Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus


  • Please log in to reply
21 replies to this topic

#1 Firerock

Firerock

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 03 March 2013 - 09:20 PM

Mod edit. Moved to Am I Infected from XP.. ~~boopme

 

Every time i click on a web site somthing redirects me to another website. Using Googles search engine. Downloaded tdsskiller didn't work, used malwarebytes Anti- Malware, didn't work downloaded Avg anti-virus didn't work ,All where updated and scaned. Still is redirecting me to diffrent web sites. What do i do to solve this problem.

 

Regards        :unsure:


Edited by boopme, 03 March 2013 - 09:30 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:27 AM

Posted 03 March 2013 - 09:21 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters




  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now




  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue




  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.



  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.



  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results


 



#3 Firerock

Firerock
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 04 March 2013 - 10:46 PM

Here are logs requested.

 

TDSSKiller log (No Threats Found)

 

aswMBR log

 

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-04 16:37:00
-----------------------------
16:37:00.000    OS Version: Windows 5.1.2600 Service Pack 3
16:37:00.000    Number of processors: 1 586 0x209
16:37:00.000    ComputerName: ARTHURS  UserName: Arthur
16:37:00.953    Initialize success
17:08:26.171    AVAST engine defs: 13030402
17:09:04.265    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:09:04.265    Disk 0 Vendor: WDC_WD1600AAJB-00PVA0 00.07H00 Size: 152627MB BusType: 3
17:09:04.281    Disk 0 MBR read successfully
17:09:04.281    Disk 0 MBR scan
17:09:04.312    Disk 0 Windows XP default MBR code
17:09:04.328    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       131069 MB offset 63
17:09:04.343    Disk 0 scanning sectors +268430085
17:09:04.484    Disk 0 scanning C:\WINDOWS\system32\drivers
17:09:28.250    Service scanning
17:09:53.109    Modules scanning
17:10:04.468    Disk 0 trace - called modules:
17:10:04.484    ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:10:04.484    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89ba1ab8]
17:10:04.984    3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89bced98]
17:10:05.468    AVAST engine scan C:\WINDOWS
17:10:10.328    AVAST engine scan C:\WINDOWS\system32
17:14:54.109    AVAST engine scan C:\WINDOWS\system32\drivers
17:15:22.640    AVAST engine scan C:\Documents and Settings\Arthur
17:19:34.546    AVAST engine scan C:\Documents and Settings\All Users
17:22:14.312    Scan finished successfully
17:24:08.718    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Arthur\Desktop\MBR.dat"
17:24:08.718    The log file has been saved successfully to "C:\Documents and Settings\Arthur\Desktop\aswMBR.txt"

 

ESET results

 

 

C:\Documents and Settings\Arthur\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\11\4f6250b-56c1a64c            a variant of Java/Mocup.B trojan          deleted - quarantined


 

C:\Documents and Settings\Arthur\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\25\4c736d9-674359b6            a variant of Java/Mocup.B trojan          deleted - quarantined


 

C:\Documents and Settings\Arthur\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\26\2a75661a-16e2885b        a variant of Java/Mocup.B trojan          deleted - quarantined


 

C:\Documents and Settings\Arthur\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\47\5737dd2f-19e6ed74         a variant of Java/Mocup.B trojan          deleted - quarantined


 

C:\Documents and Settings\Arthur\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\8\ba10a08-50d5b115            a variant of Java/Mocup.B trojan          deleted - quarantined


 

C:\Documents and Settings\Arthur\My Documents\Downloads\PDFXVwer.exe            multiple threats  cleaned by deleting - quarantined


 

C:\Documents and Settings\Arthur\My Documents\Downloads\PDFXVwer.zip a variant of Win32/Bundled.Toolbar.Ask application        deleted - quarantined


 

Operating memory        probably a variant of Win32/Ponmocup.AA trojan       

 

 

Didn't Deleat Quarentine files ?

