Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popup adds in lower left corner of IE, Chrome, and Firefox


  • Please log in to reply
14 replies to this topic

#1 bwww

bwww

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 23 February 2013 - 07:04 PM


In IE, Chrome, and Firefox I get pop up ads, always in bottom left corner of the browser. If I view source or inspect elemen I see that in IE they normally related to "ad.xtendmedia.com", in Chrome it is "content.yieldmanager.edgesuite.net", and in Firefox it is "cdn.fhserve.com"

Occasionally the browsers will redirect me to unwanted pages.

I have run various tools such as malwarebytes but the ads always return. Please help. Thank you.



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:07 AM

Posted 23 February 2013 - 07:05 PM


  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters




  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now




  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue




  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.



  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.



  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results

 



#3 thompjon

thompjon

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 23 February 2013 - 08:34 PM

I am having the same issue.  Can I post my results also or would you rather I create a new post with my results.  Thanks



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:07 AM

Posted 23 February 2013 - 08:40 PM

I am having the same issue.  Can I post my results also or would you rather I create a new post with my results.  Thanks

 

Create a new topic

 

Thanks



#5 bwww

bwww
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 25 February 2013 - 02:34 AM

See TDSS and adwMBR logs below. The TDSS log was too long to post, so I've only shown the last few lines. Let me know if you need the full log.

 

ESET - I ran this twice, and both times it failed about 30% through (after about 2 hrs). I could not get it to run directly from IE, so I downloaded it and ran from the desktop. During the scan time, no threats were found. An error popped up that looked like it was from Windows 7 - "OnlineCmdLineScanner.exe has stopped working - a problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available." When I click close program, the ESET program didn't appear to close, and and instead it showed a scan window with the result "no threats found, scanned files 314305, scan status: finished"

 

======= TDSS =========

15:15:15.0004 5152 ============================================================
15:15:15.0004 5152 Scan finished
15:15:15.0004 5152 ============================================================
15:15:15.0004 5144 Detected object count: 0
15:15:15.0004 5144 Actual detected object count: 0
15:17:00.0799 4564 Deinitialize success

 

======== aswMBR ========
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-24 21:47:36
-----------------------------
21:47:36.131 OS Version: Windows x64 6.1.7601 Service Pack 1
21:47:36.131 Number of processors: 4 586 0xF0B
21:47:36.131 ComputerName: ESCOFFIER UserName: Renee
21:47:38.071 Initialize success
21:47:47.213 AVAST engine defs: 13022301
21:47:56.643 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:47:56.643 Disk 0 Vendor: SAMSUNG_HD642JJ 1AA01113 Size: 610480MB BusType: 3
21:47:56.653 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
21:47:56.653 Disk 1 Vendor: WDC_WD10EADS-00L5B1 01.01A01 Size: 953869MB BusType: 3
21:47:56.853 Disk 0 MBR read successfully
21:47:56.863 Disk 0 MBR scan
21:47:56.863 Disk 0 Windows 7 default MBR code
21:47:56.923 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
21:47:57.073 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
21:47:57.093 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 595056 MB offset 31586304
21:47:57.253 Disk 0 scanning C:\Windows\system32\drivers
21:48:43.112 Service scanning
21:49:06.324 Modules scanning
21:49:06.334 Disk 0 trace - called modules:
21:49:06.364 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
21:49:06.374 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005ee7060]
21:49:06.384 3 CLASSPNP.SYS[fffff8800188743f] -> nt!IofCallDriver -> [0xfffffa8005c0f580]
21:49:06.384 5 ACPI.sys[fffff88000d517a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005c11060]
21:49:08.644 AVAST engine scan C:\Windows
21:51:02.811 AVAST engine scan C:\Windows\system32
22:07:17.089 AVAST engine scan C:\Windows\system32\drivers
22:09:33.854 AVAST engine scan C:\Users\Renee
00:01:29.958 AVAST engine scan C:\ProgramData
01:18:06.174 Scan finished successfully
06:48:02.288 Disk 0 MBR has been saved successfully to "C:\Users\Renee\Desktop\MBR.dat"
06:48:02.288 The log file has been saved successfully to "C:\Users\Renee\Desktop\aswMBR.txt"
06:48:40.502 Disk 0 MBR has been saved successfully to "C:\Users\Renee\Desktop\MBR.dat"
06:48:40.502 The log file has been saved successfully to "C:\Users\Renee\Desktop\aswMBR 2.txt"

 

======== ESET ========
Scan did not complete. Tried twice and stopped at about 30%. No threats found.



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:07 AM

Posted 25 February 2013 - 02:36 AM

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.
 

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.  You can also right click on the link and select Save Link As

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.



  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================

 

 

Farbar's MiniToolBox

--------------------
 

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.
 

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------
 

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------
 

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:
 


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------
 

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. icon_thumb.gif
 

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log

Edited by narenxp, 25 February 2013 - 03:25 PM.


