1\Downloads\ComboFix.exe
Command switches used :: C:\Users\scott #1\Downloads\ComboFix.exe 
AV: Microsoft Security Essentials *Enabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\ProgramData\CodecC\bhoclass.dll
---- Previous Run -------
C:\Program Files (x86)\alotappbar
C:\Program Files (x86)\alotappbar\alotUninst.exe
C:\Program Files (x86)\alotappbar\bin\alotappbar.dll
C:\Program Files (x86)\alotappbar\bin\alothelper.dll
C:\Program Files (x86)\alotappbar\bin\ALOTSettings.exe
C:\Program Files (x86)\alotappbar\bin\alotwidgets.exe
C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
C:\Program Files (x86)\Blinkx
C:\Program Files (x86)\Blinkx\blinkx.ico
C:\Program Files (x86)\Blinkx\blinkxss.exe
C:\Program Files (x86)\Blinkx\blinkxstop.exe
C:\Program Files (x86)\Blinkx\lang.dll
C:\Program Files (x86)\Blinkx\templates\beat.ico
C:\Program Files (x86)\Blinkx\templates\index.html
C:\Program Files (x86)\Blinkx\templates\noflash.html
C:\Program Files (x86)\Blinkx\templates\offline.html
C:\Program Files (x86)\Blinkx\templates\offline.swf
C:\Program Files (x86)\Blinkx\templates\uninstall.exe
C:\Program Files (x86)\Vid-Saver
C:\Program Files (x86)\Vid-Saver\Uninstall.exe
C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll
C:\Program Files (x86)\Vid-Saver\Vid-Saver.exe
C:\Program Files (x86)\Vid-Saver\Vid-Saver.ico
C:\Program Files (x86)\Vid-Saver\Vid-Saver.ini
C:\Program Files (x86)\Vid-Saver\Vid-SaverGui.exe
C:\Program Files (x86)\Vid-Saver\Vid-SaverInstaller.log
C:\ProgramData\22cd857d
C:\ProgramData\CodecC\bhoclass.dll
C:\ProgramData\NOTEPAD.EXE-x.txt
C:\ProgramData\P5p3M8Qj8NUsIk
C:\ProgramData\RUNDLL32.EXE-x.txt
C:\Users\scott #1\AppData\Local\Vid-Saver
C:\Users\scott #1\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx
C:\Windows\SysWow64\URTTemp
C:\Windows\SysWow64\URTTemp\regtlib.exe

((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))

2012-09-09 12:04:13 . 2012-09-09 12:04:13 -------- d-----w- C:\Users\scottttt\AppData\Local\temp
2012-09-09 12:04:13 . 2012-09-09 12:04:13 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-09-09 12:04:13 . 2012-09-09 12:04:13 -------- d-----w- C:\Users\dad\AppData\Local\temp
2012-09-09 11:43:19 . 2012-09-09 11:43:20 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-09-09 11:43:08 . 2012-09-09 11:43:34 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-09-09 11:33:22 . 2012-09-09 11:33:22 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2012-09-09 11:27:53 . 2012-09-09 11:28:00 -------- d-----w- C:\Program Files (x86)\CheckPoint
2012-09-09 11:10:50 . 2012-09-09 11:10:50 -------- d-----w- C:\Users\scott #1\AppData\Roaming\Tunngle
2012-09-08 19:07:25 . 2012-09-08 19:07:45 -------- d-----w- C:\Users\scott #1\AppData\Local\ApplicationHistory
2012-09-02 12:27:25 . 2012-09-02 12:27:25 -------- d-----w- C:\Users\scott #1\New folder
2012-09-01 20:52:13 . 2012-09-01 20:52:13 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-09-01 20:50:59 . 2012-09-01 20:50:59 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-09-01 20:50:52 . 2012-09-01 20:52:25 -------- d-----w- C:\Program Files (x86)\Real
2012-08-17 17:44:58 . 2012-08-17 17:44:58 328704 ----a-w- C:\Windows\system32\services.exe.F1C598EDD8F802F7
2012-08-16 14:36:06 . 2012-08-17 21:55:34 -------- d-----w- C:\Windows\system32\MpEngineStore
2012-08-16 06:40:46 . 2012-08-16 06:40:46 328704 ----a-w- C:\Windows\system32\services.exe.9EEB48A02EB57BC2
2012-08-12 09:25:32 . 2012-08-12 09:25:53 -------- d--h--w- C:\ProgramData\Battle.net
2012-08-12 08:54:40 . 2012-08-12 09:43:19 -------- d--h--w- C:\ProgramData\Blizzard Entertainment
2012-08-12 08:54:39 . 2012-08-13 13:27:31 -------- d--h--w- C:\Program Files (x86)\StarCraft II
2012-08-11 21:03:46 . 2012-08-12 02:55:44 -------- d--h--w- C:\Users\scott #1\SC2-WingsOfLiberty-enGB-Installer
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-09-01 20:50:59 . 2003-02-21 04:42:22 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-08-26 15:33:50 . 2012-04-07 19:46:38 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-26 15:33:50 . 2011-12-19 21:06:49 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 02:03:23 . 2011-12-23 01:08:59 59701280 ----a-w- C:\Windows\system32\MRT.exe
2012-07-03 18:09:23 . 2012-06-10 14:48:03 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2012-07-03 18:09:22 . 2012-06-10 14:48:03 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2012-07-03 18:09:22 . 2012-06-10 14:48:02 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
2012-06-12 03:08:36 . 2012-07-12 02:11:30 3148800 ----a-w- C:\Windows\system32\win32k.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9df9360-97f8-4690-afe6-996c80790da4}"= "C:\Program Files (x86)\uTorrentControl\prxtbuToerror.dll" [2011-05-09 08:49:38 176936]
[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 09:49:38 176936 ----a-w- C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 19:40:42 1492456 ----a-w- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{e9df9360-97f8-4690-afe6-996c80790da4}]
2011-05-09 08:49:38 176936 ----a-w- C:\Program Files (x86)\uTorrentControl\prxtbuToerror.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 19:40:42 1492456]
"{e9df9360-97f8-4690-afe6-996c80790da4}"= "C:\Program Files (x86)\uTorrentControl\prxtbuToerror.dll" [2011-05-09 08:49:38 176936]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 09:49:38 176936]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 07:40:36 846936]
"Steam"="C:\Program Files (x86)\Steam\Steam.exe" [2012-08-04 12:12:23 1353080]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-03 03:58:00 39408]
"Spotify"="C:\Users\scott AAEEDE4C142BDF3BE599F2420CD531128EBB1ED1\AppData\Roaming\Spotify\Spotify.exe" [2012-08-26 15:52:53 5576408]
"Spotify Web Helper"="C:\Users\scott B0BC86120588D517ACD0BE21A31590B8BB4CBF67\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-26 15:52:52 1193176]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" [2008-04-01 09:39:48 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 20:51:36 35768]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 20:51:26 919008]
"ITSecMng"="C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-01 15:42:08 80840]
"ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 13:45:54 1295736]
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 17:22:24 91520]
"ApnUpdater"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [2011-05-17 19:40:52 395240]
"Reader Library Launcher"="C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 01:34:46 906648]
"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 23:08:12 1259376]
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 19:55:54 49208]
"TkBellExe"="C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-09-01 20:51:03 296096]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 07:40:36 846936]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2011-5-9 2750376]
Toshiba Places Icon Utility.lnk - C:\Program Files\Toshiba\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-8-3 1492352]
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 03:56:49 136176]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 12:28:36 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-26 15:35:46 250056]
R3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 17:59:12 206072]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 03:56:49 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 17:51:12 30963576]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 19:44:12 98688]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-03-26 17:49:56 291696]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 21:34:24 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [2010-12-01 14:12:06 250984]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RTSUVSTOR.sys [2010-11-30 12:40:04 307304]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 21:01:11 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 21:01:11 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 21:01:11 740864]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 07:02:42 31232]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 07:25:36 112080]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 13:45:52 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 13:42:54 137632]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 09:46:14 828856]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 03:24:33 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 03:23:47 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-12-12 18:59:09 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 00:39:20 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 16:10:10 57184]
S0 sptd;sptd;C:\Windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 12:51:26 63960]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2011-06-28 20:49:40 204288]
S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 14:44:40 249200]
S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 16:51:20 46448]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 14:22:40 822624]
S2 NAUpdate;Nero Update;c:\Program Files (x86)\Nero\Update\NASvc.exe [2011-03-29 13:33:08 598312]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 08:30:18 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-12-08 13:55:26 267192]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 17:15:22 14472]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2011-06-28 22:12:30 9371136]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [2011-06-28 20:11:22 309760]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys [2010-09-24 05:46:32 116752]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\Windows\system32\DRIVERS\btfilter.sys [2010-10-18 12:14:02 42096]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys [2011-02-09 09:29:10 77424]
S3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys [2011-02-08 17:07:00 38096]
S3 QIOMem;Generic IO & Memory Access;C:\Windows\system32\drivers\QIOMem.sys [2009-06-15 11:58:50 12800]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 08:30:10 764264]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 08:30:18 268648]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 08:30:18 25960]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 08:30:22 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 08:30:22 219496]
S3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys [2009-06-05 02:53:42 34872]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 00:07:28 17920]

Contents of the 'Scheduled Tasks' folder
2012-09-07 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 19:46:38 . 2012-08-26 15:35:46]
2012-09-02 C:\Windows\Tasks\Driver Robot.job
- C:\Program Files (x86)\Driver Robot\Driver Robot.lnk [2012-07-30 19:49:51 . 2012-07-30 19:49:51]
2012-09-06 C:\Windows\Tasks\DriverUpdate Startup.job
- C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2012-07-02 14:12:14 . 2012-07-02 14:12:14]
2012-09-06 C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd603c7bcd7c55.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 03:56:51 . 2011-08-03 03:56:49]
2012-09-07 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 03:56:51 . 2011-08-03 03:56:49]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 07:25:42 1546720]
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 11:07:22 316032]
"TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 13:43:12 710040]
"TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 12:31:34 24376]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaReminder.exe" [2011-08-03 04:11:50 150992]
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe" [2012-03-26 17:54:34 1271168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
------- Supplementary Scan -------
uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
- - - - ORPHANS REMOVED - - - -
BHO-{3EC9FE54-C6BD-4C5A-B7F5-A50433C87C0F} - C:\ProgramData\CodecC\bhoclass.dll
BHO-{56FD8D70-0AA2-443F-A549-A4651A8D0AA7} - C:\ProgramData\CodecC\bhoclass.dll
BHO-{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
Toolbar-Locked - (no file)
Toolbar-{A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
Wow6432Node-HKCU-Run-Hide IP Easy - C:\Program Files (x86)\HideIPEasy\HideIPEasy.exe
Wow6432Node-HKCU-Run-Auto Hide IP - C:\Program Files (x86)\AutoHideIP\AutoHideIP.exe
Wow6432Node-HKCU-Run-Super Hide IP - C:\Program Files (x86)\SuperHideIP\SuperHideIP.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E9DF9360-97F8-4690-AFE6-996C80790DA4} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-TosNC - C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
AddRemove-Coupon Printer for Windows5.0.0.0 - C:\Program Files (x86)\Coupons\uninstall.exe
AddRemove-Digital Editions - C:\Program Files (x86)\Adobe\Adobe Digital Editions\uninstall.exe
AddRemove-{B931FB80-537A-4600-00AD-AC5DEDB6C25B} - C:\Program Files (x86)\Electronic Arts\The Lord of the Rings
AddRemove-blinkx beat - C:\Program Files (x86)\Blinkx\templates\uninstall.exe


----------



## computernoob1 (Aug 16, 2012)

just anotherthing now all my proram say illigal activitys or something like that whenever i try to open them i needed to move the lo


----------



## computernoob1 (Aug 16, 2012)

sorry pressed something by mistake to move the log onto another comuteer before i could open it


----------



## Mark1956 (May 7, 2011)

If you look back at the instructions for running Combofix you will see a NOTE about the illegal activity warning. Just reboot the computer and that will not re-appear.

We have got rid of a lot of dubious toolbars and now have only one Anti Virus. Also, Combofix has removed a good number of bad files. The problem with the McAfee removal tool is of no concern.

You have not copied the entire log from Combofix, please post it again and make sure you copy the log all the way to the end.

How well is the PC running now and do you have an internet connection back?

If the Internet connection has not recovered please follow these instructions:

Please download *Farbar Service Scanner* and run it on the computer with the issue.
*Make sure the following options are checked:*

*Internet Services*
Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


----------



## computernoob1 (Aug 16, 2012)

that was the hole log 
and here is the one about the internet connection log
Farbar Service Scanner Version: 06-08-2012
Ran by scott #1 (administrator) on 09-09-2012 at 15:17:41
Running from "C:\Users\scott #1\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors

Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## Mark1956 (May 7, 2011)

Ok, something went wrong when Combofix was creating its log as that is not complete, the last line should read something like this:

- - End Of File - - 995C3E3322F7D26FC19B938E30797B65

Have another look and make sure you are scrolling to the bottom, if there is no more of it then please run it again and post the next log. Please make sure you disable MSE before you run it. Click on the icon in your toolbar and click on OPEN when it appears, click on the Settings tab and then Realtime protection in the left pane then uncheck the box in the right pane and close the window.

Now to try and fix your internet connection.

Please download the attached zip file and transfer it to the faulty PC and save it to the desktop. Right click on it and select WinZip > Extract Here. Then double click on the extracted file and select Run, accept any prompts to allow it to merge with the Registry, reboot and see how the internet is now, if still not back on-line run run the Farbar Service Scanner again and post the new log.