 

Regards
 


 



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:27 AM

Posted 04 March 2013 - 11:01 PM

Delete them

 

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.  You can also right click on the link and select Save Link As

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log

 



#5 Firerock

Firerock
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 05 March 2013 - 12:12 PM

Malwarebytes was on my cpu already ver 1.70, did not remame before scan  Mcafee was uninstaled but still give me pop ups. Hijacker still there. AVG was disabled for about 10 min each time scan was done.

 

Here are the logs:

 

Malwarebytes log

 

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org


 

Database version: v2012.11.28.07


 

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Arthur :: ARTHURS [administrator]


 

11/28/2012 9:45:21 AM
mbam-log-2012-11-28 (09-45-21).txt


 

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193498
Time elapsed: 5 minute(s), 34 second(s)


 

Memory Processes Detected: 0
(No malicious items detected)


 

Memory Modules Detected: 0
(No malicious items detected)


 

Registry Keys Detected: 0
(No malicious items detected)


 

Registry Values Detected: 0
(No malicious items detected)


 

Registry Data Items Detected: 0
(No malicious items detected)


 

Folders Detected: 0
(No malicious items detected)


 

Files Detected: 0
(No malicious items detected)


 

(end)

 

 

Minitoobox log

 

MiniToolBox by Farbar  Version:01-03-2013
Ran by Arthur (administrator) on 04-03-2013 at 23:20:37
Running from "C:\Documents and Settings\Arthur\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************


 

========================= Flush DNS: ===================================


 


Windows IP Configuration


 

 


 

Successfully flushed the DNS Resolver Cache.


 


========================= IE Proxy Settings: ==============================


 

Proxy is not enabled.
No Proxy Server is set.


 

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
127.0.0.1 localhost


 

========================= IP Configuration: ================================


 

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


 


# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip


 


# Interface IP Configuration for "Local Area Connection"


 

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


 


popd
# End of interface IP configuration


 

 


 


Windows IP Configuration


 

 


 

        Host Name . . . . . . . . . . . . : Arthurs


 

        Primary Dns Suffix  . . . . . . . :


 

        Node Type . . . . . . . . . . . . : Unknown


 

        IP Routing Enabled. . . . . . . . : No


 

        WINS Proxy Enabled. . . . . . . . : No


 

 


 

Ethernet adapter Local Area Connection:


 

 


 

        Connection-specific DNS Suffix  . :


 

        Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection


 

        Physical Address. . . . . . . . . : 00-07-E9-6B-09-CB


 

        Dhcp Enabled. . . . . . . . . . . : Yes


 

        Autoconfiguration Enabled . . . . : Yes


 

        IP Address. . . . . . . . . . . . : 192.168.1.100


 

        Subnet Mask . . . . . . . . . . . : 255.255.255.0


 

        Default Gateway . . . . . . . . . : 192.168.1.1


 

        DHCP Server . . . . . . . . . . . : 192.168.1.1


 

        DNS Servers . . . . . . . . . . . : 68.116.46.115


 

                                            24.205.192.61


 

        Lease Obtained. . . . . . . . . . : Monday, March 04, 2013 7:28:04 PM


 

        Lease Expires . . . . . . . . . . : Tuesday, March 05, 2013 7:28:04 PM


 

Server:  vip01mdfdor.mdfd.or.charter.com
Address:  68.116.46.115


 

Name:    google.com
Addresses:  74.125.224.130, 74.125.224.132, 74.125.224.133, 74.125.224.137
   74.125.224.136, 74.125.224.131, 74.125.224.135, 74.125.224.129, 74.125.224.128
   74.125.224.142, 74.125.224.134


 

 


 

Pinging google.com [74.125.224.69] with 32 bytes of data:


 

 


 

Reply from 74.125.224.69: bytes=32 time=80ms TTL=54


 

Reply from 74.125.224.69: bytes=32 time=84ms TTL=54


 

 


 

Ping statistics for 74.125.224.69:


 

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),


 

Approximate round trip times in milli-seconds:


 

    Minimum = 80ms, Maximum = 84ms, Average = 82ms


 

Server:  vip01mdfdor.mdfd.or.charter.com
Address:  68.116.46.115


 

Name:    yahoo.com
Addresses:  206.190.36.45, 98.139.183.24, 98.138.253.109


 

 


 

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:


 

 


 

Reply from 98.139.183.24: bytes=32 time=510ms TTL=43


 

Request timed out.