#7 bwww

bwww
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 25 February 2013 - 03:20 PM

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.25.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Renee :: ESCOFFIER [administrator]

2/25/2013 6:36:09 PM
mbam-log-2013-02-25 (18-36-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 434348
Time elapsed: 11 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


~~~  MINITOOLBOX ~~~

MiniToolBox by Farbar  Version:10-01-2013
Ran by Renee (administrator) on 25-02-2013 at 20:46:47
Running from "C:\Users\Renee\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1             localhost

 

~~~~ FARBAR SERVICE SCANNER ~~~~~

Farbar Service Scanner Version: 20-02-2013
Ran by Renee (administrator) on 25-02-2013 at 20:49:22
Running from "C:\Users\Renee\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of wscsvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of wscsvc. The value does not exist.
Unable to retrieve ServiceDll of wscsvc. The value does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.
Unable to retrieve ServiceDll of WinDefend. The value does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




~~~~ ADWCLEANER  ~~~~

# AdwCleaner v2.113 - Logfile created 02/25/2013 at 20:52:34
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Renee - ESCOFFIER
# Boot Mode : Normal
# Running from : C:\Users\Renee\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : WajamUpdater

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Users\Renee\AppData\Roaming\Mozilla\Firefox\Profiles\gdb00rjv.default\searchplugins\web-search.xml
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\SelectRebates
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeze.com
Folder Deleted : C:\Users\Renee\AppData\LocalLow\Claro LTD
Folder Deleted : C:\Users\Renee\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Renee\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Renee\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Freeze.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\9578b8ab438b914
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Wow6432Node\9578b8ab438b914
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\FCTB000061107
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51

-7695ECA05670}
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\Renee\AppData\Roaming\Mozilla\Firefox\Profiles\gdb00rjv.default\prefs.js

C:\Users\Renee\AppData\Roaming\Mozilla\Firefox\Profiles\gdb00rjv.default\user.js ... Deleted !

Deleted : user_pref("browser.search.selectedEngine", "Web Search");
Deleted : user_pref("extensions.claro.admin", false);
Deleted : user_pref("extensions.claro.aflt", "babsst");
Deleted : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Deleted : user_pref("extensions.claro.dfltLng", "en");
Deleted : user_pref("extensions.claro.excTlbr", false);
Deleted : user_pref("extensions.claro.id", "baec04ee0000000000000021706ee429");
Deleted : user_pref("extensions.claro.instlDay", "15681");
Deleted : user_pref("extensions.claro.instlRef", "sst");
Deleted : user_pref("extensions.claro.prdct", "claro");
Deleted : user_pref("extensions.claro.prtnrId", "claro");
Deleted : user_pref("extensions.claro.tlbrId", "base");
Deleted : user_pref("extensions.claro.tlbrSrchUrl", "");
Deleted : user_pref("extensions.claro.vrsn", "1.8.3.10");
Deleted : user_pref("extensions.claro.vrsni", "1.8.3.10");
Deleted : user_pref("extensions.claro_i.smplGrp", "none");
Deleted : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1022:07:57");
Deleted : user_pref("extensions.sahtb.searchEngineNameCurrent", "Web Search");
Deleted : user_pref("extensions.sahtb.searchEngineNameSAH", "Web Search");
Deleted : user_pref("extensions.sahtb.url.merchants.data", "<?xml version=\"1.0\" ?><MerchantSettings><v n=\"3[...]
Deleted : user_pref("extensions.sahtb.url.prefs.data", "<ToolbarPrefs>\r\n <XMLVersion Number=\"{bdd09e8b-8dee[...]
Deleted : user_pref("keyword.URL", "hxxp://websearch.shopathome.com?user_id={6165627d-b078-45ce-a6f8-f4070ff32[...]

File : C:\Users\Kiddies\AppData\Roaming\Mozilla\Firefox\Profiles\62b08q6e.default\prefs.js

[OK] File is clean.

File : C:\Users\Sofia\AppData\Roaming\Mozilla\Firefox\Profiles\a17gn1w5.default\prefs.js

[OK] File is clean.

File : C:\Users\Valerie\AppData\Roaming\Mozilla\Firefox\Profiles\576ffzsj.default\prefs.js

[OK] File is clean.

File : C:\Users\Mimi2010\AppData\Roaming\Mozilla\Firefox\Profiles\r70b27r5.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.97

File : C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [6137 octets] - [25/02/2013 20:52:34]

########## EOF - C:\AdwCleaner[S1].txt - [6197 octets] ##########

 

~~~~ JRT ~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Home Premium x64
Ran by Renee on Mon 02/25/2013 at 20:59:56.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services


~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-

a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-

a0ff-e1416b8b2e3a}\\URL


~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73

-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-

ba73-e35ea1ea9990}


~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"


~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"


~~~ FireFox

Emptied folder: C:\Users\Renee\AppData\Roaming\mozilla\firefox\profiles\gdb00rjv.default\minidumps [27 files]


~~~ Event Viewer Logs were cleared

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/25/2013 at 21:07:23.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~~ RKILL ~~~~

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/25/2013 09:11:05 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (PID: 2524) [AU-HEUR]
 * C:\Windows\Samsung\PanelMgr\SSMMgr.exe (PID: 4760) [WD-HEUR]
 * C:\Windows\Samsung\PanelMgr\caller64.exe (PID: 4880) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

  * HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * WinDefend [Missing ImagePath]
 * wscsvc [Missing ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost
  192.157.56.28 www.google-analytics.com.
  192.157.56.28 ad-emea.doubleclick.net.
  192.157.56.28 www.statcounter.com.
  192.157.56.28 connect.facebook.net.
  192.157.56.28 platform.twitter.com.
  93.115.241.27 www.google-analytics.com.
  93.115.241.27 ad-emea.doubleclick.net.
  93.115.241.27 www.statcounter.com.
  93.115.241.27 connect.facebook.net.
  93.115.241.27 platform.twitter.com.