----------



## computernoob1 (Aug 16, 2012)

the sharred access said error accessing the registry and heres the new combo fix 1
ComboFix 12-09-06.01 - scott #1 09/09/2012 17:38:29.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5735.4284 [GMT 1:00]
Running from: c:\users\scott #1\Downloads\ComboFix.exe
Command switches used :: c:\users\scott #1\Downloads\ComboFix.exe 
AV: Microsoft Security Essentials *Enabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\CodecC\bhoclass.dll
.
---- Previous Run -------
.
c:\programdata\CodecC\bhoclass.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))
.
.
2012-09-09 16:55 . 2012-09-09 16:55 -------- d-----w- c:\users\scottttt\AppData\Local\temp
2012-09-09 16:55 . 2012-09-09 16:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-09 16:55 . 2012-09-09 16:55 -------- d-----w- c:\users\dad\AppData\Local\temp
2012-09-09 11:43 . 2012-09-09 11:43 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-09-09 11:43 . 2012-09-09 11:43 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-09 11:33 . 2012-09-09 11:33 -------- d-s---w- c:\windows\SysWow64\Microsoft
2012-09-09 11:27 . 2012-09-09 11:28 -------- d-----w- c:\program files (x86)\CheckPoint
2012-09-09 11:10 . 2012-09-09 11:10 -------- d-----w- c:\users\scott #1\AppData\Roaming\Tunngle
2012-09-08 19:07 . 2012-09-08 19:07 -------- d-----w- c:\users\scott #1\AppData\Local\ApplicationHistory
2012-09-02 12:27 . 2012-09-02 12:27 -------- d-----w- c:\users\scott #1\New folder
2012-09-01 20:52 . 2012-09-01 20:52 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-09-01 20:50 . 2012-09-01 20:50 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-09-01 20:50 . 2012-09-01 20:52 -------- d-----w- c:\program files (x86)\Real
2012-08-17 17:44 . 2012-08-17 17:44 328704 ----a-w- c:\windows\system32\services.exe.F1C598EDD8F802F7
2012-08-16 14:36 . 2012-08-17 21:55 -------- d-----w- c:\windows\system32\MpEngineStore
2012-08-16 06:40 . 2012-08-16 06:40 328704 ----a-w- c:\windows\system32\services.exe.9EEB48A02EB57BC2
2012-08-12 09:25 . 2012-08-12 09:25 -------- d-----w- c:\programdata\Battle.net
2012-08-12 08:54 . 2012-08-12 09:43 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-08-12 08:54 . 2012-08-13 13:27 -------- d-----w- c:\program files (x86)\StarCraft II
2012-08-11 21:03 . 2012-08-12 02:55 -------- d-----w- c:\users\scott #1\SC2-WingsOfLiberty-enGB-Installer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 20:50 . 2003-02-21 04:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-08-26 15:33 . 2012-04-07 19:46 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-26 15:33 . 2011-12-19 21:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 02:03 . 2011-12-23 01:08 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 18:09 . 2012-06-10 14:48 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2012-07-03 18:09 . 2012-06-10 14:48 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2012-07-03 18:09 . 2012-06-10 14:48 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2012-06-12 03:08 . 2012-07-12 02:11 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( [email protected]_12.06.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-09-09 16:58 79116 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-09 16:34 62106 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-29 22:04 . 2012-09-09 16:34 17824 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-794785944-1427257573-3050441696-1004_UserData.bin
- 2011-12-11 15:27 . 2012-09-06 17:00 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-11 15:27 . 2012-09-09 12:42 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-11 15:27 . 2012-09-09 12:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-11 15:27 . 2012-09-06 17:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-09 12:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-06 17:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-09-09 16:56 . 2012-09-09 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-09 12:05 . 2012-09-09 12:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-09 16:56 . 2012-09-09 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-09 12:05 . 2012-09-09 12:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-09-09 12:04 386720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-09 16:55 386720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-09-21 20:06 . 2012-09-09 12:04 3499360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-09-21 20:06 . 2012-09-09 15:25 3499360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-01-29 22:17 . 2012-09-09 16:55 11805624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-794785944-1427257573-3050441696-1004-8192.dat
- 2012-01-29 22:17 . 2012-09-09 12:04 11805624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-794785944-1427257573-3050441696-1004-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9df9360-97f8-4690-afe6-996c80790da4}"= "c:\program files (x86)\uTorrentControl\prxtbuToerror.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3EC9FE54-C6BD-4C5A-B7F5-A50433C87C0F}]
c:\programdata\CodecC\bhoclass.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{56FD8D70-0AA2-443F-A549-A4651A8D0AA7}]
c:\programdata\CodecC\bhoclass.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}]
c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 19:40 1492456 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{e9df9360-97f8-4690-afe6-996c80790da4}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl\prxtbuToerror.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1492456]
"{A531D99C-5A22-449b-83DA-872725C6D0ED}"= "c:\program files (x86)\alotappbar\bin\ALOTHelper.dll" [BU]
"{e9df9360-97f8-4690-afe6-996c80790da4}"= "c:\program files (x86)\uTorrentControl\prxtbuToerror.dll" [2011-05-09 176936]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{a531d99c-5a22-449b-83da-872725c6d0ed}]
.
[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
"Hide IP Easy"="c:\program files (x86)\HideIPEasy\HideIPEasy.exe" [BU]
"Auto Hide IP"="c:\program files (x86)\AutoHideIP\AutoHideIP.exe" [BU]
"Super Hide IP"="c:\program files (x86)\SuperHideIP\SuperHideIP.exe" [BU]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-03 39408]
"Spotify"="c:\users\scott AAEEDE4C142BDF3BE599F2420CD531128EBB1ED1\AppData\Roaming\Spotify\Spotify.exe" [2012-08-26 5576408]
"Spotify Web Helper"="c:\users\scott B0BC86120588D517ACD0BE21A31590B8BB4CBF67\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-26 1193176]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-01 80840]
"TSleepSrv"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe" [BU]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-05-17 395240]
"Reader Library Launcher"="c:\program files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [BU]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-09-01 296096]
"ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2011-5-9 2750376]
Toshiba Places Icon Utility.lnk - c:\program files\Toshiba\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-8-3 1492352]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 136176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-26 250056]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-11-30 307304]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-12 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-28 204288]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-12-08 267192]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-28 9371136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-28 309760]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-02-09 77424]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 38096]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2009-06-15 12800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-06-05 34872]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 15:35]
.
2012-09-02 c:\windows\Tasks\Driver Robot.job
- c:\program files (x86)\Driver Robot\Driver Robot.lnk [2012-07-30 19:49]
.
2012-09-06 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2012-07-02 14:12]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd603c7bcd7c55.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 03:56]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 03:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2011-08-03 150992]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E9DF9360-97F8-4690-AFE6-996C80790DA4} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-794785944-1427257573-3050441696-1004\Software\SecuROM\License information*]
"datasecu"=hex:32,fa,45,99,b2,5f,36,9c,4f,67,cc,c3,03,6a,b6,9f,a6,b7,e8,02,ba,
77,cd,e8,7c,13,30,46,1d,59,a5,aa,d6,dd,16,9e,27,42,98,64,8c,2f,e7,9a,92,7f,\
"rkeysecu"=hex:c5,c2,ec,be,43,f5,91,58,1f,aa,d6,96,7d,84,a8,41
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-09 18:06:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-09 17:06
.
Pre-Run: 42,168,127,488 bytes free
Post-Run: 42,066,604,032 bytes free
.
- - End Of File - - 6DAD704407E31208531E12FB1A4EE9F9


----------



## Mark1956 (May 7, 2011)

Download this and save it to the desktop: Windows Repair
Run the tool and click on the *Step 3* tab to run the System File Checker.

When complete click on the tab *Start Repairs*, leave all the items in the list selected and click on the *Start* button. You will see quite a lot of activity, don't interfere with it in any way and leave it to complete and reboot the system.

Once the above is completed try to use the registry fix again.


----------



## computernoob1 (Aug 16, 2012)

i did wat u said but still no internet


----------



## Mark1956 (May 7, 2011)

Did you do this


> Once the above is completed try to use the registry fix again.


 if not please do it and if it failed again please tell me exactly what the error message says, try it again if you need to and take a note of the error.


----------



## computernoob1 (Aug 16, 2012)

it did not fail there was no error messager but i still dont have any internet


----------



## Mark1956 (May 7, 2011)

Please run the Farbar Service Scanner again with the following options checked:

*Internet Services*
*Windows Firewall*
*System Restore*
*Security Center*
*Windows Update*
*Windows Defender*
Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


----------



## Mark1956 (May 7, 2011)

In addition to the above also try this:

*Winsock repair.*

Click on Start and type *cmd* into the search box.
When the menu pops up right click on *CMD* and then click on *Run as Administrator*.
The Command Prompt box will open. Copy and Paste this command at the flashing cursor and hit the Enter key:
*netsh winsock reset*
You should see confirmation that the *Winsock Catalog* has been reset, if not please post what you do see.
Close the window and reboot the PC and check for internet connection.


----------



## computernoob1 (Aug 16, 2012)

all it says is spacific folder can not be fund as the flashing curser is infront of c:/windows/system32>


----------



## computernoob1 (Aug 16, 2012)

no sorry the system cannot find the file specified


----------



## computernoob1 (Aug 16, 2012)

this is far bar log
Farbar Service Scanner Version: 06-08-2012
Ran by scott #1 (administrator) on 13-09-2012 at 16:09:10
Running from "C:\Users\scott #1\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============
Firewall Disabled Policy: 
==================

System Restore:
============
System Restore Disabled Policy: 
========================

Action Center:
============
Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## Mark1956 (May 7, 2011)

Well, looks like the Shared Access fix worked, but the log shows there is a problem with the BITS service and reports it as not running.

Click on Start and then type *services.msc* into the search box and hit the Enter key.

Scroll down the list and double click on Background Intelligent Transfer Service.

When the box opens check that the Start Type is set to Automatic, if it isn't, change it and click on Apply.

Reboot the PC and run the same scan again with Farbar Service Scanner and post the log, also let me know if your Internet is still off.


----------



## computernoob1 (Aug 16, 2012)

SORRY but i could nt find the Background Intelligent Transfer Service. it wasnt in the list there was only 1 for services.msc and it wasnt in services


----------



## Mark1956 (May 7, 2011)

Download this: BITS Reg fix and save it to the dektop.
Double click on the file and select *Run*, accept any warnings. Once done reboot the PC. 
Check to see if the service is now there.


----------



## computernoob1 (Aug 16, 2012)

still not there


----------



## Mark1956 (May 7, 2011)

I've just looked back to post 59 where you said this:


> SORRY but i could nt find the Background Intelligent Transfer Service. it wasnt in the list there was only 1 for services.msc and it wasnt in services


 Are you actually looking in services, I'm not clear on what you mean by _"there was only 1 for services.msc and it wasnt in services"_

The window you should be looking in should appear like the attachment.


----------



## computernoob1 (Aug 16, 2012)

oooooooooohhhhhhh im so stupid ye i see it but when i try to open services a window pops up saying class not registered


----------



## Mark1956 (May 7, 2011)

Ok, I appreciate it is easy to misunderstand.

Lets try again, click on the Start button, bottom left corner of the desktop.
Type services.msc and click on the Enter key on your keyboard, you should then see the same as I posted in the attachment, no need to click on anything else.

Just tell me if you see the Background Intelligent Service in the list, in my screenshot it is showing between ASP.NET and Base Filtering...

In my screen shot the column 'Startup type' shows Manual, what does your show?


----------



## computernoob1 (Aug 16, 2012)

once i press enter though a message saying class not registered pops up


----------



## Mark1956 (May 7, 2011)

Ok, it sounds like your registry is damaged. Do you have a Windows 7 installation DVD?


----------



## computernoob1 (Aug 16, 2012)

no i got it with the computer


----------



## Mark1956 (May 7, 2011)

Ok, if crucial system files have been damaged there may not be a way out of this other than doing a re-install, as a precaution make sure you have all your important data backed up to an external source.

There are a few things we can try but the options are limited.

Please follow this to run the PC in a Clean Boot state.

*Selective Startup (Clean Boot)*
I would recommend you print out these instructions. 

Click on *Start*







then type *msconfig* into the *Search* box and hit the* Enter* key.
This screen should appear with the settings as shown:










Click on the Services tab and you should see this, click on the box next to *Hide all Microsoft Services* so a check mark appears.










Now click on the General tab and check the boxes as shown:










When done click on *Apply* and then *OK*.
The window will close and you will see a notification with two choices, click on *Restart*.

When the system has booted back up try and open services.msc as before and tell me what happens.

If it produces the same errror message try opening it this way:

Click on Start, type cmd into the box, when the menu pops up right click on cmd at the top of the box and then click on Run as Administrator.

When the Command Prompt opens type services.msc at the prompt and hit the Enter key. Tell me what happens.


----------



## computernoob1 (Aug 16, 2012)

ok i did what you said but both ways gave an error message saying class not registered


----------



## Mark1956 (May 7, 2011)

Ok, there is one other way to get into the Services window. Click on Start then Control Panel and Administrative tools, you should see a window like the attachment. Look for Services, if it is there double click on it and it should open. Let me know what happens.

If this still fails to get you into Services please run Farbar Service Scanner again following the instructions I gave in post 53.


----------



## Mark1956 (May 7, 2011)

Three days have passed without a reply so I am now marking this thread as resolved. Take note that the clean-up is not complete so your PC may still be infected and/or vulnerable to further infection.

If you do wish to continue then please post back and let me know.