 

 


 

Ping statistics for 98.139.183.24:


 

    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),


 

Approximate round trip times in milli-seconds:


 

    Minimum = 510ms, Maximum = 510ms, Average = 510ms


 

 


 

Pinging 127.0.0.1 with 32 bytes of data:


 

 


 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64


 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64


 

 


 

Ping statistics for 127.0.0.1:


 

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),


 

Approximate round trip times in milli-seconds:


 

    Minimum = 0ms, Maximum = 0ms, Average = 0ms


 

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 07 e9 6b 09 cb ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.100   20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
      192.168.1.0    255.255.255.0    192.168.1.100   192.168.1.100   20
    192.168.1.100  255.255.255.255        127.0.0.1       127.0.0.1   20
    192.168.1.255  255.255.255.255    192.168.1.100   192.168.1.100   20
        224.0.0.0        240.0.0.0    192.168.1.100   192.168.1.100   20
  255.255.255.255  255.255.255.255    192.168.1.100   192.168.1.100   1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================


 

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"


 

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"


 

Catalog9 01 mswsock.dll [File not found] ()
Catalog9 02 mswsock.dll [File not found] ()
Catalog9 03 mswsock.dll [File not found] ()
Catalog9 04 mswsock.dll [File not found] ()
Catalog9 05 mswsock.dll [File not found] ()
Catalog9 06 mswsock.dll [File not found] ()
Catalog9 07 mswsock.dll [File not found] ()
Catalog9 08 mswsock.dll [File not found] ()
Catalog9 09 mswsock.dll [File not found] ()
Catalog9 10 mswsock.dll [File not found] ()
Catalog9 11 mswsock.dll [File not found] ()
Catalog9 12 mswsock.dll [File not found] ()
Catalog9 13 mswsock.dll [File not found] ()
Catalog9 14 mswsock.dll [File not found] ()
Catalog9 15 mswsock.dll [File not found] ()
Catalog9 16 mswsock.dll [File not found] ()
Catalog9 17 mswsock.dll [File not found] ()


 

========================= Event log errors: ===============================


 

Application errors:
==================
Error: (03/03/2013 00:21:34 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.


 

Error: (03/03/2013 00:04:26 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.2.223.00x8004ff2acommon client setup outcomesetresultdatapoints0security essentialsNILNILNIL


 

Error: (03/03/2013 00:03:58 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.2.223.00x8004ff2amorrobootstraper__cinstallflow__internalrun - getserviceconfigurationactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL


 

Error: (03/03/2013 00:01:54 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.


 

Error: (03/01/2013 08:55:34 PM) (Source: Microsoft Office 10) (User: )
Description: Rejected Safe Mode action : Microsoft Word.


 

Error: (03/01/2013 07:45:43 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved


 

Error: (02/28/2013 10:55:10 AM) (Source: USPS Shipping Assistant) (User: )
Description: Timestamp: 2/28/2013 6:55:10 PM
Message: The activation has been paused and it's been delayed until the application is closed.
Severity: Error
Process Id: 1344
Win32 Thread Id: 3688


 

Extended Properties:
Exception - Microsoft.ApplicationBlocks.Updater.Activator.ActivationPausedException: The activation has been paused and it's been delayed until the application is closed.
   at Microsoft.ApplicationBlocks.Updater.ActivationProcessors.WaitForApplicationExitProcessor.PrepareExecution()
   at Microsoft.ApplicationBlocks.Updater.Activator.ActivationManager.Activate(UpdaterTask task)


 

Error: (01/28/2013 01:48:01 PM) (Source: USPS Shipping Assistant) (User: )
Description: Timestamp: 1/28/2013 9:48:01 PM
Message: Error running update script
Severity: Error
Process Id: 2836
Win32 Thread Id: 3940


 

Extended Properties:
Exception - The foreign key constraint does not exist. [ FKC2R27PDF76612708 ]


 

Error: (01/09/2013 03:40:37 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown


 

Error: (12/16/2012 06:02:05 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.1.522.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.