Program finished at: 02/25/2013 09:11:20 PM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)



#8 bwww

bwww
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 25 February 2013 - 03:22 PM

~~~ AUTORUNS ~~~

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Acronis Scheduler2 Service" "Acronis Scheduler Helper" "Acronis" "c:\program files (x86)\common files\acronis\schedule2\schedhlp.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "RtHDVCpl" "HD Audio Control Panel" "Realtek Semiconductor" "c:\windows\ravcpl64.exe"
+ "Zune Launcher" "Zune Auto-Launcher" "Microsoft Corporation" "c:\program files\zune\zunelauncher.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "B2C_AGENT" "B2C NotiAgent LGMobile Application" "LG Electronics" "c:\programdata\lgmobileax\b2c_client\b2cnotiagent.exe"
+ "HP Software Update" "hpwuSchd Application" "Hewlett-Packard" "c:\program files (x86)\hp\hp software update\hpwuschd2.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "LifeCam" "LifeExp.exe" "Microsoft Corporation" "c:\program files (x86)\microsoft lifecam\lifeexp.exe"
+ "MaxMenuMgr" "FreeAgent™ Launcher" "Seagate LLC" "c:\program files (x86)\seagate\seagatemanager\freeagent status\stxmenumgr.exe"
+ "Monitor" "Monitor Application" "LeapFrog Enterprises, Inc." "c:\program files (x86)\leapfrog\leapfrog connect\monitor.exe"
+ "PDVDDXSrv" "CyberLink PowerDVD Resident Program" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "Samsung PanelMgr" "" "" "c:\windows\samsung\panelmgr\ssmmgr.exe"
+ "SAOB Monitor" "Acronis True Image Monitor" "Acronis" "c:\program files (x86)\acronis\onlinebackupstandalone\trueimagemonitor.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "TrueImageMonitor.exe" "Acronis True Image Monitor" "Acronis" "c:\program files (x86)\acronis\trueimagehome\trueimagemonitor.exe"
"C:\Users\Renee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Dell Dock.lnk" "Dell Dock" "Stardock Corporation" "c:\program files\dell\delldock\delldock.exe"
+ "IMVU.lnk" "" "" "File not found: C:\Users\Renee\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "cdloader" "magicJack (cdloader2)" "magicJack L.P." "c:\users\renee\appdata\roaming\mjusbsp\cdloader2.exe"
+ "Google Update" "Google Installer" "Google Inc." "c:\users\renee\appdata\local\google\update\googleupdate.exe"
+ "msnmsgr" "Windows Live Messenger" "Microsoft Corporation" "c:\program files (x86)\windows live\messenger\msnmsgr.exe"
+ "Skype" "Skype " "Skype Technologies S.A." "c:\program files (x86)\skype\phone\skype.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe"
+ "TomTomHOME.exe" "System Tray application for TomTom HOME" "TomTom" "c:\program files (x86)\tomtom home 2\tomtomhomerunner.exe"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" "" "" ""
+ "Virtual Storage Mount Notification" "CbFs Mount Notifier" "EldoS Corporation" "c:\windows\system32\cbfsmntntf3.dll"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" "" "" ""
+ "Virtual Storage Mount Notification" "CbFs Mount Notifier" "EldoS Corporation" "c:\windows\syswow64\cbfsmntntf3.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "" "" ""
+ "EldosMountNotificator" "CbFs Mount Notifier" "EldoS Corporation" "c:\windows\system32\cbfsmntntf3.dll"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "" "" ""
+ "EldosMountNotificator" "CbFs Mount Notifier" "EldoS Corporation" "c:\windows\syswow64\cbfsmntntf3.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Acronis True Image Shell Extensions" "Acronis True Image Shell Extensions" "Acronis" "c:\program files (x86)\acronis\trueimagehome\tishell64.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "PhotoStreamsExt" "" "" "c:\program files\common files\apple\internet services\shellstreams64.dll"
+ "VersionsPageShellExt" "Versions Page" "Acronis" "c:\program files (x86)\acronis\trueimagehome\x64\versions_page.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Acronis True Image Shell Context Menu Extension" "Acronis True Image Shell Extensions" "Acronis" "c:\program files (x86)\acronis\trueimagehome\tishell.dll"
+ "PhotoStreamsExt" "ShellStreams.dll" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\shellstreams.dll"
+ "VersionsPageShellExt" "Versions Page" "Acronis" "c:\program files (x86)\acronis\trueimagehome\versions_page.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "VersionsPageShellExt Class" "Versions Page" "Acronis" "c:\program files (x86)\acronis\trueimagehome\x64\versions_page.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "VersionsPageShellExt Class" "Versions Page" "Acronis" "c:\program files (x86)\acronis\trueimagehome\versions_page.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Acronis True Image Shell Extensions" "Acronis True Image Shell Extensions" "Acronis" "c:\program files (x86)\acronis\trueimagehome\tishell64.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "VersionsPageShellExt" "Versions Page" "Acronis" "c:\program files (x86)\acronis\trueimagehome\x64\versions_page.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Acronis True Image Shell Context Menu Extension" "Acronis True Image Shell Extensions" "Acronis" "c:\program files (x86)\acronis\trueimagehome\tishell.dll"
+ "VersionsPageShellExt" "Versions Page" "Acronis" "c:\program files (x86)\acronis\trueimagehome\versions_page.dll"
"HKLM\Software\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" ""
+ "VersionsPageShellExt Class" "Versions Page" "Acronis" "c:\program files (x86)\acronis\trueimagehome\x64\versions_page.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" ""
