Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ilivid browser hijack


  • Please log in to reply
5 replies to this topic

#1 melogs2

melogs2

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 08 October 2012 - 08:49 PM

hello, i am running windows 7. my firefox browser was hijacked by ilivid. when i would do a google search several windows would open directing me to download ilivid. i viewed a tutorial and checked firefox proxy settings to "do not use proxy." it was set to "use system proxy." disabled all unnecessary add ons and plugins on my browser and reopened firefox. the problem is gone now. i dont know if it is actually gone, but for the moment it is. they tutorial also instructed to remove registry items but did not want to get into that. internet explore did not exhibit the same problems btw.

i was also recently infected with a sweetim/deals virus that i deleted through the add/remove programs feature in windows. im sure my registry is pretty screwed up now because the browsers is running slow, slow to open, videos crash, etc. i was wondering if anyone could give me any advice as to how to repair this. thank you.

BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 AM

Posted 08 October 2012 - 08:51 PM

Update and do a quick scan with Malwarebytes remove all that it finds and reboot.
http://www.filehippo.com/download_malwarebytes_anti_malware/download/ecf14848530d11a2f09a94b92a69fcfa/

Post the log in your next reply


Update do a quick scan with Superantispyware remove all this finds reboot.
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
post the log in your next reply.

Run a scan with Eset.
http://www.eset.com/us/online-scanner/
When the scan finish list found threats save to clipboard copy to notepad Post the log here.




Please download FarbarServiceScanner and run it on the computer with the issue.
http://download.bleepingcomputer.com/farbar/FSS.exe


Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Please download MINITOOLBOX and run it.
http://download.bleepingcomputer.com/farbar/MiniToolBox.exe

Checkmark following boxes:


Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.



Download Adware Cleaner run it as admin Click the delete button allow it to run and post the log it creates.

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Download Norman Malware Cleaner Run it Go to options then put a tick next to Enable rootkit cleaning. Hit the Full Scan>>>>>>>>Let it finish>>>>>>>>Go to the quarantine Tab>>>>>>> Tick the Select All>>>>>Then the Delete>>>>>>Quit
http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe
A log will appear on your desktop post that here in your next reply.


REBoot after Norman.

#3 melogs2

melogs2
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 10 October 2012 - 04:26 PM

sorry it took so long, here are the logs....


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/10/2012 at 01:21 AM

Application Version : 5.6.1010

Core Rules Database Version : 9373
Trace Rules Database Version: 7185

Scan type : Quick Scan
Total Scan Time : 00:10:49

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 567
Memory threats detected : 0
Registry items scanned : 60377
Registry threats detected : 1
File items scanned : 11418
File threats detected : 112

Adware.Tracking Cookie
C:\Users\Meryl\AppData\Roaming\Microsoft\Windows\Cookies\O8KJZJ84.txt [ /doubleclick.net ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\H2YO42MB.txt [ Cookie:meryl@apmebf.com/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9TRAONT2.txt [ Cookie:meryl@tribalfusion.com/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\NTIADVA7.txt [ Cookie:meryl@dmtracker.com/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\UE99NQTX.txt [ Cookie:meryl@invitemedia.com/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\NM9LC5HT.txt [ Cookie:meryl@legolas-media.com/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\GW1WVT94.txt [ Cookie:meryl@h.atdmt.com/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\NP225H0U.txt [ Cookie:meryl@amazon-adsystem.com/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\LNR9TQ28.txt [ Cookie:meryl@revsci.net/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\U12VTSSU.txt [ Cookie:meryl@atdmt.com/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\CVZQXJY6.txt [ Cookie:meryl@collective-media.net/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\WF0KMDMO.txt [ Cookie:meryl@doubleclick.net/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\SQFLSZKL.txt [ Cookie:meryl@c.atdmt.com/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\H1C56E2I.txt [ Cookie:meryl@imrworldwide.com/cgi-bin ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\UW5R7R0M.txt [ Cookie:meryl@a.intentmedia.net/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\X77V7HAP.txt [ Cookie:meryl@ad.yieldmanager.com/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\BWUK1NDH.txt [ Cookie:meryl@mediaplex.com/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\R86ULHRZ.txt [ Cookie:meryl@at.atwola.com/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9AER3TQ7.txt [ Cookie:meryl@questionmarket.com/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\BOP1HW85.txt [ Cookie:meryl@ru4.com/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\FMWQU89A.txt [ Cookie:meryl@pointroll.com/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\JHB0ZRHZ.txt [ Cookie:meryl@interclick.com/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\HI62SI52.txt [ Cookie:meryl@ads.pointroll.com/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\293E59G3.txt [ Cookie:meryl@advertising.com/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\64VUXH28.txt [ Cookie:meryl@realmedia.com/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZJI72408.txt [ Cookie:meryl@msnportal.112.2o7.net/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\USHNK942.txt [ Cookie:meryl@adserver.adtechus.com/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\79FFXXA9.txt [ Cookie:meryl@bizrate.com/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\UFJ24JLF.txt [ Cookie:meryl@bs.serving-sys.com/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\NY152Z8C.txt [ Cookie:meryl@lucidmedia.com/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\41FWP6VF.txt [ Cookie:meryl@www.googleadservices.com/pagead/conversion/1072605278/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\S73M2MTF.txt [ Cookie:meryl@serv1.sweetpacks.com/adServe ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\JTRX54TU.txt [ Cookie:meryl@nationalparksservice.112.2o7.net/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\7XELR2TA.txt [ Cookie:meryl@www.burstnet.com/ ]
C:\USERS\MERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\W2UGUYP3.txt [ Cookie:meryl@serv1.sweetpacks.com/adServe/banners ]
C:\USERS\MERYL\Cookies\O8KJZJ84.txt [ Cookie:meryl@doubleclick.net/ ]
ad.yieldmanager.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
insight.torbit.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.ad.mlnadvertising.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.t.pointroll.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
server.iad.liveperson.net [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.googleads.g.doubleclick.net [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]
.eset.122.2o7.net [ C:\USERS\MERYL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XM4LTJLZ.DEFAULT\COOKIES.SQLITE ]