My spare time is limited for dealing with Malware problems so I will only subscribe to a certain number of threads at any one time to be sure I have sufficient time available to analyse logs without having to rush or delay my replies. All the time that I am waiting for replies is time I could be using to help someone else.


----------



## computernoob1 (Aug 16, 2012)

im so sorry i left the laptop at my parents house and only managed to get it today 
so it did not let me on the other way so i followed the istructions in post53 and here is my log
Farbar Service Scanner Version: 06-08-2012
Ran by scott #1 (administrator) on 22-09-2012 at 17:07:57
Running from "C:\Users\scott #1\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============
Firewall Disabled Policy: 
==================

System Restore:
============
System Restore Disabled Policy: 
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## Mark1956 (May 7, 2011)

> im so sorry i left the laptop at my parents house and only managed to get it today
> so it did not let me on the other way so i followed the istructions in post53 and here is my log


Ok, no problem with the delay but please keep my advised if there is a problem replying.

When you went into the Administrative Tools was Services in the list, if it was there what happened when you clicked on it.

The Farbar Service scanner shows the repairs done so far have worked which is a small step in the right direction.

I would like to see the log from the System File Checker you ran earlier with Windows Repair.

First hit the Start button and type *cmd* into the search box then as the window pops up right click on *cmd* and select *Run as Administrator*.

*To find the log*

Copy & Paste the following command at the Command Prompt and press Enter:
* findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt* 
This will place a file on your desktop called *sfcdetails.txt* which contains the results of the scan.
Zip up the file and attach it to your next post.


----------



## computernoob1 (Aug 16, 2012)

the services was there but the same message popped up saying class not registered and when i put in *findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt* to cmd it said "findstr:cannot open desktop/sfcdetails.txt" and it wasnt on my desktop


----------



## Mark1956 (May 7, 2011)

Certainly sounds like your registry is damaged somewhere and it could be that the only solution is a reinstall as I had mentioned earlier.

Please run the following so I may see if there might be an easier way out of this.

Please download MiniToolBox and save it to your desktop.
Double click on the MiniToolBox icon








You will now see the following window appear.








Click on each of the boxes as indicated in the list below, then click on the *GO* button.
Copy & Paste the contents of the report that appears into your next post, you can also find a copy of the report on your desktop (Result.txt).

•Flush DNS
•Report IE Proxy Settings
•Report FF Proxy Settings
•List content of Hosts
•List IP configuration
•List Winsock Entries
•List last 10 Event Viewer log
•List Minidump Files

Please also run DDS and post the new logs from it, DDS.txt and Attach.txt.


----------



## computernoob1 (Aug 16, 2012)

no problems this is the toolbox log:
MiniToolBox by Farbar Version: 23-07-2012
Ran by scott #1 (administrator) on 25-09-2012 at 11:02:07
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.

========================= IE Proxy Settings: ============================== 
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost
========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset

popd
# End of IPv4 configuration

Windows IP Configuration
Host Name . . . . . . . . . . . . : scottwhitetop
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 82-CA-94-69-6E-F2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Atheros AR9002WB-1NG Wireless Network Adapter
Physical Address. . . . . . . . . : E0-CA-94-69-6E-F2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e02c:5b18:4434:b4ed%12(Preferred) 
Autoconfiguration IPv4 Address. . : 169.254.180.237(Preferred) 
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 
DHCPv6 IAID . . . . . . . . . . . : 434162324
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-0B-F8-CD-E8-9A-8F-D3-C0-58
DNS Servers . . . . . . . . . . . : fe80::1%12
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : E8-9A-8F-D3-C0-58
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{2B694762-3605-45DB-8BAD-4DABEABF4970}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{549F7BF1-5C95-4931-B448-D7315C4ACEB7}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{D6E5327C-3789-4FAA-A541-45F910D61C47}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fe80::1
Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: fe80::1
Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: fe80::1
Ping request could not find host bleepingcomputer.com. Please check the name and try again.
Pinging with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for €O$¦ç˜˜˜-:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...82 ca 94 69 6e f2 ......Microsoft Virtual WiFi Miniport Adapter
12...e0 ca 94 69 6e f2 ......Atheros AR9002WB-1NG Wireless Network Adapter
11...e8 9a 8f d3 c0 58 ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.180.237 281
169.254.180.237 255.255.255.255 On-link 169.254.180.237 281
169.254.255.255 255.255.255.255 On-link 169.254.180.237 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.180.237 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.180.237 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 281 fe80::/64 On-link
12 281 fe80::e02c:5b18:4434:b4ed/128
On-link
1 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Catalog5 04 C:\Windows\SysWOW64\nwprovau.dll [File Not found] ()
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
========================= Event log errors: ===============================
Application errors:
==================
Error: (09/25/2012 10:56:46 AM) (Source: Application Error) (User: )
Description: Faulting application name: game.dat, version: 2.1.2614.37001, time stamp: 0x460da09e
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319
Exception code: 0x04560123
Fault offset: 0x0000b9bc
Faulting process id: 0x8b0
Faulting application start time: 0xgame.dat0
Faulting application path: game.dat1
Faulting module path: game.dat2
Report Id: game.dat3
Error: (09/25/2012 08:53:05 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (09/24/2012 11:02:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: game.dat, version: 2.1.2614.37001, time stamp: 0x460da09e
Faulting module name: game.dat, version: 2.1.2614.37001, time stamp: 0x460da09e
Exception code: 0xc0000005
Fault offset: 0x0003396f
Faulting process id: 0x780
Faulting application start time: 0xgame.dat0
Faulting application path: game.dat1
Faulting module path: game.dat2
Report Id: game.dat3
Error: (09/24/2012 06:22:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: game.dat, version: 2.1.2614.37001, time stamp: 0x460da09e
Faulting module name: game.dat, version: 2.1.2614.37001, time stamp: 0x460da09e
Exception code: 0xc0000005
Fault offset: 0x0003396f
Faulting process id: 0x9ec
Faulting application start time: 0xgame.dat0
Faulting application path: game.dat1
Faulting module path: game.dat2
Report Id: game.dat3
Error: (09/23/2012 11:08:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: game.dat, version: 2.1.2614.37001, time stamp: 0x460da09e
Faulting module name: game.dat, version: 2.1.2614.37001, time stamp: 0x460da09e
Exception code: 0xc0000005
Fault offset: 0x005a1d73
Faulting process id: 0x574
Faulting application start time: 0xgame.dat0
Faulting application path: game.dat1
Faulting module path: game.dat2
Report Id: game.dat3
Error: (09/23/2012 03:25:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: game.dat, version: 2.1.2614.37001, time stamp: 0x460da09e
Faulting module name: game.dat, version: 2.1.2614.37001, time stamp: 0x460da09e
Exception code: 0xc0000094
Fault offset: 0x002b4ea4
Faulting process id: 0x998
Faulting application start time: 0xgame.dat0
Faulting application path: game.dat1
Faulting module path: game.dat2
Report Id: game.dat3
Error: (09/23/2012 01:12:20 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (09/23/2012 01:02:14 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.
Error: (09/23/2012 01:02:14 PM) (Source: WinMgmt) (User: )
Description: 0x80040154
Error: (09/23/2012 01:02:12 PM) (Source: Schedule) (User: )
Description: Schedule error: 10044Initialize call failed, bailing out

System errors:
=============
Error: (09/25/2012 10:53:22 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (09/25/2012 10:43:22 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (09/25/2012 10:33:22 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (09/25/2012 10:23:22 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (09/25/2012 10:13:22 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (09/25/2012 10:03:22 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (09/25/2012 09:53:22 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (09/25/2012 09:43:22 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (09/25/2012 09:33:22 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (09/25/2012 09:23:22 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================
Error: (09/25/2012 10:56:46 AM) (Source: Application Error)(User: )
Description: game.dat2.1.2614.37001460da09eKERNELBASE.dll6.1.7601.176514e211319045601230000b9bc8b001cd9aa4d7da09cfC:\Program Files (x86)\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.datC:\Windows\syswow64\KERNELBASE.dll5097413a-06f7-11e2-9628-e89a8fd3c058
Error: (09/25/2012 08:53:05 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (09/24/2012 11:02:08 PM) (Source: Application Error)(User: )
Description: game.dat2.1.2614.37001460da09egame.dat2.1.2614.37001460da09ec00000050003396f78001cd9a797d9564adC:\Program Files (x86)\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.datC:\Program Files (x86)\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat7b7ef6a0-0693-11e2-9628-e89a8fd3c058
Error: (09/24/2012 06:22:24 PM) (Source: Application Error)(User: )
Description: game.dat2.1.2614.37001460da09egame.dat2.1.2614.37001460da09ec00000050003396f9ec01cd99d87bd83ff7C:\Program Files (x86)\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.datC:\Program Files (x86)\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat6762e30e-066c-11e2-9628-e89a8fd3c058
Error: (09/23/2012 11:08:57 PM) (Source: Application Error)(User: )
Description: game.dat2.1.2614.37001460da09egame.dat2.1.2614.37001460da09ec0000005005a1d7357401cd99976ec4c0d7C:\Program Files (x86)\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.datC:\Program Files (x86)\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat44cc415c-05cb-11e2-9628-e89a8fd3c058
Error: (09/23/2012 03:25:30 PM) (Source: Application Error)(User: )
Description: game.dat2.1.2614.37001460da09egame.dat2.1.2614.37001460da09ec0000094002b4ea499801cd999197c4b9caC:\Program Files (x86)\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.datC:\Program Files (x86)\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat863d505b-058a-11e2-9628-e89a8fd3c058
Error: (09/23/2012 01:12:20 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (09/23/2012 01:02:14 PM) (Source: SecurityCenter)(User: )
Description: 
Error: (09/23/2012 01:02:14 PM) (Source: WinMgmt)(User: )
Description: 0x80040154
Error: (09/23/2012 01:02:12 PM) (Source: Schedule)(User: )
Description: Schedule error: 10044Initialize call failed, bailing out