+ "VersionsPageShellExt Class" "Versions Page" "Acronis" "c:\program files (x86)\acronis\trueimagehome\versions_page.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "EldosIconOverlay" "CbFs Mount Notifier" "EldoS Corporation" "c:\windows\system32\cbfsmntntf3.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "EldosIconOverlay" "CbFs Mount Notifier" "EldoS Corporation" "c:\windows\syswow64\cbfsmntntf3.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "CBrowserHelperObject Object" "BAE.dll" "Dell Inc." "c:\program files (x86)\dell\bae\bae.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\ssv.dll"
+ "Search Helper" "Search Helper for Internet Explorer" "Microsoft Corporation" "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
+ "Skype add-on for Internet Explorer" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Skype add-on for Internet Explorer" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll"
"Task Scheduler" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.5 r502" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-1196831401-2010912743-3914557152-1000Core" "Google Installer" "Google Inc." "c:\users\renee\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-1196831401-2010912743-3914557152-1000UA" "Google Installer" "Google Inc." "c:\users\renee\appdata\local\google\update\googleupdate.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Microsoft\Windows\WindowsCalendar\Reminders - Kiddies" "" "" "File not found: C:\Program Files\Windows Calendar\WinCal.exe"
+ "\Microsoft\Windows\WindowsCalendar\Reminders - Renee" "" "" "File not found: C:\Program Files\Windows Calendar\WinCal.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "File not found: C:\Windows\system32\gatherWiredInfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "File not found: C:\Windows\system32\gatherWirelessInfo.vbs"
+ "\PCConfidential" "" "" "File not found: C:\Program Files (x86)\Winferno\PC Confidential\PCConfidential.exe"
+ "\{174F271C-573E-4799-9C67-9B5AB79A57D8}" "Internet Explorer" "Microsoft Corporation" "c:\program files (x86)\internet explorer\iexplore.exe"
+ "\{40CAE53A-E594-45EF-B807-76243FC23677}" "Skype " "Skype Technologies S.A." "c:\program files (x86)\skype\phone\skype.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AcrSch2Svc" "Task scheduling for Acronis applications." "Acronis" "c:\program files (x86)\common files\acronis\schedule2\schedul2.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AERTFilters" "Andrea filters APO access service (64-bit)" "Andrea Electronics Corporation" "c:\windows\system32\aertsr64.exe"
+ "afcdpsrv" "Provides nonstop backup for partitions of the computer" "Acronis" "c:\program files (x86)\common files\acronis\cdp\afcdpsrv.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "DockLoginService" "Dock Login Service" "Stardock Corporation" "c:\program files\dell\delldock\docklogin.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Acresso Software Inc." "c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "FlipShare Service" "FlipShare Service" "" "c:\program files (x86)\flip video\flipshare\flipshareservice.exe"
+ "FlipShareServer" "Server responsible for enabling you to share Flip Media" "" "c:\program files (x86)\flip video\flipshareserver\flipshareserver.exe"
+ "FreeAgentGoNext Service" "Seagate Service" "Seagate Technology LLC" "c:\program files (x86)\seagate\seagatemanager\sync\freeagentservice.exe"
+ "Freemake Improver" "Freemake Improver" "Freemake" "c:\programdata\freemake\freemakeutilsservice\freemakeutilsservice.exe"
+ "fsssvc" "This service enables Family Safety on the computer. If this service is not running, Family Safety will not work." "Microsoft Corporation" "c:\program files (x86)\windows live\family safety\fsssvc.exe"
+ "GameConsoleService" "GameConsole management services" "WildTangent, Inc." "c:\program files (x86)\wildtangent\dell games\dell game console\gameconsoleservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "hpqcxs08" "HP CUE Context Manager Objects" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "LeapFrog Connect Device Service" "Manages LeapFrog Connect devices." "LeapFrog Enterprises, Inc." "c:\program files (x86)\leapfrog\leapfrog connect\commandservice.exe"
+ "MDM" "Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\vs7debug\mdm.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "MSCamSvc" "MsCamSvc.exe" "Microsoft Corporation" "c:\program files\microsoft lifecam\mscams64.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "SeaPort" "Enables the detection, download and installation of up-to-date configuration files for Microsoft Search Enhancement applications. Also provides server communication for the customer experience improvement program. If this service is disabled, search enhancement features such as search history may not work correctly." "Microsoft Corporation" "c:\program files (x86)\microsoft\search enhancement pack\seaport\seaport.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe"
+ "stllssvr" "SureThing Labelflash Disc Printer Service Module" "MicroVision Development, Inc." "c:\program files (x86)\common files\surething shared\stllssvr.exe"
+ "TomTomHOMEService" "TomTom Home Service for ejecting devices" "TomTom" "c:\program files (x86)\tomtom home 2\tomtomhomeservice.exe"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "WMZuneComm" "Zune Connectivity for Windows Mobile devices" "Microsoft Corporation" "c:\program files\zune\wmzunecomm.exe"
+ "ZuneNetworkSvc" "Shares Zune media libraries to Zune devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\zune\zunenss.exe"