Adware.HBHelper
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}



____________________________________________________________________________________________________________________________________
====================================================================================================================================
====================================================================================================================================



Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.09.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Meryl :: MERYL-PC [administrator]

Protection: Enabled

10/10/2012 1:32:47 AM
mbam-log-2012-10-10 (01-32-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200381
Time elapsed: 5 minute(s), 28 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe (PUP.MyWebSearch) -> 4512 -> Delete on reboot.

Memory Modules Detected: 1
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrstub.dll (PUP.MyWebSearch) -> Delete on reboot.

Registry Keys Detected: 116
HKLM\SYSTEM\CurrentControlSet\Services\CouponAlert_2pService (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{23b38049-323f-443d-9732-f454e5b15b72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{d7ce22af-ccb3-423f-84d5-4d77152181f3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23B38049-323F-443D-9732-F454E5B15B72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponAlert_2pbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{60e91567-ef8a-4520-bce2-83aba5256799} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{1f0a2185-da7e-4614-91c0-dd5f4a76cb1b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{16fe2505-f2a0-4782-b035-af0e5188c02c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{79583de9-d0c2-44ef-ae0d-cbfa16c2a785} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3462c343-be19-4143-af70-cefb56f46fc6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{7717f4b3-397f-4ce5-9192-6effde3ac999} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{4d8eacbc-e293-4462-b91e-42ea5b54b743} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.Radio.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.Radio (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3276e8a8-a233-449b-a7eb-fcee21246018} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{cf9d6d4e-5496-438e-ba24-5a580a59f5a3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.PseudoTransparentPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.SkinLauncher (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.SkinLauncher.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.SkinLauncherSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.SkinLauncherSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\CouponAlert_2p (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MozillaPlugins\@CouponAlert_2p.com/Plugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{411b1946-3277-4a7f-9f60-745266360613} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{ebaf2b4f-510a-47c7-86ba-e7d94d1162f6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{84576f6e-0660-4b4f-8918-bc6c975044d4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{60fc9013-4a5a-4306-9695-fce0a6617f22} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{86d02bcf-0e0e-444f-8a8d-2d5c4a9e6578} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{2d205adf-c992-4eda-99c3-096e13f38ab4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{20bcce5a-c687-46ff-8dd2-ad8235f5f2b4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{457a4cb8-0391-409d-98b4-c4ccb2849670} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{7924fd2b-877c-4395-a063-a88ab887ea6d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{def07acd-bcea-4269-933a-4087d20842bb} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{c2df3856-676c-41dc-a73b-facbdf8e81e9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8542e415-0e53-4261-8be4-0d1598229d90} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ebbc4e43-292a-40df-88e3-3262b7521460} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{13119113-0854-469d-807A-171568457991} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{8867ac9b-4426-44a2-a693-c95850d3405c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{53ca18e7-5223-4358-9fd9-97c62c66c5bd} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{23b0ae65-17d2-4491-98e5-b1aa6228dda2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{0bdf6c42-132c-45f5-92de-dc13f40c6dab} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{a4116f8c-a634-4536-b9ef-6b9ebcc5bae1} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{65D8E17B-312E-4E12-913B-A841A8631143} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 7
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CouponAlert_2p Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Coupon Alert Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~2\COUPON~2\bar\1.bin\2psrchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3462c343-be19-4143-af70-cefb56f46fc6} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|2pffxtbr@CouponAlert_2p.com (PUP.MyWebSearch) -> Data: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 9
C:\Program Files (x86)\CouponAlert_2p (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\CouponAlert_2p\bar (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\ThirdPartyInstallers (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\gen1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\IE9Mesg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\Message (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\Settings (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Files Detected: 53
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pskin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pradio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Meryl\Local Settings\Temporary Internet Files\Content.IE5\0I2HH804\mplayerc.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Meryl\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Meryl\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pauxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdatact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pfeedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phighin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phkstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phtmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phttpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pidle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pimpipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmedint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmsg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pPlugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pregfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2preghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pregiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pscript.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2psknlcr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pskplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2ptpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2puabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\BOOTSTRAP.JS (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\CREXT.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\CrExtP2p.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\installKeys.js (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\LOGO.BMP (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\T8EXTEX.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\T8EXTPEX.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\T8HTML.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\T8TICKER.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\chrome\2pffxtbr.jar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\gen1\COMMON.T8S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\IE9Mesg\COMMON.T8S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\Message\COMMON.T8S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.