=========================== Installed Programs ============================
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (Version: 15.4.5722.2)
Adobe AIR (Version: 3.2.0.2070)
Adobe Digital Editions
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Reader X (10.1.4) MUI (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
Age of Empires III - The Asian Dynasties (Version: 1.00.0000)
Age of Mythology Gold Edition 1.00
AMD Media Foundation Decoders (Version: 1.0.60628.2255)
AMD USB Filter Driver (Version: 1.0.13.88)
AMD VISION Engine Control Center (Version: 2011.0628.2340.40663)
Atheros Bluetooth Filter Driver Package (Version: 1.00.0004)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.1.42)
Atheros Driver Installation Program (Version: 9.2)
ATI Catalyst Install Manager (Version: 3.0.829.0)
BBC iPlayer Desktop (Version: 3.2.14)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bejeweled 3 (Version: 2.2.0.97)
Bing Bar (Version: 6.3.2291.0)
Bing Bar Platform (Version: 6.3.2291.0)
blinkx beat (Version: 1.5.0)
Bluetooth Stack for Windows by Toshiba (Version: v8.00.09(T))
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0628.2340.40663)
Catalyst Control Center InstallProxy (Version: 2011.0628.2340.40663)
Catalyst Control Center Localization All (Version: 2011.0628.2340.40663)
ccc-utility64 (Version: 2011.0628.2340.40663)
CCC Help Chinese Standard (Version: 2011.0628.2339.40663)
CCC Help Chinese Traditional (Version: 2011.0628.2339.40663)
CCC Help Czech (Version: 2011.0628.2339.40663)
CCC Help Danish (Version: 2011.0628.2339.40663)
CCC Help Dutch (Version: 2011.0628.2339.40663)
CCC Help English (Version: 2011.0628.2339.40663)
CCC Help Finnish (Version: 2011.0628.2339.40663)
CCC Help French (Version: 2011.0628.2339.40663)
CCC Help German (Version: 2011.0628.2339.40663)
CCC Help Greek (Version: 2011.0628.2339.40663)
CCC Help Hungarian (Version: 2011.0628.2339.40663)
CCC Help Italian (Version: 2011.0628.2339.40663)
CCC Help Japanese (Version: 2011.0628.2339.40663)
CCC Help Korean (Version: 2011.0628.2339.40663)
CCC Help Norwegian (Version: 2011.0628.2339.40663)
CCC Help Polish (Version: 2011.0628.2339.40663)
CCC Help Portuguese (Version: 2011.0628.2339.40663)
CCC Help Russian (Version: 2011.0628.2339.40663)
CCC Help Spanish (Version: 2011.0628.2339.40663)
CCC Help Swedish (Version: 2011.0628.2339.40663)
CCC Help Thai (Version: 2011.0628.2339.40663)
CCC Help Turkish (Version: 2011.0628.2339.40663)
Chicken Invaders 3 - Revenge of the Yolk (Version: 2.2.0.95)
Chuzzle Deluxe (Version: 2.2.0.95)
CodecC (Version: )
Conexant HD Audio (Version: 8.51.1.0)
Coupon Printer for Windows (Version: 5.0.0.0)
D3DX10 (Version: 15.4.2368.0902)
DC Universe Online Live
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Disney Pirates of the Caribbean Online (Version: )
DivX Setup (Version: 2.6.1.9)
Driver Robot
DriverUpdate (Version: 2.2.21932)
Fable III (Version: 1.0.0000.131)
Fable III (Version: 1.0.0002.131)
FATE (Version: 2.2.0.97)
Final Drive: Nitro (Version: 2.2.0.95)
FriendsChecker (Version: 2.4.53652)
Funmoods on IE and Chrome
GameSpy Arcade
Google Chrome (Version: 21.0.1180.89)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3203.136)
Google Update Helper (Version: 1.3.21.115)
High-Definition Video Playback (Version: 7.3.10900.8.0)
HP Deskjet 3050 J610 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 3050 J610 series Help (Version: 140.0.63.63)
HP Deskjet 3050 J610 series Product Improvement Study (Version: 22.50.231.0)
HP Photo Creations (Version: 1.0.0.3781)
HP Update (Version: 5.002.006.003)
Insaniquarium Deluxe (Version: 2.2.0.97)
iNTERNET Turbo (Version: 1.0.1.22)
Junk Mail filter update (Version: 15.4.3502.0922)
MagicDisc 2.7.106
Medieval II Total War (Version: 1.03.000)
Medieval II Total War : Kingdoms : Americas (Version: 1.05.000)
Medieval II Total War : Kingdoms : Britannia (Version: 1.05.000)
Medieval II Total War : Kingdoms : Crusades (Version: 1.05.000)
Medieval II Total War : Kingdoms : Teutonic (Version: 1.05.000)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.5131.5000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Primary Interoperability Assemblies 2005 (Version: 9.0.21022)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 10 Movie ThemePack Basic (Version: 10.6.10000.1.0)
Nero BackItUp 10 (Version: 5.8.10900.8.100)
Nero BackItUp 10 Help (CHM) (Version: 10.6.10700)
Nero BurnRights 10 (Version: 4.4.10400.2.100)
Nero BurnRights 10 Help (CHM) (Version: 10.6.10700)
Nero Control Center 10 (Version: 10.6.12700.0.7)
Nero ControlCenter 10 Help (CHM) (Version: 10.6.10800)
Nero Core Components 10 (Version: 2.0.20000.9.12)
Nero Express 10 (Version: 10.6.10700.5.100)
Nero Express 10 Help (CHM) (Version: 10.6.10700)
Nero InfoTool 10 (Version: 7.4.10300.1.100)
Nero InfoTool 10 Help (CHM) (Version: 10.6.10700)
Nero Kwik Media (Version: 1.6.15100.59.100)
Nero Multimedia Suite 10 Essentials (Version: 10.6.10300)
Nero RescueAgent 10 (Version: 3.6.10500.3.100)
Nero RescueAgent 10 Help (CHM) (Version: 10.6.10800)
Nero StartSmart 10 (Version: 10.6.10500.3.100)
Nero StartSmart 10 Help (CHM) (Version: 10.6.10700)
Nero Update (Version: 1.0.10900.31.0)
NeroKwikMedia Help (CHM) (Version: 10.6.10900)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Pokemon Black & White PC [Hyperdrive25]
Polar Bowler (Version: 2.2.0.97)
PoxNora 1.4.7.0 (Version: 1.4.7.0)
Reader Library by Sony (Version: 3.3.00.07130)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.6)
Realtek USB 2.0 Reader Driver (Version: 1.0.0.14)
RealUpgrade 1.1 (Version: 1.1.0)
Search-Results Toolbar (Version: 1.12.2.0)
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.10 (Version: 5.10.116)
Slingo Deluxe (Version: 2.2.0.95)
SPORE™ (Version: 1.04.0000)
SPORE™ Creepy & Cute Parts Pack (Version: 1.00.0000)
SPORE™ Galactic Adventures (Version: 1.00.0000)
Spotify (Version: 0.8.4.124.ga3559d86)
Star wars Battlefront II version 1.3 (Version: 1.3)
StarCraft II (Version: 1.5.1.22763)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.2.11.1)
The Battle for Middle-earth (tm) II
The Last Hope of the Third Age
The Lord of the Rings, The Rise of the Witch-king
The Lord of the Rings: War in the North
TOSHIBA Assist (Version: 4.02.02)
TOSHIBA Bulletin Board (Version: 2.1.10.64)
TOSHIBA ConfigFree (Version: 8.0.39)
TOSHIBA Disc Creator (Version: 2.1.0.6 for x64)
TOSHIBA eco Utility (Version: 1.2.23.64)
TOSHIBA Face Recognition (Version: 3.1.8.64)
TOSHIBA Hardware Setup (Version: 4.09.01.00)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.7)
Toshiba Manuals (Version: 10.02)
TOSHIBA Online Product Information (Version: 4.01.0000)
TOSHIBA PC Health Monitor (Version: 1.7.9.64M)
TOSHIBA Places Icon Utility (Version: 1.1.1.4)
TOSHIBA Recovery Media Creator (Version: 2.1.3.10010)
TOSHIBA Recovery Media Creator Reminder (Version: 1.00.0019)
TOSHIBA ReelTime (Version: 1.7.17.64)
TOSHIBA Service Station (Version: 2.2.9)
TOSHIBA Sleep Utility (Version: 1.4.2.8)
TOSHIBA Supervisor Password (Version: 4.09.01.00)
TOSHIBA TEMPRO (Version: 3.35)
TOSHIBA Value Added Package (Version: 1.5.4.64)
TOSHIBA Web Camera Application (Version: 2.0.0.25)
TOSHIBA Wireless LAN Indicator (Version: 1.0.4)
TRORMCLauncher (Version: )
TRORMCLauncher (Version: 1.0.0.10)
Tweaking.com - Windows Repair (All in One) (Version: 1.8.0)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update Installer for WildTangent Games App
uTorrentControl Toolbar (Version: 6.8.5.1)
uTorrentControl2 Toolbar (Version: 6.8.11.4)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
VLC media player 1.1.11 (Version: 1.1.11)
Warcraft III
Wedding Dash 2 - Rings Around the World (Version: 2.2.0.95)
WildTangent Games (Version: 1.0.2.5)
WildTangent Games App (Toshiba Games) (Version: 4.0.5.36)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Fotogalleri (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (Version: 15.4.5722.2)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Liven asennustyökalu (Version: 15.4.3502.0922)
Windows Liven sähköposti (Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (Version: 15.4.3502.0922)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
ZoneAlarm LTD Toolbar
Zuma Deluxe (Version: 2.2.0.95)
========================= Devices: ================================
Could not list devices.
========================= Memory info: ===================================
Percentage of memory in use: 17%
Total physical RAM: 5734.87 MB
Available physical RAM: 4732.44 MB
Total Pagefile: 11467.93 MB
Available Pagefile: 10432.75 MB
Total Virtual: 4095.88 MB
Available Virtual: 3959.45 MB
========================= Partitions: =====================================
1 Drive c: (WINDOWS) (Fixed) (Total:297.45 GB) (Free:38.15 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:298.33 GB) (Free:229.37 GB) NTFS
3 Drive e: (LOTRBFME2EP1) (CDROM) (Total:4.2 GB) (Free:0 GB) UDF
4 Drive f: (Rome_TW_CD1) (CDROM) (Total:0.53 GB) (Free:0 GB) CDFS
5 Drive g: (ROMETWBI) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
7 Drive i: (ROMEALX) (CDROM) (Total:0.46 GB) (Free:0 GB) CDFS
8 Drive j: (Elements) (Fixed) (Total:465.76 GB) (Free:147.39 GB) NTFS
========================= Users: ========================================
User accounts for \\SCOTTWHITETOP
Administrator Guest scott #1 
scottttt 
========================= Minidump Files ==================================
No minidump file found
========================= Restore Points ==================================
Could not list Restore Points.
**** End of log ****

then the results for dds
dds:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421
Run by scott #1 at 11:02:49 on 2012-09-25
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files (x86)\uTorrentControl\prxtbuToerror.dll
mURLSearchHooks: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files (x86)\uTorrentControl\prxtbuToerror.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 : {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: CodecC Class: {3ec9fe54-c6bd-4c5a-b7f5-a50433c87c0f} - C:\ProgramData\CodecC\bhoclass.dll
BHO: CodecC Class: {56fd8d70-0aa2-443f-a549-a4651a8d0aa7} - C:\ProgramData\CodecC\bhoclass.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: ALOT Appbar Helper: {85f5cf95-ec8f-49fc-bb3f-38c79455cba2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
BHO: Softonic Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files (x86)\uTorrentControl\prxtbuToerror.dll
BHO: FriendsChecker: {fed6a736-129b-49c7-857e-25fc91e87db3} - C:\Program Files (x86)\FriendsChecker\DynConIE\DynConIE.dll
TB: Softonic Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: ALOT Appbar: {a531d99c-5a22-449b-83da-872725c6d0ed} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
TB: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files (x86)\uTorrentControl\prxtbuToerror.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: Interfaces\{2B694762-3605-45DB-8BAD-4DABEABF4970}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{2B694762-3605-45DB-8BAD-4DABEABF4970}\2445F40756E6A7F6E656D284 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{2B694762-3605-45DB-8BAD-4DABEABF4970}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2B694762-3605-45DB-8BAD-4DABEABF4970}\A41636B6723702E6564777F627B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2B694762-3605-45DB-8BAD-4DABEABF4970}\A61636B672372C0AE6564777F627B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2B694762-3605-45DB-8BAD-4DABEABF4970}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 : {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 - No File
BHO-X64: CodecC Class: {3EC9FE54-C6BD-4C5A-B7F5-A50433C87C0F} - C:\ProgramData\CodecC\bhoclass.dll
BHO-X64: CodecC - No File
BHO-X64: CodecC Class: {56FD8D70-0AA2-443F-A549-A4651A8D0AA7} - C:\ProgramData\CodecC\bhoclass.dll
BHO-X64: CodecC - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: ALOT Appbar Helper: {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
BHO-X64: ALOT Appbar Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
BHO-X64: Softonic Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Search-Results Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files (x86)\uTorrentControl\prxtbuToerror.dll
BHO-X64: uTorrentControl - No File
BHO-X64: FriendsChecker: {FED6A736-129B-49C7-857E-25FC91E87DB3} - C:\Program Files (x86)\FriendsChecker\DynConIE\DynConIE.dll
BHO-X64: FriendsChecker - No File
TB-X64: Softonic Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: ALOT Appbar: {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
TB-X64: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files (x86)\uTorrentControl\prxtbuToerror.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-09-18 17:27:37 -------- d-----w- C:\Windows\pss
2012-09-13 15:02:17 -------- d-----w- C:\Windows\System32\.exe
2012-09-12 16:34:42 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2012-09-12 16:17:39 303616 ----a-w- C:\SetACL.exe
2012-09-12 15:47:48 290304 ----a-w- C:\subinacl.exe
2012-09-12 15:44:52 -------- d-----w- C:\RegBackup
2012-09-12 14:50:45 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-09-12 14:50:38 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2012-09-09 17:11:14 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-09 11:43:19 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-09-09 11:43:08 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-09-09 11:33:22 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2012-09-09 11:27:53 -------- d-----w- C:\Program Files (x86)\CheckPoint
2012-09-09 11:10:50 -------- d-----w- C:\Users\scott #1\AppData\Roaming\Tunngle
2012-09-08 19:07:25 -------- d-----w- C:\Users\scott #1\AppData\Local\ApplicationHistory
2012-09-06 16:06:04 98816 ----a-w- C:\Windows\sed.exe
2012-09-06 16:06:04 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-06 16:06:04 256000 ----a-w- C:\Windows\PEV.exe
2012-09-06 16:06:04 208896 ----a-w- C:\Windows\MBR.exe
2012-09-06 14:44:28 -------- d-----w- C:\Users\scott #1\AppData\Local\{1B58B89C-5D8A-42B8-ABDD-AC371929CD32}
2012-09-02 16:27:43 -------- d-----w- C:\Users\scott #1\AppData\Local\{5FE78550-0F81-4D08-9446-835F4B0F8EDA}
2012-09-02 12:27:25 -------- d-----w- C:\Users\scott #1\New folder
2012-09-01 20:52:13 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-09-01 20:50:59 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-09-01 10:19:33 -------- d-----w- C:\Users\scott #1\AppData\Local\{978A6B2A-D445-48F1-AF04-AA6C53AA2D5D}
2012-08-26 19:27:34 -------- d-----w- C:\Users\scott #1\AppData\Local\{9B4BEB1C-6AB1-44E9-AA25-CF84EC0370E2}
.
==================== Find3M ====================
.
2012-09-01 20:50:59 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-08-26 15:33:50 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-26 15:33:50 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-17 17:44:58 328704 ----a-w- C:\Windows\System32\services.exe.F1C598EDD8F802F7
2012-08-16 06:40:46 328704 ----a-w- C:\Windows\System32\services.exe.9EEB48A02EB57BC2
2012-07-03 18:09:23 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2012-07-03 18:09:22 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2012-07-03 18:09:22 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
.
============= FINISH: 11:06:06.29 ===============

attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4) MUI
Adobe Shockwave Player 11.6
Age of Empires III - The Asian Dynasties
Age of Mythology Gold Edition 1.00
AMD USB Filter Driver
AMD VISION Engine Control Center
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
BBC iPlayer Desktop
Bejeweled 2 Deluxe
Bejeweled 3
Bing Bar
Bing Bar Platform
blinkx beat
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chicken Invaders 3 - Revenge of the Yolk
Chuzzle Deluxe
CodecC
Coupon Printer for Windows
D3DX10
DC Universe Online Live
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
Disney Pirates of the Caribbean Online
DivX Setup
Driver Robot
DriverUpdate
Fable III
FATE
Final Drive: Nitro
FriendsChecker
Funmoods on IE and Chrome
GameSpy Arcade
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High-Definition Video Playback
HP Deskjet 3050 J610 series Help
HP Photo Creations
HP Update
Insaniquarium Deluxe
iNTERNET Turbo
Junk Mail filter update
MagicDisc 2.7.106
Medieval II Total War
Medieval II Total War : Kingdoms : Americas
Medieval II Total War : Kingdoms : Britannia
Medieval II Total War : Kingdoms : Crusades
Medieval II Total War : Kingdoms : Teutonic
Mesh Runtime
Microsoft .NET Framework 1.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual J# .NET Redistributable Package 1.1
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero Kwik Media
Nero Multimedia Suite 10 Essentials
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NeroKwikMedia Help (CHM)
Penguins!
Pirates of the Caribbean
Plants vs. Zombies - Game of the Year
Pokemon Black & White PC [Hyperdrive25]
Polar Bowler
PoxNora 1.4.7.0
Reader Library by Sony
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek USB 2.0 Reader Driver
RealUpgrade 1.1
Search-Results Toolbar
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype Click to Call
Skype™ 5.10
Slingo Deluxe
SPORE™
SPORE™ Creepy & Cute Parts Pack
SPORE™ Galactic Adventures
Spotify
Star wars Battlefront II version 1.3
StarCraft II
Steam
swMSM
The Battle for Middle-earth (tm) II
The Last Hope of the Third Age
The Lord of the Rings, The Rise of the Witch-king
The Lord of the Rings: War in the North
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
TOSHIBA Online Product Information
TOSHIBA Places Icon Utility
TOSHIBA Recovery Media Creator
TOSHIBA Recovery Media Creator Reminder
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA TEMPRO
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
TRORMCLauncher
Tweaking.com - Windows Repair (All in One)
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update Installer for WildTangent Games App
uTorrentControl Toolbar
uTorrentControl2 Toolbar
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.11
Warcraft III
Wedding Dash 2 - Rings Around the World
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalleri
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Meshin etäyhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
WinRAR 4.01 (32-bit)
Zuma Deluxe
.
==== End Of File ===========================


----------



## Mark1956 (May 7, 2011)

There are further errors being shown in the Minitoolbox log, it failed to flush the DNS and two crucial files are missing that relate to your internet connection not working. There is a further problem with a component that monitors your Anti Virus software.