+ "ZuneWlanCfgSvc" "Configures Zune for wireless syncing" "Microsoft Corporation" "c:\program files\zune\zunewlancfgsvc.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "afcdp" "Acronis File Level CDP Helper" "Acronis" "c:\windows\system32\drivers\afcdp.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cbfs3" "Callback File System Driver" "EldoS Corporation" "c:\windows\system32\drivers\cbfs3.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "DgiVecp" "Windows 2k,XP IEEE-1284 parallel class driver for ECP, Byte, and Nibble modes" "Samsung Electronics Co., Ltd." "c:\windows\system32\drivers\dgivecp.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw18bda" "Cx418 Raptor Driver" "Hauppauge Computer Works, Inc" "c:\windows\system32\drivers\hcw18bda.sys"
+ "HCW85BDA" "CX23885 BDA driver" "Hauppauge Computer Works" "c:\windows\system32\drivers\hcw85bda.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PxHlpa64" "Px Engine Device Driver for 64-bit Windows" "Sonic Solutions" "c:\windows\system32\drivers\pxhlpa64.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RimUsb" "BlackBerry Device Driver" "Research In Motion Limited" "c:\windows\system32\drivers\rimusb_amd64.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver                " "Realtek                                            " "c:\windows\system32\drivers\rt64win7.sys"
+ "RTL8169" "Realtek 8101E/8168/8169 NDIS6 64-bit Driver                    " "Realtek Corporation                                            " "c:\windows\system32\drivers\rtlh64.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "snapman" "Acronis Snapshot API" "Acronis" "c:\windows\system32\drivers\snapman.sys"
+ "SSPORT" "Port Contention Driver" "Samsung Electronics" "c:\windows\system32\drivers\ssport.sys"
+ "stexstor" "Promise  SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "tdrpman273" "Acronis Try&Decide Volume Filter Driver" "Acronis" "c:\windows\system32\drivers\tdrpm273.sys"
+ "timounter" "Acronis Backup Archive Explorer" "Acronis" "c:\windows\system32\drivers\timntr.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.3IV2" "3ivx MPEG-4 5.0.3 Video for Windows Codec" "3ivx Technologies Pty. Ltd." "c:\windows\syswow64\3ivxvfwcodec.dll"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Deinterlace" "Deinterlace Filter" "DScaler Project, see  http://www.dscaler.org/" "c:\windows\syswow64\hcwdlace.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Audio Source" "Windows Media Preview Object" "Microsoft Corporation" "c:\program files\windows media components\encoder\wmprevu.dll"
+ "Hauppauge WinTV 418 Color Format Converter" "Hauppauge WinTV 418 Color Format Converter" "Hauppauge Computer Works, Inc." "c:\windows\system32\hcw18ccv.ax"
+ "MainConcept (MCE) MPEG Encoder" "MPEG Encoder and Muxer" "MainConcept AG" "c:\windows\system32\hauppauge\softmce\mceesmpeg.ax"
+ "Microsoft Zune H.264 Video Decoder" "Microsoft Zune H.264 Video Decoder" "Microsoft Corporation" "c:\program files\zune\zuneh264dec.dll"
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files\playready\prdmowrapper.dll"
+ "Record Queue" "WME Record Queue" "Microsoft Corporation" "c:\program files\windows media components\encoder\wmedque.dll"
+ "Video Source" "Windows Media Preview Object" "Microsoft Corporation" "c:\program files\windows media components\encoder\wmprevu.dll"
+ "WMEnc Screen Capture Filter" "ZuneSrcWrp Module" "Microsoft Corporation" "c:\program files\zune\zunesrcwrp.dll"
+ "WMEnc Screen Capture Filter" "WMESrcWp Module" "Microsoft Corporation" "c:\program files\windows media components\encoder\wmesrcwp.dll"
+ "Zune Enhanced Video Renderer" "Enhanced Video Renderer DLL" "Microsoft Corporation" "c:\program files\zune\zuneevr.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "3ivx Decoder Filter" "3ivx MPEG-4 5.0.3 DirectShow Video Decoder" "3ivx Technologies Pty. Ltd." "c:\program files (x86)\3ivx\3ivx mpeg-4 5.0.3\3ivxdsvideodecoder.ax"
+ "3ivx Media Muxer" "3ivx MPEG-4 5.0.3 DirectShow Media Muxer" "3ivx Technologies Pty. Ltd." "c:\program files (x86)\3ivx\3ivx mpeg-4 5.0.3\3ivxdsmediamux.ax"
+ "3ivx Media Splitter" "3ivx MPEG-4 5.0.3 DirectShow Media Splitter" "3ivx Technologies Pty. Ltd." "c:\program files (x86)\3ivx\3ivx mpeg-4 5.0.3\3ivxdsmediasplitter.ax"
+ "3ivx MPEG-4 Video Encoder" "3ivx MPEG-4 5.0.3 Video for Windows Codec" "3ivx Technologies Pty. Ltd." "c:\program files (x86)\3ivx\3ivx mpeg-4 5.0.3\3ivxdsvideoencoder.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudspa.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudwizard.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudiocd.ax"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clline21.ax"
+ "Cyberlink SubTitle Importor" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clsubtitle.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clauts.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvsd.ax"
+ "Deinterlace" "Deinterlace Filter" "DScaler Project, see  http://www.dscaler.org/" "c:\windows\syswow64\hcwdlace.ax"
+ "DivX Video Encoder (3ivx)" "3ivx MPEG-4 5.0.3 Video for Windows Codec" "3ivx Technologies Pty. Ltd." "c:\program files (x86)\3ivx\3ivx mpeg-4 5.0.3\3ivxdsvideoencoder.ax"
+ "Flip Video Decoder" "FlipDSVideoDecoder" "MyCompanyName" "c:\program files (x86)\flip video\flipshare\flipdsvideodecoder.ax"
+ "Flip Video Decoder Mpeg4" "FlipDSVideoDecoder" "MyCompanyName" "c:\program files (x86)\flip video\flipshare\flipdsmpeg4decoder.ax"
+ "Hauppauge Now/Next" "Hauppauge WinTV BDA Now Next" "Hauppauge Computer Works, Inc." "c:\windows\syswow64\hcwnownext.ax"