=========================================================================================================================
=========================================================================================================================


ESET log


C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdatact.dll a variant of Win32/Toolbar.MyWebSearch.A application
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phtmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P application
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pPlugin.dll probably a variant of Win32/Toolbar.MyWebSearch application
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pskin.dll a variant of Win32/Toolbar.MyWebSearch.P application
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\T8HTML.DLL probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\Users\Meryl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0I2HH804\mplayerc.exe a variant of Win32/Adware.iBryte.C application
Operating memory probably a variant of Win32/Toolbar.MyWebSearch.P application





==================================================================================================================
==================================================================================================================




Farbar Service Scanner Version: 07-10-2012
Ran by Meryl (administrator) on 10-10-2012 at 14:51:28
Running from "C:\Users\Meryl\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




========================================================================================
========================================================================================




MiniToolBox by Farbar Version: 23-07-2012
Ran by Meryl (administrator) on 10-10-2012 at 14:53:14
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================



========================= IP Configuration: ================================

Broadcom 802.11n Network Adapter = Wireless Network Connection (Connected)
Broadcom NetLink ™ Ethernet = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="Wireless Network Connection 2" address=192.168.137.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Meryl-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : EC-55-F9-AF-7D-75
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
Physical Address. . . . . . . . . : EC-55-F9-AF-7D-75
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::78ae:4495:5413:828%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.28(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, October 10, 2012 3:04:48 AM
Lease Expires . . . . . . . . . . : Thursday, October 11, 2012 2:48:11 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 311427150
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-6E-35-4B-B8-70-F4-84-70-25
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Ethernet
Physical Address. . . . . . . . . : B8-70-F4-84-70-25
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{6A7032C9-DD50-493D-BE07-1B0A1A4AEC95}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{78BD115F-1490-42F7-BFF2-7257814DE8B7}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{5B06BF4C-FFD7-4511-9771-B9D290391CC5}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1c02:f07:bf7d:4c2e(Preferred)
Link-local IPv6 Address . . . . . : fe80::1c02:f07:bf7d:4c2e%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: 192-168-1-1.internal.bginc
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4009:802::1004
74.125.225.104
74.125.225.103
74.125.225.102
74.125.225.101
74.125.225.100
74.125.225.99
74.125.225.98
74.125.225.97
74.125.225.96
74.125.225.110
74.125.225.105


Pinging google.com [74.125.225.105] with 32 bytes of data:
Reply from 74.125.225.105: bytes=32 time=22ms TTL=55
Reply from 74.125.225.105: bytes=32 time=15ms TTL=55

Ping statistics for 74.125.225.105:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 22ms, Average = 18ms
Server: 192-168-1-1.internal.bginc
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
98.138.253.109
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=813ms TTL=52
Reply from 72.30.38.140: bytes=32 time=1247ms TTL=52

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 813ms, Maximum = 1247ms, Average = 1030ms
Server: 192-168-1-1.internal.bginc
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...ec 55 f9 af 7d 75 ......Microsoft Virtual WiFi Miniport Adapter
12...ec 55 f9 af 7d 75 ......Broadcom 802.11n Network Adapter
11...b8 70 f4 84 70 25 ......Broadcom NetLink ™ Ethernet
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.28 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.28 286
192.168.1.28 255.255.255.255 On-link 192.168.1.28 286
192.168.1.255 255.255.255.255 On-link 192.168.1.28 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.28 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.28 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:1c02:f07:bf7d:4c2e/128
On-link
12 286 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::1c02:f07:bf7d:4c2e/128
On-link
12 286 fe80::78ae:4495:5413:828/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
12 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/10/2012 01:30:56 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/10/2012 01:24:01 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/09/2012 06:19:54 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/09/2012 01:51:44 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/09/2012 01:51:44 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/09/2012 01:51:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/09/2012 01:51:22 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/09/2012 08:33:56 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/08/2012 11:20:23 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/08/2012 11:20:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (10/10/2012 02:48:11 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (10/10/2012 01:54:09 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (10/10/2012 03:04:49 AM) (Source: NetBT) (User: )
Description: The name "MERYL-PC :20" could not be registered on the interface with IP address 192.168.1.28.
The computer with the IP address 192.168.1.27 did not allow the name to be claimed by
this computer.