Your game Lord of the Rings Rise of the Witch King is also causing some errors please uninstall it.

First I would like you to run some clean up tools and see if that helps, followed by some more scans.

*STEP 1*
Download Temporary file cleaner and save it to the desktop.
Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select *Run as Administrator*.
When the window opens click on* Start*. It will close all running programs and clear the desktop icons.
When complete you may be asked to reboot, if so accept the request and your PC will reboot automatically. NOTE: there is no log to post from this.

*STEP 2*
Click on this link to download : ADWCleaner and save it to your desktop.

*NOTE:* If using Internet Explorer and you get an alert that stops the program downloading click on *Tools > Smartscreen Filter > Turn off Smartscreen Filter* then click on *OK* in the box that opens. Then click on the link again.
Close your browser and click on this icon on your desktop:









You will then see the screen below, click on the *Delete* button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.

*STEP 3*
Please delete the RogueKiller icon from your desktop, download a fresh copy from the original link I gave with the instructions and transfer the latest version to the problem PC. launch RogueKiller and after the pre-scan completes hit the scan button. When the scan is complete hit the Report button and post the log. Then hit the Fix Shortcuts button followed by the Report button and post that log also.

*STEP 4*

Please download *aswMBR.exe* and save it to your Desktop.

Double click on aswMBR.exe to run it. _*Vista*/*Windows 7* users right-click and select Run As Administrator_.
You will be asked if you wish to download the latest Avast Virus Definitions, please select *Yes*. You will have to skip this with no internet connection.
Click the *Scan* button to start scan.









On completion of the scan, click the *Save log* button and save it to your Desktop.
*Do not* select any Fix options at this time.
Copy and paste the contents of that log in your next reply.
*-- Important note*: Upon the first run, aswMBR will back up the MBR and save it to the Desktop as *MBR.dat*. Do not delete this file unless advised.

NOTE: Right-click on MBR.dat and select *Send To* and then *Compressed (zipped) file*. Attach that zipped file to your next reply as well.

Below the *Message Box* click on *Go Advanced*. Then scroll down until you see a button, *Manage Attachments*. Click on that and a new window opens.
Click on the *Browse* button, find the zip folder you made earlier and doubleclick on it.
Now click on the *Upload* button. Wait for the Upload to complete, it will appear just below the *Browse* box.
When done, click on the *Close this window* button at the bottom of the page.
Enter your message-text in the message box, then click on *Submit Message/Reply.*
*STEP 5*
Please download *SystemLook* from one of the links below and save it to your Desktop.

*Link 1: SystemLook (64-bit)*
Link 2: SystemLook (64-bit)

Double-click *SystemLook.exe* to run it.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
Copy and paste everything in the codebox below into the main textfield:

```
:filefind
nwprovau.dll
mswsock.dll
```

Click the Look button to start the scan.
When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
Please copy and paste the contents of that log in your next reply.


----------



## Mark1956 (May 7, 2011)

No response from you for a couple of days, are you still with us?


----------



## computernoob1 (Aug 16, 2012)

ye so sorry about all the delays been a stresful couple of days and there was a lot to do so i left it a day plus i kind of wanted to play the game 1 more time

so ran the TFC it worked alright

then i ran the ADWcleaner it worked here is the log

# AdwCleaner v2.003 - Logfile created 09/27/2012 at 21:31:49
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : scott #1 - SCOTTWHITETOP
# Boot Mode : Normal
# Running from : C:\Users\scott #1\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
File Deleted : C:\user.js
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Funmoods
Folder Deleted : C:\Program Files (x86)\uTorrentControl
Folder Deleted : C:\Program Files (x86)\uTorrentControl2
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\dad\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\dad\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\dad\AppData\LocalLow\Funmoods
Folder Deleted : C:\Users\dad\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\dad\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\dad\AppData\LocalLow\uTorrentControl
Folder Deleted : C:\Users\scott #1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki
Folder Deleted : C:\Users\scott #1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Deleted : C:\Users\scott #1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Deleted : C:\Users\scott #1\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\scott #1\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\scott #1\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\scott #1\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\scott #1\AppData\LocalLow\uTorrentControl
Folder Deleted : C:\Users\scott #1\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\scott #1\AppData\Roaming\Babylon
Folder Deleted : C:\Users\scottttt\AppData\Local\Conduit
Folder Deleted : C:\Users\scottttt\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\scottttt\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\scottttt\AppData\LocalLow\Funmoods
Folder Deleted : C:\Users\scottttt\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\scottttt\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\scottttt\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\scottttt\AppData\LocalLow\uTorrentControl
Folder Deleted : C:\Users\scottttt\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Funmoods
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E9DF9360-97F8-4690-AFE6-996C80790DA4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9DF9360-97F8-4690-AFE6-996C80790DA4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072254
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Deleted : HKLM\Software\Funmoods
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5716B037-6714-4930-8DF2-BFCDFB18A78A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\Software\SweetIm
Key Deleted : HKLM\Software\uTorrentControl
Key Deleted : HKLM\Software\uTorrentControl2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5716B037-6714-4930-8DF2-BFCDFB18A78A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E9DF9360-97F8-4690-AFE6-996C80790DA4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24B9DF4D-5562-4DF1-AC92-17D99D1DF733}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{41C9FC1B-B7EC-406B-93D8-D837465DB9D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFC3989D-4522-4081-8B9C-4D3E5ABEB2FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC2A83B9-84B5-4BE2-BB1E-2A058B456370}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9DF9360-97F8-4690-AFE6-996C80790DA4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E9DF9360-97F8-4690-AFE6-996C80790DA4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E9DF9360-97F8-4690-AFE6-996C80790DA4}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E9DF9360-97F8-4690-AFE6-996C80790DA4}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{E9DF9360-97F8-4690-AFE6-996C80790DA4}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Google Chrome v [Unable to get version]
File : C:\Users\scott #1\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.8] : homepage = "hxxp://start.funmoods.com/?f=1&a=bf4",
Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=bf4" ]
Deleted [l.1436] : homepage = "hxxp://start.funmoods.com/?f=1&a=bf4",
Deleted [l.1696] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=bf4" ]
File : C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\scottttt\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [16437 octets] - [27/09/2012 21:31:49]
########## EOF - C:\AdwCleaner[S1].txt - [16498 octets] ##########

but when i downloaded the rogue killer it did not work its icon wasnt the normal one and when i tried to run it it said "roguekiller is not a valid win32 application"


----------



## Mark1956 (May 7, 2011)

I had the exact same thing happen with RogueKiller on my own PC, there must have been a problem with it, it now appears to be working again. Please delete the icon on your desktop and try the download again, you need to right click on the icon and select Run as Administrator to make it run.

After that please continue with the rest of the instructions.

When you run SystemLook in Step 5 please use this to paste into the search box, I've added another file in respect of the problem with Services not opening.


```
:filefind
nwprovau.dll
mswsock.dll
services.msc
```


----------



## Mark1956 (May 7, 2011)

I can see you have been on the site since my last post, please continue with all the instructions I have posted above and also try this to see if you can find and post the log that should have been saved when the System File Checker was run.


Open *Windows Explorer* and click on the *C:* drive in the left hand pane.
In the right pane double click on *Windows*. Then *Logs*, then *CBS*.
You should see a file *CBS* with the date of the scan and showing* Text document* under the *Type* column.
Right click on the file and select *Copy* and shut all windows. At the desktop right click in open space and select *Paste*.
*NOTE:* If you receive a *Denied Access* error then follow this guide to Add "Take ownership" to right click menu
When done right click on the *CBS* file and select* Take Ownership*, a window will flash on the screen for a split second. Now you should be able to copy it.
On the Desktop right click on the file and select *Send to* and then select *Compressed (zipped) folder.*
Come back here, below the message box click on *Go Advanced*.
Scroll down to *Additional Options* and click on *Manage Attachments.*
Click on the *Browse* button, in the next window click on *Desktop* in the left pane and in the right pane scroll down to find the zip file and click on it, then click on *Open*.
Back at the *Manage Attachments* window click on the *Upload* button next to the *Browse* button.
After a few seconds the upload will complete and it should look like this:








Next, click on *Close this window* in the top right hand corner.
Back on the web site page add any information required in the Message box and click on *Submit Reply*.


----------



## computernoob1 (Aug 16, 2012)

ok finally done everything sorry about the delayed post but here it is:
adwcleaner log:

# AdwCleaner v2.003 - Logfile created 09/27/2012 at 21:31:49
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : scott #1 - SCOTTWHITETOP
# Boot Mode : Normal
# Running from : C:\Users\scott #1\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
File Deleted : C:\user.js
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Funmoods
Folder Deleted : C:\Program Files (x86)\uTorrentControl
Folder Deleted : C:\Program Files (x86)\uTorrentControl2
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\dad\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\dad\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\dad\AppData\LocalLow\Funmoods
Folder Deleted : C:\Users\dad\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\dad\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\dad\AppData\LocalLow\uTorrentControl
Folder Deleted : C:\Users\scott #1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki
Folder Deleted : C:\Users\scott #1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Deleted : C:\Users\scott #1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Deleted : C:\Users\scott #1\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\scott #1\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\scott #1\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\scott #1\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\scott #1\AppData\LocalLow\uTorrentControl
Folder Deleted : C:\Users\scott #1\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\scott #1\AppData\Roaming\Babylon
Folder Deleted : C:\Users\scottttt\AppData\Local\Conduit
Folder Deleted : C:\Users\scottttt\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\scottttt\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\scottttt\AppData\LocalLow\Funmoods
Folder Deleted : C:\Users\scottttt\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\scottttt\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\scottttt\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\scottttt\AppData\LocalLow\uTorrentControl
Folder Deleted : C:\Users\scottttt\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Funmoods
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E9DF9360-97F8-4690-AFE6-996C80790DA4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9DF9360-97F8-4690-AFE6-996C80790DA4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072254
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Deleted : HKLM\Software\Funmoods
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5716B037-6714-4930-8DF2-BFCDFB18A78A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\Software\SweetIm
Key Deleted : HKLM\Software\uTorrentControl
Key Deleted : HKLM\Software\uTorrentControl2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5716B037-6714-4930-8DF2-BFCDFB18A78A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E9DF9360-97F8-4690-AFE6-996C80790DA4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24B9DF4D-5562-4DF1-AC92-17D99D1DF733}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{41C9FC1B-B7EC-406B-93D8-D837465DB9D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFC3989D-4522-4081-8B9C-4D3E5ABEB2FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC2A83B9-84B5-4BE2-BB1E-2A058B456370}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9DF9360-97F8-4690-AFE6-996C80790DA4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E9DF9360-97F8-4690-AFE6-996C80790DA4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E9DF9360-97F8-4690-AFE6-996C80790DA4}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E9DF9360-97F8-4690-AFE6-996C80790DA4}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{E9DF9360-97F8-4690-AFE6-996C80790DA4}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Google Chrome v [Unable to get version]
File : C:\Users\scott #1\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.8] : homepage = "hxxp://start.funmoods.com/?f=1&a=bf4",
Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=bf4" ]
Deleted [l.1436] : homepage = "hxxp://start.funmoods.com/?f=1&a=bf4",
Deleted [l.1696] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=bf4" ]
File : C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\scottttt\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [16437 octets] - [27/09/2012 21:31:49]
########## EOF - C:\AdwCleaner[S1].txt - [16498 octets] ##########

then we have rogue killer logs:

scan log
RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : scott #1 [Admin rights]
Mode : Scan -- Date : 09/30/2012 21:42:21
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] b5809dd9b7363cbacf8a39c691158121
[BSP] 25aa688f1fa44ddf8277e6c522f05859 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 399 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 819200 | Size: 304589 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 624617472 | Size: 305491 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 86e86500f391fe82a7853ff8afcab95d
[BSP] c1cd6b56c8dc06e05e299708dc67314b : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt

and fix shortcuts log
RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : scott #1 [Admin rights]
Mode : Shortcuts HJfix -- Date : 09/30/2012 21:49:46
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 2 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 130 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 185 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\CdRom1 -- 0x5 --> Skipped
[G:] \Device\CdRom2 -- 0x5 --> Skipped
[H:] \Device\CdRom4 -- 0x5 --> Skipped
[I:] \Device\CdRom3 -- 0x5 --> Skipped
[J:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[K:] \Device\CdRom6 -- 0x5 --> Skipped
[L:] \Device\CdRom8 -- 0x5 --> Skipped
[M:] \Device\CdRom7 -- 0x5 --> Skipped
[N:] \Device\CdRom5 -- 0x5 --> Skipped
[Q:] \Device\SftVol -- 0x3 --> Restored
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

next its aswmbr file should be attached

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-30 21:53:50
-----------------------------
21:53:50.713 OS Version: Windows x64 6.1.7601 Service Pack 1
21:53:50.713 Number of processors: 2 586 0x200
21:53:50.713 ComputerName: SCOTTWHITETOP UserName: scott #1
21:53:52.273 Initialize success
21:54:04.176 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:54:04.191 Disk 0 Vendor: TOSHIBA_MK6475GSX GT001M Size: 610480MB BusType: 11
21:54:04.207 Disk 0 MBR read successfully
21:54:04.207 Disk 0 MBR scan
21:54:04.207 Disk 0 Windows 7 default MBR code
21:54:04.222 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 399 MB offset 2048
21:54:04.238 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 304589 MB offset 819200
21:54:04.269 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 305491 MB offset 624617472
21:54:04.300 Disk 0 scanning C:\Windows\system32\drivers
21:54:10.712 Service scanning
21:54:30.992 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
21:54:39.946 Modules scanning
21:54:39.962 Disk 0 trace - called modules:
21:54:40.009 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80056f52c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
21:54:40.524 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005a1c640]
21:54:40.524 3 CLASSPNP.SYS[fffff88001b9a43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005885680]
21:54:40.539 \Driver\atapi[0xfffffa80058688e0] -> IRP_MJ_CREATE -> 0xfffffa80056f52c0
21:54:40.555 Scan finished successfully
21:54:58.354 Disk 0 MBR has been saved successfully to "J:\MBR.dat"
21:54:58.370 The log file has been saved successfully to "J:\aswMBR.txt"

finally system look log:
SystemLook 30.07.11 by jpshortstuff
Log created at 22:00 on 30/09/2012 by scott #1
Administrator - Elevation successful
========== filefind ==========
Searching for "nwprovau.dll"
No files found.
Searching for "mswsock.dll"
C:\Windows\erdnt\cache64\mswsock.dll --a---- 326144 bytes [12:11 09/09/2012] [03:24 21/11/2010] 1D5185A4C7E6695431AE4B55C3D7D333
C:\Windows\erdnt\cache86\mswsock.dll --a---- 232448 bytes [12:11 09/09/2012] [03:24 21/11/2010] 8999B8631C7FD9F7F9EC3CAFD953BA24
C:\Windows\System32\mswsock.dll --a---- 326144 bytes [03:24 21/11/2010] [03:24 21/11/2010] 1D5185A4C7E6695431AE4B55C3D7D333
C:\Windows\SysWOW64\mswsock.dll --a---- 232448 bytes [03:24 21/11/2010] [03:24 21/11/2010] 8999B8631C7FD9F7F9EC3CAFD953BA24
C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll --a---- 326144 bytes [03:24 21/11/2010] [03:24 21/11/2010] 1D5185A4C7E6695431AE4B55C3D7D333
C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll --a---- 232448 bytes [03:24 21/11/2010] [03:24 21/11/2010] 8999B8631C7FD9F7F9EC3CAFD953BA24
Searching for "services.msc"
C:\Windows\System32\services.msc --a---- 92745 bytes [21:34 13/07/2009] [20:38 10/06/2009] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\Windows\System32\en-US\services.msc --a---- 92745 bytes [07:06 21/11/2010] [07:06 21/11/2010] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\Windows\SysWOW64\services.msc --a---- 92745 bytes [21:44 13/07/2009] [21:21 10/06/2009] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\Windows\SysWOW64\en-US\services.msc --a---- 92745 bytes [07:06 21/11/2010] [07:06 21/11/2010] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc --a---- 92745 bytes [07:06 21/11/2010] [07:06 21/11/2010] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc --a---- 92745 bytes [21:34 13/07/2009] [20:38 10/06/2009] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc --a---- 92745 bytes [07:06 21/11/2010] [07:06 21/11/2010] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc --a---- 92745 bytes [21:44 13/07/2009] [21:21 10/06/2009] 7A1D35F59468B8118AF5B8E21DF78AE2
-= EOF =-

and the cbs worked and should also be attached


----------



## Mark1956 (May 7, 2011)

I don't see any other solutions coming to light from all those scans, although ADWCleaner did remove a lot of junk from the system. I am now more convinced that your system has been so badly damaged by the Rootkit infection that it is only going to be fixed by a reinstall.

Just one more scan we can try to see if there is anything that may have been missed and while I wait for your reply I will post a request to other Malware Experts to see if they can suggest something that I might not have thought of.

You will need a flash drive to do this, also known as a memory stick, thumb drive, etc.

If you cannot get Option 1 to work you can make a Recovery disc to use in place of an Installation disc for Option 2.

Go to Control Panel and select Backup and Restore. In the left hand pane select Create a System Recovery disc and follow the prompts.

Use these links to download the correct version for your operating system.
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter *System Recovery Options* by using* Option 1* or *Option 2*

*Option 1* 
*To enter System Recovery Options from the Advanced Boot Options:*


Restart the computer.
As soon as the BIOS is loaded begin tapping the* F8* key until Advanced Boot Options appears.
Use the arrow keys to select the *Repair your computer* menu item.
Select *US* as the keyboard language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account an click *Next*.

*Option 2* 
*To enter System Recovery Options by using Windows installation disc:*


Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click *Repair your computer*.
Select *US* as the keyboard language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account and click *Next*.

NOTE: If you are unable to complete either *Option 1* or *2* then *stop* and let me know. This tool will only run correctly if you are able to get to the *System Recovery Options* menu.

*On the System Recovery Options menu you will get the following options:*

*Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt*


Select *Command Prompt*
In the command window type in *notepad* and press *Enter*.
The notepad opens. Under *File* menu select *Open*.
Select *Computer* and find your flash drive letter and close *notepad*.
In the command window type *e:\frst.exe* (for x64 bit version type *e:\frst64*) and press *Enter* 
*Note:* Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click *Yes* to disclaimer.
Press *Scan* button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


----------



## Mark1956 (May 7, 2011)

I've just been receiving some suggestions from other Malware helpers. Apparently Combofix has had a recent update that helps it fix lost internet connections.

I'd still like you to run the above tool but please also delete the Combofix icon on your desktop and follow one of these links to download a fresh copy and save it to the desktop:

Download Mirror #1
Download Mirror #2

Once done, disable your Anti Virus and double click the icon to run a scan, then post the new log. Reboot after it has finished and then see if your internet is working or not.


----------



## computernoob1 (Aug 16, 2012)

do i turn tmy computer off after the first scan?


----------



## Mark1956 (May 7, 2011)

After running FRST you will have to reboot in order to get the log from the Flash drive and post it, you can then continue with running Combofix.


----------



## computernoob1 (Aug 16, 2012)

ye thats me finnished still no internet

heres the first log
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-09-2012 01
Ran by SYSTEM at 01-10-2012 18:31:37
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) 
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKU\dad\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-15] (TOSHIBA)
HKU\dad\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-02] (Google Inc.)
HKU\dad\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [717696 2010-01-16] (Microsoft Corporation)
HKU\dad\...\Policies\system: [LogonHoursAction] 2
HKU\dad\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-15] (TOSHIBA)
HKU\Default User\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-15] (TOSHIBA)
HKU\scott #1\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-15] (TOSHIBA)
HKU\scott #1\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-02] (Google Inc.)
HKU\scott #1\...\Policies\system: [LogonHoursAction] 2
HKU\scott #1\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\scottttt\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-15] (TOSHIBA)
HKU\scottttt\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-02] (Google Inc.)
HKU\scottttt\...\Policies\system: [LogonHoursAction] 2
HKU\scottttt\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\dad\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
==================== Services (Whitelisted) ===================
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
4 TemproMonitoringService; "C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe" [112080 2011-02-09] (Toshiba Europe GmbH)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
==================== Drivers (Whitelisted) =====================
0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2012-01-14] (Duplex Secure Ltd.)
3 tap0901t; C:\Windows\System32\Drivers\tap0901t.sys [31232 2009-09-15] (Tunngle.net)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========
2012-10-01 09:20 - 2012-10-01 09:20 - 00000720 ____A C:\Users\scott #1\Desktop\ComboFix - Shortcut (2).lnk
2012-10-01 09:20 - 2012-10-01 09:18 - 04759381 ____A (Swearware) C:\Users\scott #1\Desktop\ComboFix.exe
2012-09-30 13:07 - 2012-09-30 13:07 - 00443411 ____A C:\Users\scott #1\Desktop\CBS.zip
2012-09-30 13:06 - 2012-09-28 14:14 - 05628130 ____A C:\Users\scott #1\Desktop\CBS.log
2012-09-30 13:00 - 2012-09-30 13:03 - 00005254 ____A C:\Users\scott #1\Desktop\SystemLook.txt
2012-09-30 12:49 - 2012-09-30 12:50 - 00001556 ____A C:\Users\scott #1\Desktop\RKreport[2].txt
2012-09-30 12:42 - 2012-09-30 12:42 - 00001484 ____A C:\Users\scott #1\Desktop\RKreport[1].txt
2012-09-30 12:41 - 2012-09-30 12:42 - 00000000 ____D C:\Users\scott #1\Desktop\RK_Quarantine
2012-09-27 12:38 - 2012-09-30 12:41 - 01412096 ____A C:\Users\scott #1\Desktop\RogueKiller.exe
2012-09-27 12:31 - 2012-09-27 12:32 - 00016516 ____A C:\AdwCleaner[S1].txt
2012-09-27 12:07 - 2012-09-27 12:03 - 00165376 ____A C:\Users\scott #1\Desktop\SystemLook_x64.exe
2012-09-27 12:07 - 2012-09-27 12:02 - 04731392 ____A (AVAST Software) C:\Users\scott #1\Desktop\aswMBR.exe
2012-09-27 12:07 - 2012-09-27 12:02 - 00513501 ____A C:\Users\scott #1\Desktop\adwcleaner.exe
2012-09-27 12:07 - 2012-09-27 12:02 - 00448512 ____A (OldTimer Tools) C:\Users\scott #1\Desktop\TFC.exe
2012-09-25 02:02 - 2012-09-25 02:02 - 00032609 ____A C:\Users\scott #1\Desktop\Result.txt
2012-09-25 02:01 - 2012-09-25 02:00 - 00751391 ____A (Farbar) C:\Users\scott #1\Desktop\MiniToolBox.exe
2012-09-22 09:08 - 2012-09-22 09:10 - 00096776 ____A C:\users\scott
2012-09-18 09:27 - 2012-09-18 09:27 - 00000000 ____D C:\Windows\pss
2012-09-14 07:04 - 2012-09-14 06:37 - 00006366 ____A C:\Users\scott #1\Desktop\FIX-BITS.reg
2012-09-13 07:02 - 2012-09-13 07:02 - 00000000 ____D C:\Windows\System32\.exe
2012-09-12 08:42 - 2012-09-12 08:42 - 00000216 ____A C:\Windows\Tasks\SidebarExecute.job
2012-09-12 08:17 - 2008-05-07 21:03 - 00303616 ____A ( ) C:\SetACL.exe
2012-09-12 07:47 - 2012-09-12 08:50 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-09-12 07:47 - 2004-06-11 15:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
2012-09-12 07:46 - 2012-09-12 07:46 - 00000207 ____A C:\Windows\tweaking.com-regbackup-SCOTTWHITETOP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2012-09-12 07:44 - 2012-09-12 07:44 - 00000000 ____D C:\RegBackup
2012-09-12 06:50 - 2012-09-12 06:50 - 00002294 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2012-09-12 06:50 - 2012-09-12 06:50 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2012-09-12 06:49 - 2012-09-12 06:42 - 05313275 ____A C:\Users\scott #1\Desktop\tweaking.com_windows_repair_aio_setup.exe
2012-09-09 09:49 - 2012-09-09 09:47 - 00018730 ____A C:\Users\scott #1\Desktop\SharedAccess.zip
2012-09-09 09:49 - 2012-09-09 07:39 - 00362882 ____A C:\Users\scott #1\Desktop\SharedAccess.reg
2012-09-09 09:06 - 2012-09-09 09:06 - 00026741 ____A C:\Users\scott #1\Desktop\ComboFix (2).txt
2012-09-09 06:17 - 2012-09-22 08:08 - 00002485 ____A C:\Users\scott #1\Desktop\FSS.txt
2012-09-09 06:17 - 2012-09-09 06:19 - 00693235 ____A (Farbar) C:\Users\scott #1\Desktop\FSS.exe
2012-09-09 04:09 - 2012-09-09 04:12 - 00021508 ____A C:\Users\scott #1\Desktop\ComboFix.txt
2012-09-09 03:43 - 2012-09-09 03:43 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-09 03:43 - 2012-09-09 03:43 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-09-09 03:43 - 2012-09-09 03:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-09-09 03:42 - 2012-09-09 03:26 - 12621696 ____A (Microsoft Corporation) C:\Users\scott #1\Desktop\mseinstall.exe
2012-09-09 03:27 - 2012-09-09 03:28 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2012-09-09 03:21 - 2012-09-09 03:22 - 03178400 ____A (McAfee, Inc.) C:\Users\scott #1\Desktop\MCPR.exe
2012-09-09 03:10 - 2012-09-09 03:10 - 00000000 ____D C:\Users\scott #1\Documents\Tunngle
2012-09-09 03:10 - 2012-09-09 03:10 - 00000000 ____D C:\Users\scott #1\AppData\Roaming\Tunngle
2012-09-08 09:54 - 2012-09-08 09:55 - 00607260 ____R (Swearware) C:\Users\scott #1\Desktop\dds.scr
2012-09-07 13:50 - 2012-09-07 13:50 - 00000000 ____D C:\Users\scottttt\AppData\Roaming\Real
2012-09-07 07:07 - 2012-09-17 22:43 - 00000372 ____A C:\TMachInfo.log
2012-09-06 09:00 - 2012-08-12 01:43 - 00001149 ____A C:\Users\Public\Desktop\StarCraft II.lnk
2012-09-06 09:00 - 2012-07-30 11:49 - 00001179 ____A C:\Users\Public\Desktop\Driver Robot.lnk
2012-09-06 09:00 - 2012-07-30 11:41 - 00002469 ____A C:\Users\Public\Desktop\DriverUpdate.lnk
2012-09-06 09:00 - 2012-07-05 04:30 - 00001757 ____A C:\Users\Public\Desktop\Browser Choice.lnk
2012-09-06 09:00 - 2012-06-16 10:40 - 00002585 ____A C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
2012-09-06 09:00 - 2012-02-06 13:59 - 00002266 ____A C:\Users\Public\Desktop\Reader Library.lnk
2012-09-06 08:06 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-06 08:06 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-06 08:06 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-06 08:06 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-06 08:06 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-06 08:06 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-06 08:06 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-06 08:06 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-06 08:03 - 2012-09-06 08:03 - 00013389 ____A C:\Users\scott #1\Desktop\ComboFix - Shortcut.lnk
2012-09-06 06:44 - 2012-09-06 06:44 - 00000000 ____D C:\Users\scott #1\AppData\Local\{1B58B89C-5D8A-42B8-ABDD-AC371929CD32}
2012-09-04 13:11 - 2012-09-04 13:13 - 00000000 ____D C:\Users\scott #1\Downloads\The.Walking.Dead.S02
2012-09-03 08:39 - 2012-09-18 08:54 - 00000000 ____D C:\Users\scott #1\Downloads\Weeds
2012-09-03 08:31 - 2012-09-03 08:36 - 00000000 ____D C:\Users\scott #1\Downloads\Season 1
2012-09-03 08:30 - 2012-09-03 08:54 - 00000000 ____D C:\Users\scott #1\Downloads\The Walking Dead - The Complete Season 1 [HDTV]
2012-09-02 08:27 - 2012-09-02 08:27 - 00000000 ____D C:\Users\scott #1\AppData\Local\{5FE78550-0F81-4D08-9446-835F4B0F8EDA}
2012-09-02 04:27 - 2012-09-02 04:27 - 00000000 ____D C:\Users\scott #1\New folder
2012-09-02 03:40 - 2012-09-02 03:40 - 00000136 ____A C:\Users\scott #1\Desktop\Diablo II Expansion Set Lord of Destruction ™ - Shortcut.lnk
2012-09-01 13:31 - 2012-09-01 13:32 - 00000000 ____D C:\Users\scott #1\Documents\My Spore Creations
2012-09-01 12:53 - 2012-09-01 13:14 - 511506097 ____A C:\Users\scott #1\Downloads\True.Blood.S05E11.HDTV.x264-EVOLVE.mp4
2012-09-01 12:52 - 2012-09-01 12:52 - 00001271 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-09-01 12:51 - 2012-09-01 13:04 - 549392510 ____A C:\Users\scott #1\Downloads\True.Blood.S05E12.HDTV.x264-EVOLVE.mp4
2012-09-01 12:51 - 2012-09-01 12:51 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-09-01 12:51 - 2012-09-01 12:51 - 00198864 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-09-01 12:51 - 2012-09-01 12:51 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-09-01 12:51 - 2012-09-01 12:51 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-09-01 12:50 - 2012-09-01 12:53 - 00000000 ____D C:\Users\scott #1\AppData\Roaming\Real
2012-09-01 12:50 - 2012-09-01 12:52 - 00000000 ____D C:\Program Files (x86)\Real
2012-09-01 12:50 - 2012-09-01 12:50 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-09-01 12:49 - 2012-09-01 12:54 - 00000000 ____D C:\Users\All Users\Real
2012-09-01 10:35 - 2012-09-01 10:35 - 00050477 ____A C:\Users\scott #1\Desktop\Defogger.exe
2012-09-01 10:34 - 2012-09-01 10:34 - 00000000 ____A C:\Users\scott #1\defogger_reenable
2012-09-01 10:05 - 2012-09-01 10:05 - 05273988 ____A C:\Users\scott #1\Downloads\HS_Releaseversion_3.1.rar
2012-09-01 10:05 - 2012-09-01 10:05 - 00000000 ____D C:\Users\scott #1\Desktop\nbvvvvcccv
2012-09-01 02:29 - 2012-09-01 02:29 - 00002026 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-09-01 02:19 - 2012-09-01 02:20 - 00000000 ____D C:\Users\scott #1\AppData\Local\{978A6B2A-D445-48F1-AF04-AA6C53AA2D5D}