+ "Hauppauge PSI Parser" "Hauppauge WinTV MPEG PSI Parser" "Hauppauge Computer Works, Inc." "c:\windows\syswow64\hcwpsiparser.ax"
+ "Hauppauge Simulated Stereo" "Simulated Stereo Filter (Sample)" "Hauppuage Computer Works" "c:\windows\syswow64\hcwsstereo.ax"
+ "Hauppauge Subtitles" "Hauppuage DVB Subtitle Generator" "Hauppauge Computer Works" "c:\windows\syswow64\hcwdvbsubtitles.ax"
+ "Hauppauge WinTV File Reader" "Hauppauge WinTV File Reader" "Hauppauge Computer Works, Inc." "c:\windows\syswow64\hcwfread.ax"
+ "Hauppauge WinTV File Writer" "Hauppauge WinTV File Writer" "Hauppauge Computer Works, Inc." "c:\windows\syswow64\hcwfwrit.ax"
+ "Hauppauge WinTV MPEG Splitter" "Hauppauge WinTV MPEG Splitter Filter" "Hauppauge Computer Works, Inc." "c:\windows\syswow64\hcwsplit.ax"
+ "Hauppauge WinTV MPEG2 Muxer" "WinTV MPEG2 Muxer" "Hauppauge Computer Works Inc." "c:\windows\syswow64\hcwmux.ax"
+ "Hauppauge WinTV SnapShot" "hcwSnap" "Hauppauge Computer Works, Inc." "c:\windows\syswow64\hcwsnap.ax"
+ "InterVideo NonCSS Audio Decoder for Hauppauge" "IVIAUDIO" "InterVideo Inc." "c:\program files (x86)\common files\ivisdk\hauppauge\iviaudio_hauppauge.ax"
+ "InterVideo NonCSS Video Decoder for Hauppauge" "IVIVIDEO" " InterVideo Inc." "c:\program files (x86)\common files\ivisdk\hauppauge\ivivideo_hauppauge.ax"
+ "M4PSource Source Filter" "" "Proxure, Inc." "c:\program files (x86)\proxure\mce tunes pro\m4psource.ax"
+ "MainConcept (HCW) AC-3 Audio Decoder" "AC-3 Audio Decoder" "MainConcept AG" "c:\windows\syswow64\hauppauge\smd07\hcw_mcac3ad.ax"
+ "MainConcept (HCW) Layer II Audio Decoder" "Layer II Audio Decoder" "MainConcept AG" "c:\windows\syswow64\hauppauge\smd07\hcw_mcl2ad.ax"
+ "MainConcept (HCW) MPEG Multiplexer-Plus" "MPEG Multiplexer-Plus DS Filter" "MainConcept AG" "c:\windows\syswow64\hauppauge\smd07\hcw_mcmpeg2mux.ax"
+ "MainConcept (HCW) MPEG-2 Video Decoder" "MPEG-2 Video Decoder" "MainConcept AG" "c:\windows\syswow64\hauppauge\smd07\hcw_mcm2vd.ax"
+ "MediaWriter Filter" "NetWrite Filter" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\030625\mediawriter.ax"
+ "Minimal Null" "hcwNull" "Hauppauge Computer Works, Inc." "c:\windows\syswow64\hcwnull.ax"
+ "muvee HXImage Filter" "HXImage Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\030625\hximagefilter.ax"
+ "muvee Music Analyser" "Music Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\030625\mvmanalyse.ax"
+ "muvee Video Analyser" "Video Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\030625\mvvanalyse.ax"
+ "Nano-Audio" "Sample" "MyCompanyName" "c:\program files (x86)\nanopeg for wintv\nanopeg editor\nanoaudionull.ax"
+ "nanocosmos MPEG Splitter" "" "" "c:\program files (x86)\nanopeg for wintv\nanopeg editor\nmpgsplt.ax"
+ "nanocosmos MPEG-2 Video Decoder Filter 2" "MPEG-2 Decoder Filter " "" "c:\program files (x86)\nanopeg for wintv\nanopeg editor\nmpvdec2.ax"
+ "nanocosmos NullTransFilter" "" "" "c:\program files (x86)\nanopeg for wintv\nanopeg editor\nnulltrans.ax"
+ "ORBAN-CT AAC/aacPlus Stream Parser" "ORBAN / CT aacPlus Parser 1.0" "" "c:\program files (x86)\orban\aac-aacplus plugin\aacpparser.dll"
+ "PDFrameGrabFilter" "FrameGrabFilter" "" "c:\program files (x86)\flip video\flipshare\framegrabfilter.ax"
+ "PDT IPP AAC Encoder" "" "" "c:\program files (x86)\flip video\flipshare\ipp6_0_aacencoder.ax"
+ "PDT IPP H264 Encoder" "IPPH264Encoder" "" "c:\program files (x86)\flip video\flipshare\ipph264encoder.ax"
+ "PDT IPP MP4 Muxer" "IPPMP4Muxer" "" "c:\program files (x86)\flip video\flipshare\ippmp4muxer.ax"
+ "PDT IPP MP4 Splitter" "IPPMp4Splitter" "" "c:\program files (x86)\flip video\flipshare\ippmp4splitter.ax"
+ "PDT IPP MPEG Audio Decoder" "IPPMPEGAudioDecoder" "" "c:\program files (x86)\flip video\flipshare\ippmpegaudiodecoder.ax"
+ "PDT Resize and Letterbox Filter" "PurpleComposite" "" "c:\program files (x86)\flip video\flipshare\purplecomposite.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Samsung Video Encoder (3ivx)" "3ivx MPEG-4 5.0.3 Video for Windows Codec" "3ivx Technologies Pty. Ltd." "c:\program files (x86)\3ivx\3ivx mpeg-4 5.0.3\3ivxdsvideoencoder.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "PCL hpz3l5ha" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpz3l5ha.dll"
+ "PCL hpz3lw71" "LanguageMonitor" "Hewlett-Packard Corporation" "c:\windows\system32\hpz3lw71.dll"
+ "PDF reDirect Monitor" "" "" "c:\windows\system32\pdfredirectmon64.dll"
+ "sso1m Langmon" "Language Monitor for Status Monitor" "" "c:\windows\system32\sso1ml6.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "CbFs3" "Virtual Network Shares CallbackFS v3" "EldoS Corporation" "c:\windows\system32\cbfsnetrdr3.dll"



#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:07 AM

Posted 25 February 2013 - 03:25 PM

Run minitoolbox again and post the new log


Edited by narenxp, 11 March 2013 - 11:20 AM.


#10 bwww

bwww
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 25 February 2013 - 04:13 PM

Ran Hosts Fixit. Here is the new Minitoolbox log:

 

MiniToolBox by Farbar Version:10-01-2013
Ran by Renee (administrator) on 25-02-2013 at 22:06:35
Running from "C:\Users\Renee\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

# ::1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration

 

Windows IP Configuration

Host Name . . . . . . . . . . . . : Escoffier
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : homenet.telecomitalia.it

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : homenet.telecomitalia.it
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-21-70-6E-E4-29