Error: (10/10/2012 03:04:49 AM) (Source: NetBT) (User: )
Description: The name "MERYL-PC :0" could not be registered on the interface with IP address 192.168.1.28.
The computer with the IP address 192.168.1.27 did not allow the name to be claimed by
this computer.

Error: (10/10/2012 03:04:49 AM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{78BD115F-1490-42F7-BFF2-7257814DE8B7} because another computer on the network has the same name. The server could not start.

Error: (10/10/2012 00:23:35 AM) (Source: NetBT) (User: )
Description: The name "MERYL-PC :0" could not be registered on the interface with IP address 192.168.1.26.
The computer with the IP address 192.168.1.25 did not allow the name to be claimed by
this computer.

Error: (10/10/2012 00:23:35 AM) (Source: NetBT) (User: )
Description: The name "MERYL-PC :20" could not be registered on the interface with IP address 192.168.1.26.
The computer with the IP address 192.168.1.25 did not allow the name to be claimed by
this computer.

Error: (10/10/2012 00:23:35 AM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{78BD115F-1490-42F7-BFF2-7257814DE8B7} because another computer on the network has the same name. The server could not start.

Error: (10/09/2012 09:25:39 PM) (Source: NetBT) (User: )
Description: The name "MERYL-PC :20" could not be registered on the interface with IP address 192.168.1.25.
The computer with the IP address 192.168.1.24 did not allow the name to be claimed by
this computer.

Error: (10/09/2012 09:25:39 PM) (Source: NetBT) (User: )
Description: The name "MERYL-PC :0" could not be registered on the interface with IP address 192.168.1.25.
The computer with the IP address 192.168.1.24 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================
Error: (10/10/2012 01:30:56 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/10/2012 01:24:01 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (10/09/2012 06:19:54 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Meryl\Downloads\esetsmartinstaller_enu.exe

Error: (10/09/2012 01:51:44 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Meryl\downloads\esetsmartinstaller_enu.exe

Error: (10/09/2012 01:51:44 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Meryl\downloads\esetsmartinstaller_enu.exe

Error: (10/09/2012 01:51:42 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Meryl\downloads\esetsmartinstaller_enu.exe

Error: (10/09/2012 01:51:22 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Meryl\downloads\esetsmartinstaller_enu.exe

Error: (10/09/2012 08:33:56 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (10/08/2012 11:20:23 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Meryl\Downloads\esetsmartinstaller_enu.exe

Error: (10/08/2012 11:20:17 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Meryl\Downloads\esetsmartinstaller_enu.exe


=========================== Installed Programs ============================

µTorrent (Version: 3.0.0)
Acer Backup Manager (Version: 3.0.0.85)
Acer Crystal Eye Webcam (Version: 1.0.1523)
Acer ePower Management (Version: 6.00.3006)
Acer eRecovery Management (Version: 5.00.3002)
Acer Games (Version: 1.0.2.4)
Acer Registration (Version: 1.03.3004)
Acer ScreenSaver (Version: 1.1.0301.2011)
Acer Updater (Version: 1.02.3005)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader 9.5.2 MUI (Version: 9.5.2)
Agatha Christie - 4:50 from Paddington (Version: 2.2.0.95)
Backup Manager V3 (Version: 3.0.0.85)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Broadcom Gigabit NetLink Controller (Version: 14.6.1.2)
Build-a-lot 2 (Version: 2.2.0.95)
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon MP250 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Chuzzle Deluxe (Version: 2.2.0.95)
clear.fi (Version: 1.0.1422.00)
clear.fi (Version: 9.0.7418)
clear.fi Client (Version: 1.00.3008)
Coupon Printer for Windows (Version: 5.0.0.1)
CouponBar (Version: 5.0.0.5)
D3DX10 (Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's World Adventure (Version: 2.2.0.95)
eBay Worldwide (Version: 2.1.0901)
FATE - The Traitor Soul (Version: 2.2.0.95)
Final Drive: Nitro (Version: 2.2.0.95)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Google Chrome (Version: 22.0.1229.92)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
Identity Card (Version: 1.00.3006)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2182)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.6.2.1001)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Jewel Quest Heritage (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
Launch Manager (Version: 5.1.5)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
McAfee SiteAdvisor (Version: 3.4.0.143)
McAfee SiteAdvisor (Version: 3.5.229)
Media Player Classic - Home Cinema 1.6.1.4235 (Version: 1.6.1.4235)
MediaEspresso (Version: 1.0.1418_35759)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.5131.5000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Mystery P.I. - Stolen in San Francisco (Version: 2.2.0.95)
MyWinLocker (Version: 4.0.14.11)
MyWinLocker 4 (Version: 4.0.14.11)
MyWinLocker Suite (Version: 4.0.14.11)
Namco All-Stars: PAC-MAN (Version: 2.2.0.95)
newsXpresso (Version: 1.0.0.40)
NOOK for PC (Version: 2.5.1.237)
Norton Online Backup (Version: 2.1.17869)
NTI Media Maker 9 (Version: 9.0.2.8942)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Realtek High Definition Audio Driver (Version: 6.0.1.6314)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30124)
Shredder (Version: 2.0.8.7)
SUPERAntiSpyware (Version: 5.6.1010)
Synaptics Pointing Device Driver (Version: 15.1.18.0)
Times Reader (Version: 2.055)
Torchlight (Version: 2.2.0.95)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Welcome Center (Version: 1.02.3102)
WildTangent Games App (Acer Games) (Version: 4.0.5.25)
Windows Live (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Zuma's Revenge (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 1782.7 MB
Available physical RAM: 759.09 MB
Total Pagefile: 3565.41 MB
Available Pagefile: 1809.09 MB
Total Virtual: 4095.88 MB
Available Virtual: 3965.54 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:281.99 GB) (Free:202.99 GB) NTFS