==================== 3 Months Modified Files ==================
2012-10-01 09:24 - 2011-09-21 11:56 - 02019662 ____A C:\Windows\WindowsUpdate.log
2012-10-01 09:21 - 2009-07-13 20:45 - 00025120 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-01 09:21 - 2009-07-13 20:45 - 00025120 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-01 09:20 - 2012-10-01 09:20 - 00000720 ____A C:\Users\scott #1\Desktop\ComboFix - Shortcut (2).lnk
2012-10-01 09:18 - 2012-10-01 09:20 - 04759381 ____A (Swearware) C:\Users\scott #1\Desktop\ComboFix.exe
2012-09-30 13:07 - 2012-09-30 13:07 - 00443411 ____A C:\Users\scott #1\Desktop\CBS.zip
2012-09-30 13:03 - 2012-09-30 13:00 - 00005254 ____A C:\Users\scott #1\Desktop\SystemLook.txt
2012-09-30 12:50 - 2012-09-30 12:49 - 00001556 ____A C:\Users\scott #1\Desktop\RKreport[2].txt
2012-09-30 12:42 - 2012-09-30 12:42 - 00001484 ____A C:\Users\scott #1\Desktop\RKreport[1].txt
2012-09-30 12:41 - 2012-09-27 12:38 - 01412096 ____A C:\Users\scott #1\Desktop\RogueKiller.exe
2012-09-30 12:36 - 2009-07-13 21:08 - 00032614 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-30 12:36 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-30 12:36 - 2009-07-13 20:51 - 00098319 ____A C:\Windows\setupact.log
2012-09-28 14:14 - 2012-09-30 13:06 - 05628130 ____A C:\Users\scott #1\Desktop\CBS.log
2012-09-27 12:33 - 2010-11-20 19:47 - 00493876 ____A C:\Windows\PFRO.log
2012-09-27 12:32 - 2012-09-27 12:31 - 00016516 ____A C:\AdwCleaner[S1].txt
2012-09-27 12:03 - 2012-09-27 12:07 - 00165376 ____A C:\Users\scott #1\Desktop\SystemLook_x64.exe
2012-09-27 12:02 - 2012-09-27 12:07 - 04731392 ____A (AVAST Software) C:\Users\scott #1\Desktop\aswMBR.exe
2012-09-27 12:02 - 2012-09-27 12:07 - 00513501 ____A C:\Users\scott #1\Desktop\adwcleaner.exe
2012-09-27 12:02 - 2012-09-27 12:07 - 00448512 ____A (OldTimer Tools) C:\Users\scott #1\Desktop\TFC.exe
2012-09-25 02:02 - 2012-09-25 02:02 - 00032609 ____A C:\Users\scott #1\Desktop\Result.txt
2012-09-25 02:00 - 2012-09-25 02:01 - 00751391 ____A (Farbar) C:\Users\scott #1\Desktop\MiniToolBox.exe
2012-09-22 09:10 - 2012-09-22 09:08 - 00096776 ____A C:\users\scott
2012-09-22 08:08 - 2012-09-09 06:17 - 00002485 ____A C:\Users\scott #1\Desktop\FSS.txt
2012-09-17 22:43 - 2012-09-07 07:07 - 00000372 ____A C:\TMachInfo.log
2012-09-14 06:37 - 2012-09-14 07:04 - 00006366 ____A C:\Users\scott #1\Desktop\FIX-BITS.reg
2012-09-12 08:59 - 2012-01-29 10:27 - 00110184 ____A C:\Users\scott #1\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-12 08:52 - 2009-07-13 20:45 - 00417440 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-12 08:50 - 2012-09-12 07:47 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-09-12 08:42 - 2012-09-12 08:42 - 00000216 ____A C:\Windows\Tasks\SidebarExecute.job
2012-09-12 08:40 - 2009-07-13 21:13 - 00744378 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-12 07:46 - 2012-09-12 07:46 - 00000207 ____A C:\Windows\tweaking.com-regbackup-SCOTTWHITETOP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2012-09-12 06:50 - 2012-09-12 06:50 - 00002294 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2012-09-12 06:42 - 2012-09-12 06:49 - 05313275 ____A C:\Users\scott #1\Desktop\tweaking.com_windows_repair_aio_setup.exe
2012-09-09 09:47 - 2012-09-09 09:49 - 00018730 ____A C:\Users\scott #1\Desktop\SharedAccess.zip
2012-09-09 09:06 - 2012-09-09 09:06 - 00026741 ____A C:\Users\scott #1\Desktop\ComboFix (2).txt
2012-09-09 08:57 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-09 08:57 - 2009-07-13 18:34 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts_bak_179
2012-09-09 07:39 - 2012-09-09 09:49 - 00362882 ____A C:\Users\scott #1\Desktop\SharedAccess.reg
2012-09-09 06:19 - 2012-09-09 06:17 - 00693235 ____A (Farbar) C:\Users\scott #1\Desktop\FSS.exe
2012-09-09 05:36 - 2012-07-12 06:58 - 00110184 ____A C:\Users\scottttt\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-09 04:12 - 2012-09-09 04:09 - 00021508 ____A C:\Users\scott #1\Desktop\ComboFix.txt
2012-09-09 03:43 - 2012-09-09 03:43 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-09 03:43 - 2011-12-11 13:15 - 00750224 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-09-09 03:26 - 2012-09-09 03:42 - 12621696 ____A (Microsoft Corporation) C:\Users\scott #1\Desktop\mseinstall.exe
2012-09-09 03:22 - 2012-09-09 03:21 - 03178400 ____A (McAfee, Inc.) C:\Users\scott #1\Desktop\MCPR.exe
2012-09-08 09:55 - 2012-09-08 09:54 - 00607260 ____R (Swearware) C:\Users\scott #1\Desktop\dds.scr
2012-09-06 22:41 - 2011-08-02 19:56 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-06 22:39 - 2012-04-07 11:47 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-06 13:45 - 2012-07-12 06:41 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd603c7bcd7c55.job
2012-09-06 08:04 - 2012-08-27 08:08 - 04745358 ____R (Swearware) C:\Users\scott #1\Downloads\ComboFix.exe
2012-09-06 08:03 - 2012-09-06 08:03 - 00013389 ____A C:\Users\scott #1\Desktop\ComboFix - Shortcut.lnk
2012-09-06 06:42 - 2012-07-30 11:41 - 00000426 ____A C:\Windows\Tasks\DriverUpdate Startup.job
2012-09-02 03:40 - 2012-09-02 03:40 - 00000136 ____A C:\Users\scott #1\Desktop\Diablo II Expansion Set Lord of Destruction ™ - Shortcut.lnk
2012-09-02 01:44 - 2012-07-30 11:49 - 00000352 ____A C:\Windows\Tasks\Driver Robot.job
2012-09-01 13:14 - 2012-09-01 12:53 - 511506097 ____A C:\Users\scott #1\Downloads\True.Blood.S05E11.HDTV.x264-EVOLVE.mp4
2012-09-01 13:04 - 2012-09-01 12:51 - 549392510 ____A C:\Users\scott #1\Downloads\True.Blood.S05E12.HDTV.x264-EVOLVE.mp4
2012-09-01 12:52 - 2012-09-01 12:52 - 00001271 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-09-01 12:51 - 2012-09-01 12:51 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-09-01 12:51 - 2012-09-01 12:51 - 00198864 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-09-01 12:51 - 2012-09-01 12:51 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-09-01 12:51 - 2012-09-01 12:51 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-09-01 12:50 - 2012-09-01 12:50 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-09-01 12:50 - 2003-02-20 20:42 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-09-01 10:35 - 2012-09-01 10:35 - 00050477 ____A C:\Users\scott #1\Desktop\Defogger.exe
2012-09-01 10:34 - 2012-09-01 10:34 - 00000000 ____A C:\Users\scott #1\defogger_reenable
2012-09-01 10:05 - 2012-09-01 10:05 - 05273988 ____A C:\Users\scott #1\Downloads\HS_Releaseversion_3.1.rar
2012-09-01 02:29 - 2012-09-01 02:29 - 00002026 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-08-27 09:04 - 2012-07-26 13:00 - 00001280 ____A C:\Users\scott #1\Desktop\Edain Mod Switcher.lnk
2012-08-26 09:07 - 2012-08-26 09:07 - 00000160 ____A C:\Users\All Users\-P5p3M8Qj8NUsIkr
2012-08-26 09:07 - 2012-08-26 09:07 - 00000144 ____A C:\Users\All Users\-P5p3M8Qj8NUsIk
2012-08-26 07:33 - 2012-04-07 11:46 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-26 07:33 - 2011-12-19 13:06 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-17 13:49 - 2012-08-17 13:49 - 00007597 ____A C:\Users\scott #1\AppData\Local\Resmon.ResmonCfg
2012-08-17 09:44 - 2012-08-17 09:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F1C598EDD8F802F7
2012-08-15 22:40 - 2012-08-15 22:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9EEB48A02EB57BC2
2012-08-14 11:50 - 2012-08-15 06:49 - 74791480 ____A (Microsoft Corporation) C:\Users\scott #1\Desktop\msert.exe
2012-08-13 10:31 - 2012-02-19 11:00 - 00000418 ____A C:\Windows\SysWOW64\AppLog.log
2012-08-13 08:32 - 2012-07-12 06:38 - 00000072 ____A C:\Users\All Users\-IBpUTQ0ufCs3UR
2012-08-13 08:31 - 2012-07-12 06:37 - 00000592 ____A C:\Users\All Users\IBpUTQ0ufCs3UR
2012-08-13 05:28 - 2012-07-31 07:49 - 00122467 ____A C:\Users\scott #1\AppData\Roaming\userenv.xml
2012-08-12 01:43 - 2012-09-06 09:00 - 00001149 ____A C:\Users\Public\Desktop\StarCraft II.lnk
2012-08-09 08:40 - 2012-08-09 08:31 - 573405586 ____A C:\Users\scott #1\Downloads\True.Blood.S05E09.HDTV.x264-EVOLVE.mp4
2012-07-31 14:19 - 2012-07-31 14:19 - 00001079 ____A C:\Users\scottttt\Desktop\Music - Shortcut.lnk
2012-07-31 07:49 - 2012-07-31 07:49 - 00161401 ____A C:\Users\scott #1\AppData\Roaming\userenv.xml.urlencode
2012-07-30 16:51 - 2011-09-21 12:22 - 00013706 ____A C:\Windows\DPINST.LOG
2012-07-30 16:47 - 2012-07-30 16:47 - 00001769 ____A C:\Windows\Language_trs.ini
2012-07-30 12:20 - 2012-07-30 12:12 - 442039719 ____A C:\Users\scott #1\Downloads\True.Blood.S05E05.HDTV.x264-ASAP.mp4
2012-07-30 12:15 - 2012-07-30 10:27 - 510368460 ____A C:\Users\scott #1\Downloads\True.Blood.S05E06.HDTV.x264-EVOLVE.mp4
2012-07-30 12:11 - 2012-07-30 09:56 - 459867661 ____A C:\Users\scott #1\Downloads\True.Blood.S05E08.HDTV.x264-COMPULSiON.mp4
2012-07-30 11:58 - 2012-07-30 10:01 - 504403143 ____A C:\Users\scott #1\Downloads\True.Blood.S05E07.HDTV.x264-EVOLVE.mp4
2012-07-30 11:56 - 2012-07-30 09:46 - 494399192 ____A C:\Users\scott #1\Downloads\True.Blood.S05E03.HDTV.x264-ASAP.mp4
2012-07-30 11:49 - 2012-09-06 09:00 - 00001179 ____A C:\Users\Public\Desktop\Driver Robot.lnk
2012-07-30 11:41 - 2012-09-06 09:00 - 00002469 ____A C:\Users\Public\Desktop\DriverUpdate.lnk
2012-07-30 09:48 - 2012-07-30 09:48 - 533378739 ____A C:\Users\scott #1\Downloads\True.Blood.S05E04.HDTV.x264-ASAP.mp4
2012-07-30 09:48 - 2012-07-30 09:48 - 444929495 ____A C:\Users\scott #1\Downloads\True.Blood.S05E02.HDTV.x264-ASAP.mp4
2012-07-26 13:09 - 2012-07-26 13:02 - 843633166 ____A C:\Users\scott #1\Downloads\Edain_Mod_v3.8.1.exe
2012-07-17 00:59 - 2012-07-12 06:56 - 00000632 __RAS C:\Users\scottttt\ntuser.pol
2012-07-13 08:42 - 2012-05-07 04:06 - 00000632 __RAS C:\Users\scott #1\ntuser.pol
2012-07-12 06:56 - 2012-07-12 06:56 - 00000020 ___SH C:\Users\scottttt\ntuser.ini
2012-07-12 06:39 - 2012-07-12 06:38 - 00000072 ____A C:\Users\All Users\-IBpUTQ0ufCs3URr
2012-07-12 01:38 - 2011-08-02 20:36 - 00286580 ____A C:\Windows\DirectX.log
2012-07-11 23:50 - 2012-02-01 10:27 - 00000000 ____A C:\Windows\SysWOW64\Access.dat
2012-07-11 18:03 - 2011-12-22 17:08 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-08 08:06 - 2012-07-08 08:06 - 00001315 ____A C:\Users\scott #1\Desktop\My application.lnk
2012-07-05 13:55 - 2012-07-05 13:49 - 819454440 ____A C:\Users\scott #1\Downloads\Edain_Mod_v3.7.5.zip
2012-07-05 04:30 - 2012-09-06 09:00 - 00001757 ____A C:\Users\Public\Desktop\Browser Choice.lnk