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6542:7e37:e1b:d49f%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.244(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, February 25, 2013 10:04:21 PM
Lease Expires . . . . . . . . . . : Tuesday, February 26, 2013 4:04:21 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 251666800
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-E9-85-DF-00-21-70-6E-E4-29
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.homenet.telecomitalia.it:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : homenet.telecomitalia.it
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:ce4:16a8:3f57:fe0b(Preferred)
Link-local IPv6 Address . . . . . : fe80::ce4:16a8:3f57:fe0b%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: alicegate.homenet.telecomitalia.it
Address: 192.168.1.1

Name: google.com
Addresses: 2a00:1450:4002:801::1008
173.194.35.8
173.194.35.9
173.194.35.14
173.194.35.0
173.194.35.1
173.194.35.2
173.194.35.3
173.194.35.4
173.194.35.5
173.194.35.6
173.194.35.7


Pinging google.com [173.194.35.9] with 32 bytes of data:
Reply from 173.194.35.9: bytes=32 time=30ms TTL=55
Reply from 173.194.35.9: bytes=32 time=32ms TTL=55

Ping statistics for 173.194.35.9:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 32ms, Average = 31ms
Server: alicegate.homenet.telecomitalia.it
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
206.190.36.45


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=310ms TTL=51
Reply from 98.139.183.24: bytes=32 time=698ms TTL=51

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 310ms, Maximum = 698ms, Average = 504ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
9...00 21 70 6e e4 29 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.244 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.244 276
192.168.1.244 255.255.255.255 On-link 192.168.1.244 276
192.168.1.255 255.255.255.255 On-link 192.168.1.244 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.244 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.244 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 58 ::/0 On-link
1 306 ::1/128 On-link
10 58 2001::/32 On-link
10 306 2001:0:9d38:953c:ce4:16a8:3f57:fe0b/128
On-link
9 276 fe80::/64 On-link
10 306 fe80::/64 On-link
10 306 fe80::ce4:16a8:3f57:fe0b/128
On-link
9 276 fe80::6542:7e37:e1b:d49f/128
On-link
1 306 ff00::/8 On-link
10 306 ff00::/8 On-link
9 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/25/2013 10:04:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/25/2013 10:04:18 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147014847

Error: (02/25/2013 10:04:18 PM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Error: (02/25/2013 10:04:11 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/25/2013 10:04:11 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (02/25/2013 09:11:06 PM) (Source: Service Control Manager) (User: )
Description: The Freemake Improver service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (02/25/2013 10:04:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2013-01-28 02:25:14.049
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.

Date: 2013-01-28 02:25:13.846
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.

Date: 2013-01-28 02:25:13.628
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.

Date: 2013-01-28 02:25:01.569
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_cbaba9e478a137a8\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-01-28 02:25:01.366
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_cbaba9e478a137a8\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-01-28 02:25:01.163
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_cbaba9e478a137a8\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-01-28 02:24:54.502
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_90f9416caa7c6a08\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-01-28 02:24:54.284
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_90f9416caa7c6a08\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-01-28 02:24:54.096
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_90f9416caa7c6a08\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-01-28 02:24:23.692
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

3ivx MPEG-4 5.0.3 (remove only) (Version: 5.0.3)
64 Bit HP CIO Components Installer (Version: 6.2.1)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Acronis True Image Home 2011 (Version: 14.0.5519)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.149)
Adobe Flash Player 11 Plugin (Version: 11.5.502.149)
Adobe Reader 9.4.6 (Version: 9.4.6)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Bonjour Print Services (Version: 2.0.2.0)
Boxee Media Manager (Version: 1.0.71)
Browser Address Error Redirector
Browser Address Error Redirector (Version: 1.00.0000)
BufferChm (Version: 130.0.331.000)
CamStudio OSS Desktop Recorder (Version: 2.6 Beta r294)
Catalyst Control Center InstallProxy (Version: 2008.0728.2151.37274)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
ConvertHelper 2.2
Coupon Printer for Windows (Version: 4.0)
Coupon Printer for Windows (Version: 5.0.0.0)
CouponBar
D3DX10 (Version: 15.4.2368.0902)
Dell-eBay (Version: 1.00.0000)
Dell Best of Web (Version: 1.00.0000)
Dell Dock (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
DELL0604 (Version: 1.0.0)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
EDocs
ESET Online Scanner v3
Fax (Version: 130.0.418.000)
FlipShare (Version: 5.12.3.0)
Freemake Video Converter version 3.1.2 (Version: 3.1.2)