========================= Users: ========================================

User accounts for \\MERYL-PC

Administrator Guest Meryl


**** End of log ****







===============================================================================================================
===============================================================================================================







# AdwCleaner v2.004 - Logfile created 10/10/2012 at 14:56:36
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Meryl - MERYL-PC
# Boot Mode : Normal
# Running from : C:\Users\Meryl\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : CouponAlert_2pService

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Meryl\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\CouponAlert_2p
Folder Deleted : C:\Users\Meryl\AppData\Local\CouponAlert_2p
Folder Deleted : C:\Users\Meryl\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\Meryl\AppData\LocalLow\CouponAlert_2p
Folder Deleted : C:\Users\Meryl\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\CouponAlert_2p
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\iWon
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7E7FB02-C4FD-446E-8F5B-463A049935BF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011461137}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011461137}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011461137}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Meryl\AppData\Roaming\Mozilla\Firefox\Profiles\xm4ltjlz.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Meryl\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.41] : icon_url = "hxxps://isearch.avg.com/favicon.ico",
Deleted [l.44] : keyword = "isearch.avg.com",
Deleted [l.47] : search_url = "hxxps://isearch.avg.com/search?cid={07E47A95-4BE8-4433-8530-43255F6DA74E}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}",

*************************

AdwCleaner[S2].txt - [18839 octets] - [10/10/2012 14:56:36]

########## EOF - C:\AdwCleaner[S2].txt - [18900 octets] ##########







==============================================================================================================
==============================================================================================================





Norman Malware Cleaner v2.05.06
Copyright © 1990 - 2012, Norman ASA.

Norman Scanner Engine Version: 6.08.06
nvcbin.def: Version: 6.08.00, Date: 2012/10/09 10:01:34, Variants: 18865362
nvcmacro.def: Version: 6.08.00, Date: 2011/12/19 04:20:35, Variants: 20465

Operating System: Windows 7 Service Pack 1 x64

Switches: /iagree /cleanrootkit /nosb

Scan started: 2012/10/10 15:03:41

Running pre-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s

Scanning running processes and process memory...

Number of objects found: 958
Number of objects scanned: 958
Number of objects not scanned: 0
Number of malicious memory objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 1m 14s

Scanning system for FakeAV...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Running full scan...
C:\ProgramData\Microsoft\Application Virtualization Client\SoftGrid Client\sftfs.fsd: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Application Virtualization Client\SoftGrid Client\sftfs.fsG: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Microsoft Antimalware\IMpServiceEDB4FA23-53B8-4AFA-8C5D-99752CCA7094.lock: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-1.bin: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-D4AAA3E8B66D4E6634C2C58BB39FB3BD9B9A1370.bin.7E: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-D4AAA3E8B66D4E6634C2C58BB39FB3BD9B9A1370.bin.67: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-D4AAA3E8B66D4E6634C2C58BB39FB3BD9B9A1370.bin.80: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-D4AAA3E8B66D4E6634C2C58BB39FB3BD9B9A1370.bin.87: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-D4AAA3E8B66D4E6634C2C58BB39FB3BD9B9A1370.bin.VE0: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-D4AAA3E8B66D4E6634C2C58BB39FB3BD9B9A1370.bin.A0: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-D4AAA3E8B66D4E6634C2C58BB39FB3BD9B9A1370.bin.VE1: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-D4AAA3E8B66D4E6634C2C58BB39FB3BD9B9A1370.bin.VF: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-D4AAA3E8B66D4E6634C2C58BB39FB3BD9B9A1370.bin.VE2: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Error opening file for read: 0x00000020
C:\System Volume Information\Syscache.hve: Error opening file for read: 0x00000020
C:\System Volume Information\Syscache.hve.LOG1: Error opening file for read: 0x00000020
C:\System Volume Information\Syscache.hve.LOG2: Error opening file for read: 0x00000020
C:\Users\Meryl\AppData\Local\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020
C:\Users\Meryl\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1: Error opening file for read: 0x00000020
C:\Users\Meryl\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2: Error opening file for read: 0x00000020
C:\Users\Meryl\AppData\Roaming\Mozilla\Firefox\Profiles\xm4ltjlz.default\parent.lock: Error opening file for read: 0x00000020
C:\Users\Meryl\NTUSER.DAT: Error opening file for read: 0x00000020
C:\Users\Meryl\ntuser.dat.LOG1: Error opening file for read: 0x00000020
C:\Users\Meryl\ntuser.dat.LOG2: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\5a99edbb88edc297c9303d6b335115cd\95c416d640595c7ca613d4a697a5d599\grouping\db.mdb: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\5a99edbb88edc297c9303d6b335115cd\95c416d640595c7ca613d4a697a5d599\grouping\tmp.edb: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\5a99edbb88edc297c9303d6b335115cd\95c416d640595c7ca613d4a697a5d599\grouping\edb.log: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\edb.log: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb: Error opening file for read: 0x00000020
C:\Windows\System32\config\DEFAULT: Error opening file for read: 0x00000020
C:\Windows\System32\config\DEFAULT.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\DEFAULT.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\DEFAULT: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SAM: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SECURITY: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SOFTWARE: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SYSTEM: Error opening file for read: 0x00000020
C:\Windows\System32\config\SAM: Error opening file for read: 0x00000020
C:\Windows\System32\config\SAM.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SAM.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\SECURITY: Error opening file for read: 0x00000020
C:\Windows\System32\config\SECURITY.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SECURITY.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\SOFTWARE: Error opening file for read: 0x00000020
C:\Windows\System32\config\SOFTWARE.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SOFTWARE.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\SYSTEM: Error opening file for read: 0x00000020
C:\Windows\System32\config\SYSTEM.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SYSTEM.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl: Error opening file for read: 0x00000020
C:\Windows\SysWOW64\log.txt: Error opening file for read: 0x00000020