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-09-12 07:44:42
Restore point made on: 2012-09-12 07:45:48
==================== Memory info =========================== 
Percentage of memory in use: 12%
Total physical RAM: 5734.87 MB
Available physical RAM: 5032.92 MB
Total Pagefile: 5733.07 MB
Available Pagefile: 5032.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: (WINDOWS) (Fixed) (Total:297.45 GB) (Free:49.05 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:298.33 GB) (Free:229.37 GB) NTFS
3 Drive e: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.2 GB) (Free:0 GB) UDF
5 Drive g: (Elements) (Fixed) (Total:465.76 GB) (Free:153.42 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B 
Disk 1 Online 465 GB 0 B 
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 399 MB 1024 KB
Partition 2 Primary 297 GB 400 MB
Partition 3 Primary 298 GB 297 GB
==================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E SYSTEM NTFS Partition 399 MB Healthy Hidden 
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C WINDOWS NTFS Partition 297 GB Healthy 
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Data NTFS Partition 298 GB Healthy 
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB
==================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G Elements NTFS Partition 465 GB Healthy 
=========================================================
Last Boot: 2012-09-06 07:49
==================== End Of Log =============================

and then the combofix log
ComboFix 12-09-30.03 - scott #1 01/10/2012 18:42:12.4.2 - x64
Running from: c:\users\scott #1\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\CodecC\bhoclass.dll
J:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-09-01 to 2012-10-01 )))))))))))))))))))))))))))))))
.
.
2012-10-02 02:31 . 2012-10-02 02:31 -------- d-----w- C:\FRST
2012-10-01 17:54 . 2012-10-01 17:54 -------- d-----w- c:\users\scottttt\AppData\Local\temp
2012-10-01 17:54 . 2012-10-01 17:54 -------- d-----w- c:\users\scott white\AppData\Local\temp
2012-10-01 17:54 . 2012-10-01 17:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-01 17:54 . 2012-10-01 17:54 -------- d-----w- c:\users\dad\AppData\Local\temp
2012-09-13 15:02 . 2012-09-13 15:02 -------- d-----w- c:\windows\system32\.exe
2012-09-12 16:34 . 2012-09-12 16:35 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2012-09-12 16:17 . 2008-05-08 05:03 303616 ----a-w- C:\SetACL.exe
2012-09-12 15:47 . 2012-09-12 16:50 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-09-12 15:47 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-09-12 15:44 . 2012-09-12 15:44 -------- d-----w- C:\RegBackup
2012-09-12 14:50 . 2012-09-12 16:43 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-09-12 14:50 . 2012-09-12 14:50 -------- d-----w- c:\program files (x86)\Tweaking.com
2012-09-09 11:43 . 2012-09-09 11:43 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-09-09 11:43 . 2012-09-09 11:43 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-09 11:33 . 2012-09-09 11:33 -------- d-s---w- c:\windows\SysWow64\Microsoft
2012-09-09 11:27 . 2012-09-09 11:28 -------- d-----w- c:\program files (x86)\CheckPoint
2012-09-09 11:10 . 2012-09-09 11:10 -------- d-----w- c:\users\scott #1\AppData\Roaming\Tunngle
2012-09-08 19:07 . 2012-09-08 19:07 -------- d-----w- c:\users\scott #1\AppData\Local\ApplicationHistory
2012-09-02 12:27 . 2012-09-02 12:27 -------- d-----w- c:\users\scott #1\New folder
2012-09-01 20:52 . 2012-09-01 20:52 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-09-01 20:50 . 2012-09-01 20:50 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-09-01 20:50 . 2012-09-01 20:52 -------- d-----w- c:\program files (x86)\Real
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 20:50 . 2003-02-21 04:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-08-26 15:33 . 2012-04-07 19:46 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-26 15:33 . 2011-12-19 21:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-17 17:44 . 2012-08-17 17:44 328704 ----a-w- c:\windows\system32\services.exe.F1C598EDD8F802F7
2012-08-16 06:40 . 2012-08-16 06:40 328704 ----a-w- c:\windows\system32\services.exe.9EEB48A02EB57BC2
2012-07-12 02:03 . 2011-12-23 01:08 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 18:09 . 2012-06-10 14:48 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2012-07-03 18:09 . 2012-06-10 14:48 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2012-07-03 18:09 . 2012-06-10 14:48 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3EC9FE54-C6BD-4C5A-B7F5-A50433C87C0F}]
c:\programdata\CodecC\bhoclass.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{56FD8D70-0AA2-443F-A549-A4651A8D0AA7}]
c:\programdata\CodecC\bhoclass.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}]
c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{A531D99C-5A22-449b-83DA-872725C6D0ED}"= "c:\program files (x86)\alotappbar\bin\ALOTHelper.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{a531d99c-5a22-449b-83da-872725c6d0ed}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-03 39408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-11-30 307304]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-12 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-26 250056]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-28 204288]
R4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
R4 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 136176]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-12-08 267192]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-28 9371136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-28 309760]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-02-09 77424]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 38096]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2009-06-15 12800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-06-05 34872]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 15:35]
.
2012-09-02 c:\windows\Tasks\Driver Robot.job
- c:\program files (x86)\Driver Robot\Driver Robot.lnk [2012-07-30 19:49]
.
2012-09-06 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2012-07-02 14:12]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd603c7bcd7c55.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 03:56]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 03:56]
.
2012-09-12 c:\windows\Tasks\SidebarExecute.job
- c:\program files (x86)\Windows Sidebar\sidebar.exe [2010-11-21 03:25]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-794785944-1427257573-3050441696-1004\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:32,fa,45,99,b2,5f,36,9c,4f,67,cc,c3,03,6a,b6,9f,a6,b7,e8,02,ba,
77,cd,e8,7c,13,30,46,1d,59,a5,aa,d6,dd,16,9e,27,42,98,64,8c,2f,e7,9a,92,7f,\
"rkeysecu"=hex:c5,c2,ec,be,43,f5,91,58,1f,aa,d6,96,7d,84,a8,41
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
Completion time: 2012-10-01 19:06:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-01 18:06
.
Pre-Run: 52,610,969,600 bytes free
Post-Run: 52,547,321,856 bytes free
.
- - End Of File - - B4E561E19FDC700627238B8531FB105E


----------



## Mark1956 (May 7, 2011)

Well that was worth a try, I still have a few ideas left but not many, although some further suggestions may come from my colleagues. If you can get your hands on a copy of Windows 7 all the problems can be quickly solved, you might even get away with a Repair Install which will save all your data and installed software.

I like you to try a couple of very basic routines.

Open the Device Manager from the Control Panel.
NOTE: If you see any yellow warning symbols STOP and post back telling what item they are next to.
Look down the list for Network Adapters, click on the small symbol next to it to open the list.
You should see: Atheros AR9002WB-1NG Wireless Network Adapter
Right click on it and select Uninstall and then reboot the system.
On reboot you should see a pop up in the bottom right corner of the screen saying it is installing drivers.
When complete see if the internet is obtainable.

Another thing to try is to use a cable connection direct to your router and see if that brings any joy.


----------



## computernoob1 (Aug 16, 2012)

ok i think i can get a copy of windows 7 but it will take a couple of days i tried the thing from the post above and device manager says class not registered like the services


----------



## Mark1956 (May 7, 2011)

I take it you got that error when you tried to open Device Manager or when you tried to view the Network Adapters?


EDIT: I should add if you manage to get a copy of Windows 7 it must match your version for your licence key to work so it needs to be Home Premium. We can integrate Service Pack 1 but if it is included so much the better.


----------



## Mark1956 (May 7, 2011)

One more small thing I don't think we have tried, boot the PC into *Safe Mode with Networking* and see if the internet connects.

And, I should have added, the version of Windows you borrow needs to be 64bit in order to try a Repair Install. Either 32bit or 64 bit should work with your licence key, but if you get 32bit it can only be used for a clean install which will wipe everything else off the drive.


----------



## Mark1956 (May 7, 2011)

Have you got that Windows 7 disc yet?


----------



## Mark1956 (May 7, 2011)

Due to the lack of response I am marking this thread as solved.

You can still post back if you need any further assistance.


----------