Google Chrome (Version: 25.0.1364.97)
Google SketchUp 8 (Version: 3.0.4811)
Google Talk Plugin (Version: 3.14.17.11865)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
Hauppauge TV Tuner Driver (Version: 2.0.25312)
HP Update (Version: 4.000.011.006)
iCloud (Version: 2.1.1.3)
iExplorer 3.2.0.4
insparia - Interior Inspirations
Internet TV for Windows Media Center (Version: 4.2.2.0)
InterVideo FilterSDK for Hauppauge
iTunes (Version: 11.0.1.12)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 6 Update 7 (Version: 1.6.0.70)
LeapFrog Connect (Version: 2.3.11.8936)
LeapFrog Leapster2 Plugin (Version: 2.3.11.8936)
magicJack (Version: 2.0.6073.4413)
Maintenance Samsung SCX-4600 Series
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
MCE Tunes Pro (Version: 2.5)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.0.0.0)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.22.270.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office FrontPage 2003 (Version: 11.0.8173.0)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote 2003 (Version: 11.0.8173.0)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Project Professional 2003 (Version: 11.0.8173.0)
Microsoft Office Visio Professional 2003 (Version: 11.0.8173.0)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 18.0.2 (x86 en-US) (Version: 18.0.2)
Mozilla Maintenance Service (Version: 17.0.3)
Mozilla Thunderbird 17.0.3 (x86 en-US) (Version: 17.0.3)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
muvee Plugin 1.0 (Version: 1.01.100)
nanoPEG-Editor 2.6.0 for WinTV (Version: 2.6.0)
Netflix in Windows Media Center (Version: 2.0.0.0)
Netflix in Windows Media Center (Version: 3.3.101.0)
Octoshape add-in for Adobe Flash Player
OLYMPUS Digital Camera Updater (Version: 1.0.1)
OLYMPUS Viewer 2 (Version: 1.1.1)
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
PDF reDirect (remove only) (Version: v2.2.8)
Picasa 3 (Version: 3.8)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PowerDVD (Version: 8.1)
QuickTime (Version: 7.73.80.64)
Readiris Pro 10
Realtek High Definition Audio Driver
Rosetta Stone Version 3 (Version: 3.4.5.0)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Seagate Manager Installer (Version: 2.01.0109)
Seagate Manager Installer (Version: 2.01.0600)
Skype Toolbars (Version: 1.0.4051)
Skype™ 5.10 (Version: 5.10.116)
SmarThru 4
Smilebox
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
swMSM (Version: 12.0.0.1)
TomTom HOME (Version: 2.9.2)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Unity Web Player (Version: )
UnloadSupport (Version: 11.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
VOB2MPG 2.5 (Version: 2.5.0)
WildTangent Games (Version: 1.0.0.62)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (Version: 09/09/2009 1.0.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Media Center Add-in for Flash (Version: 3.1.1.0)
Windows Media Encoder 9 Series x64 Edition
Windows Media Encoder 9 Series x64 Edition (Version: 10.0.0.3809)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Windows Phone Intro Video (ENU) (Version: 04.07.0975.00)
YNAB Pro version 2.8.2.1 (Version: 2.8.2.1)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 6143.18 MB
Available physical RAM: 4515.83 MB
Total Pagefile: 12284.55 MB
Available Pagefile: 10502.26 MB
Total Virtual: 4095.88 MB
Available Virtual: 3953.16 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:581.11 GB) (Free:384.27 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:8 GB) NTFS
9 Drive k: (TV) (Fixed) (Total:931.51 GB) (Free:304.11 GB) NTFS

========================= Users: ========================================

User accounts for \\ESCOFFIER

Administrator Guest Kiddies
Mcx5-ESCOFFIER Mcx6-ESCOFFIER Mcx7-ESCOFFIER
Mimi2010 Renee Sofia
Valerie


**** End of log ****



#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:07 AM

Posted 25 February 2013 - 04:21 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)



#12 bwww

bwww
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 25 February 2013 - 05:50 PM

Have completed all tasks. Looks like the popups are gone. You are fantastic! Thank you for the help.



#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:07 AM

Posted 25 February 2013 - 05:52 PM

welcome.gif 



#14 ciarlissimo

ciarlissimo

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 05 March 2013 - 12:04 AM

Hello,

first time poster on BC...

Seems this post may still be open (I hope) - I too have ad.xtendmedia.com. Am I correct in stating that each infection is different and is approached differently? I say this because I have read the solutions provided for others and tried starting them (in a limited / safe way). First issue - I downloaded and ran tdsskiller - it did produce a report but it only found 2 suspicious items and would not "cure" them (only skip option was available). Secondly - side issue, I looked through the download section for helpful programs mentioned in the solutions (such as AdwCleaner) but after downloading them I ran them through viruscan.jotti.org and virustotal.com and each of those sites reported 1 scanner (different scanner on each) which showed it as containing a virus. I know there can be false positives, how thourougly are these programs checked?

I think I'll start with this and wait for further instructions. A sincere, thank you ahead of time.

Carlo



#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:07 AM

Posted 05 March 2013 - 12:15 AM

ciarlissimo

Please create a new topic.I will help you with the logs.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users