Number of files found: 143078
Number of archives unpacked: 5187
Number of objects found: 422218
Number of objects scanned: 422151

#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 AM

Posted 10 October 2012 - 04:35 PM

Open an elevated command prompt then copy and paste the following one at a time hitting enter after each.

cd C:\windows\system32\drivers\etc

takeown /a /f hosts

cacls hosts /p everyone:f

Reply Y Then copy and paste the text below hitting enter after.

attrib -s -h -r hosts

Close the command prompt window.


Go here and run the fix it for the hosts file,as admin.
http://support.microsoft.com/kb/972034

After the fix it runs then reboot,the hosts file should be restored to original

Download tdss killer

http://support.kaspersky.com/downloads/utils/tdsskiller.exe



Right Click it Run as Admin . Click on Change parameters Select TDLFS file system

Hit the Scan button Post the LOG In your next reply

Do not change the default options on scan results



Run the program below as admin hit the scan button allow it to finish then hit the delete button.

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Download Rkill run it post the log.
http://www.bleepingcomputer.com/download/rkill/

Download the junkware removal tool save it to your desktop run it in safe mode post the log.
http://thisisudax.org/downloads/JRT.exe


Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe After the scan is finished then click on File>>>>>>>>>>>Save The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option. in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.

http://download.sysinternals.com/files/Autoruns.zip

#5 melogs2

melogs2
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 10 October 2012 - 11:24 PM

couldnt find a log for tdsskiller, but it found 0 threats. tried to copy and past the report but it would not let me. by the way, thank you for all your help you are very kind. here are the rest:



Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/10/2012 10:30:07 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 10/10/2012 10:30:18 PM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)




=========================================================================
=========================================================================


Junkware Removal Tool (JRT) by Thisisu
Version: 1.4.1 (10.10.2012)
OS: Windows 7 Home Premium x64
Ran by Meryl on Wed 10/10/2012 at 22:36:10.97
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] "hkey_current_user\software\sweetim"



*** Files:

Successfully deleted: [FILE] C:\Program Files (x86)\coupons\Coupons.ico
Successfully deleted: [FILE] C:\Program Files (x86)\coupons\CouponsDotCom.url
Successfully deleted: [FILE] C:\Program Files (x86)\coupons\uninstall.exe



*** Folders:

Successfully deleted: [FOLDER] "C:\Program Files (x86)\coupons"



*** FireFox detected and repaired

Removed the following from [PREFS.JS] :

user_pref("extensions.crossrider.bic", "13a19f119e85aa316a12056c70cd8f54");


*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Wed 10/10/2012 at 23:00:23.98
End of Report



=================================================================
=================================================================



"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "CanonMyPrinter" "Canon My Printer" "CANON INC." "c:\program files\canon\myprinter\bjmyprt.exe"
+ "CanonSolutionMenu" "CNSLMAIN" "CANON INC." "c:\program files (x86)\canon\solutionmenu\cnslmain.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "Power Management" "ePowerTray" "Acer Incorporated" "c:\program files\acer\acer epower management\epowertray.exe"
+ "RtHDVCpl" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravcpl64.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe"
+ "ArcadeMovieService" "clear.fi Movie Resident Program" "CyberLink Corp." "c:\program files (x86)\acer\clear.fi\movie\clear.fimovieservice.exe"
+ "BackupManagerTray" "Acer Backup Manager" "NTI Corporation" "c:\program files (x86)\nti\acer backup manager\backupmanagertray.exe"
+ "EgisTecPMMUpdate" "PMM Update Application" "Egis Technology Inc." "c:\program files (x86)\egistec ips\pmmupdate.exe"
+ "EgisUpdate" "EgisUpdate Release Application" "Egis Technology Inc." "c:\program files (x86)\egistec ips\egisupdate.exe"
+ "IAStorIcon" "IAStorIcon" "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe"
+ "LManager" "Launch Manager" "Dritek System Inc." "c:\program files (x86)\launch manager\lmanager.exe"
+ "Norton Online Backup" "Norton Online Backup Service" "Symantec Corporation" "c:\program files (x86)\symantec\norton online backup\nobuclient.exe"
+ "ROC_ROC_NT" "" "" "File not found: C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe"
+ "SuiteTray" "SuiteTray" "Egis Technology Inc." "c:\program files (x86)\egistec mywinlockersuite\x86\suitetray.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "SUPERAntiSpyware" "SUPERAntiSpyware Application" "SUPERAntiSpyware.com" "c:\program files\superantispyware\superantispyware.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "dssrequest" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\x64\mcieplg.dll"
+ "sacore" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\x64\mcieplg.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "MWLIVShellExt" "Shell Dynamic Link Library" "Egis Technology Inc. " "c:\program files (x86)\egistec mywinlocker\x64\mwlivshellext.dll"
+ "ShredderContextMenu" "ShredderContextMenu" "Egis Technology Inc." "c:\program files (x86)\egistec shredder\x64\shreddercontextmenu.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MWLIVShellExt" "Shell Dynamic Link Library" "Egis Technology Inc. " "c:\program files (x86)\egistec mywinlocker\mwlivshellext.dll"
+ "ShredderContextMenu" "ShredderContextMenu" "Egis Technology Inc." "c:\program files (x86)\egistec shredder\x86\shreddercontextmenu.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "McAfee SiteAdvisor BHO" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\x64\mcieplg.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Canon Easy-WebPrint EX BHO" "Easy-WebPrint EX" "CANON INC." "c:\program files (x86)\canon\easy-webprint ex\ewpexbho.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "McAfee SiteAdvisor BHO" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\mcieplg.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" ""
+ "McAfee SiteAdvisor Toolbar" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\x64\mcieplg.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "McAfee SiteAdvisor" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\x64\mcieplg.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Canon Easy-WebPrint EX" "Easy-WebPrint EX" "CANON INC." "c:\program files (x86)\canon\easy-webprint ex\ewpexhlp.dll"
+ "Coupons.com CouponBar" "Internet Explorer Toolbar Engine" "" "c:\program files (x86)\coupons.com couponbar\tbcore3.dll"
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "McAfee SiteAdvisor" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\mcieplg.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
"Task Scheduler" "" "" ""
+ "\clear.fi" "clear.fi" "Acer Incorporated" "c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe"
+ "\clear.fiAgent" "clear.fi Resident Program" "CyberLink Corp." "c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe"
+ "\DMREngine" "DMREngine" "CyberLink" "c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Microsoft Antimalware\MpIdleTask" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore64.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "cvhsvc" "Client Virtualization Handler Service (unlocalized description)" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe"
+ "DsiWMIService" "Dritek WMI Service" "Dritek System Inc." "c:\program files (x86)\launch manager\dsiwmis.exe"
+ "EgisTec Ticket Service" "Egis Ticket Service" "Egis Technology Inc. " "c:\program files (x86)\common files\egistec\services\egisticketservice.exe"
+ "ePowerSvc" "Acer ePower Service" "Acer Incorporated" "c:\program files\acer\acer epower management\epowersvc.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Acresso Software Inc." "c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "GamesAppService" "WT Games App Services" "WildTangent, Inc." "c:\program files (x86)\wildtangent games\app\gamesappservice.exe"
+ "GREGService" "Global Registration Service" "Acer Incorporated" "c:\program files (x86)\acer\registration\gregsvc.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe"
+ "IJPLMSVC" "Collects log data from the IJ printer and manages data transmission." "" "c:\program files (x86)\canon\ijplm\ijplmsvc.exe"
+ "Live Updater Service" "Updater Service" "Acer Incorporated" "c:\program files\acer\acer updater\updaterservice.exe"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "McAfee SiteAdvisor Service" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\mcsacore.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "NOBU" "Norton Online Backup Service" "Symantec Corporation" "c:\program files (x86)\symantec\norton online backup\nobuagent.exe"
+ "NTI IScheduleSvc" "NTI IShadow Manage backup/Sync jobs and etc..." "NTI Corporation" "c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "sftlist" "Streams and manages applications." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftlist.exe"
+ "sftvsa" "Monitors global service events and launches virtual services." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftvsa.exe"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl664.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HECIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "Impcd" "Intel® Turbo Boost Technology Driver" "Intel Corporation" "c:\windows\system32\drivers\impcd.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "k57nd60a" "Broadcom NetLink ™ Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\k57nd60a.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "mwlPSDFilter" "mwlPSDFilter Filter Driver" "Egis Technology Inc." "c:\windows\system32\drivers\mwlpsdfilter.sys"
+ "mwlPSDNServ" "mwlPSDNServ Driver" "Egis Technology Inc." "c:\windows\system32\drivers\mwlpsdnserv.sys"
+ "mwlPSDVDisk" "mwlPSDVdisk Driver" "Egis Technology Inc." "c:\windows\system32\drivers\mwlpsdvdisk.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "NTIDrvr" "NTI CD-ROM Filter Driver" "NTI Corporation" "c:\windows\system32\drivers\ntidrvr.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSUSBSTOR" "Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsustor.sys"
+ "SASDIFSV" "SASDIFSV64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv64.sys"
+ "SASKUTIL" "SASKUTIL64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil64.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "UBHelper" "NTI CD-ROM Filter Driver" "NTI Corporation" "c:\windows\system32\drivers\ubhelper.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codecp.acm"
+ "msacm.l3codecp" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codecp.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "CyberLink Audio Decoder (PCMMovie)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\acer\clear.fi\movie\audiofilter\claud.ax"
+ "CyberLink Audio Effect (PCMMovie)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files (x86)\acer\clear.fi\movie\audiofilter\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer (PCMMovie)" "CLAudSpa.ax" "CyberLink Corp." "c:\program files (x86)\acer\clear.fi\movie\audiofilter\claudspa.ax"
+ "CyberLink Audio Wizard (PCMMovie)" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files (x86)\acer\clear.fi\movie\audiofilter\claudwizard.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files (x86)\acer\clear.fi\movie\navfilter\clnavx.ax"
+ "CyberLink Line21 Decoder (PCMMovie)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\acer\clear.fi\movie\videofilter\clline21.ax"
+ "CyberLink TimeStretch Filter (PCMMovie)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\acer\clear.fi\movie\audiofilter\clauts.ax"
+ "CyberLink Tzan Filter (PCMMovie)" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files (x86)\acer\clear.fi\movie\videofilter\cltzan.ax"
+ "CyberLink Video/SP Decoder (PCMMovie)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\acer\clear.fi\movie\videofilter\clvsd.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "SlideShow" "" "" "c:\program files (x86)\nti\nti media maker 9\media maker\slideshow.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Canon BJ Language Monitor MP250 series" "IJ Language Monitor" "CANON INC." "c:\windows\system32\cnmlm9w.dll"




****************************************************************************************

#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 AM

Posted 10 October 2012 - 11:34 PM

Uninstall
SUPERAntiSpyware (Version: 5.6.1010) (SAS is good for removing certain things but can slow a machine down)





Download Hitman Pro .
http://dl.surfright.nl/HitmanPro36.exe
Start the scan Go to setings.
Un-tick Scan for tracking Cookies.
Go back to scan Tab
Select ok
Then Next
No I only want to perform a one time scan to check this computer.
Enter your email to register.
Next.
After the scan make sure to select quarantine found threats.

Then select activate free license then follow the prompts.
Reboot your machine.

Post the log here it will be on your desktop by default.

Untick Ipv6 here are instrcutions.

Hit start
Control Panel
NetWork & Sharing Center
Manage Network Connections
Right Click Your Connection
Select Properties
Un-Check Ipv6
Select ok



Run the Fix it below this will disable the tunnel adapters on your machine.
http://go.microsoft.com/?linkid=9728872


Hit the start button and type services.msc scroll down to the dns client service right click it and select properties then change the startup type to disabled.Then stop the service.

Open an elevated command prompt then copy and paste the following one at a time hitting enter after each.

cd C:\windows\system32\drivers\etc

takeown /a /f hosts

cacls hosts /p everyone:f

Reply Y Then copy and paste the text below hitting enter after.

attrib -s -h -r hosts

Close the command prompt window.

Go here and run the fix it for the hosts file,as admin.
http://support.microsoft.com/kb/972034

After the fix it runs then reboot,the hosts file should be restored to original

After the reboot.




Ok set your dns to open dns
http://theos.in/windows-xp/free-fast-public-dns-server-list/

Here are instructions
http://www.computerhope.com/issues/ch001161.htm

After you change the dns


Open Elevated Command Prompt Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.Now type or copy and paste the commands below one at a time hitting enter after each.


netsh int ipv4 reset reset.log


nbtstat -R

nbtstat -RR

netsh winsock reset catalog




ipconfig /release

ipconfig /renew




Reboot your machine.

Post a fresh minitoolbox log along with the hitman log and tell us about your issue




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users