 


System errors:
=============
Error: (03/04/2013 07:29:24 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).


 

Error: (03/04/2013 07:29:24 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5


 

Error: (03/04/2013 07:29:24 PM) (Source: Service Control Manager) (User: )
Description: The HID Input Service service terminated with the following error:
%%2


 

Error: (03/04/2013 07:29:23 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5


 

Error: (03/04/2013 07:29:09 PM) (Source: DCOM) (User: ARTHURS)
Description: The server {692E988D-1057-4C57-8078-26CF7AE54263} did not register with DCOM within the required timeout.


 

Error: (03/04/2013 05:17:09 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {692E988D-1057-4C57-8078-26CF7AE54263} did not register with DCOM within the required timeout.


 

Error: (03/04/2013 04:18:21 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.101 for the Network Card with network address 0007E96B09CB has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).


 

Error: (03/04/2013 04:17:54 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5


 

Error: (03/04/2013 04:17:54 PM) (Source: Service Control Manager) (User: )
Description: The HID Input Service service terminated with the following error:
%%2


 

Error: (03/04/2013 04:17:54 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5


 


Microsoft Office Sessions:
=========================
Error: (03/03/2013 00:21:34 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070003moaccachereset4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNIL


 

Error: (03/03/2013 00:04:26 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientsetup.exe4.2.223.00x8004ff2acommon client setup outcomesetresultdatapoints0security essentialsNILNILNIL


 

Error: (03/03/2013 00:03:58 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientsetup.exe4.2.223.00x8004ff2amorrobootstraper__cinstallflow__internalrun - getserviceconfigurationactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL


 

Error: (03/03/2013 00:01:54 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070003moaccachereset4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNIL


 

Error: (03/01/2013 08:55:34 PM) (Source: Microsoft Office 10)(User: )
Description: Microsoft Word


 

Error: (03/01/2013 07:45:43 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved


 

Error: (02/28/2013 10:55:10 AM) (Source: USPS Shipping Assistant)(User: )
Description: Timestamp: 2/28/2013 6:55:10 PM
Message: The activation has been paused and it's been delayed until the application is closed.
Severity: Error
Process Id: 1344
Win32 Thread Id: 3688


 

Extended Properties:
Exception - Microsoft.ApplicationBlocks.Updater.Activator.ActivationPausedException: The activation has been paused and it's been delayed until the application is closed.
   at Microsoft.ApplicationBlocks.Updater.ActivationProcessors.WaitForApplicationExitProcessor.PrepareExecution()
   at Microsoft.ApplicationBlocks.Updater.Activator.ActivationManager.Activate(UpdaterTask task)


 

Error: (01/28/2013 01:48:01 PM) (Source: USPS Shipping Assistant)(User: )
Description: Timestamp: 1/28/2013 9:48:01 PM
Message: Error running update script
Severity: Error
Process Id: 2836
Win32 Thread Id: 3940


 

Extended Properties:
Exception - The foreign key constraint does not exist. [ FKC2R27PDF76612708 ]


 

Error: (01/09/2013 03:40:37 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown


 

Error: (12/16/2012 06:02:05 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry2152759308unspecifiedscanfile4.1.522.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL


 


=========================== Installed Programs ============================


 

103
7-Zip 9.22beta
ABBYY FineReader 6.0 Sprint (Version: 6.00.1784.41616)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.171)
Adobe Flash Player 11 Plugin (Version: 11.6.602.171)
Adobe Reader 8.3.1 (Version: 8.3.1)
Advanced SystemCare 6 (Version: 6.1)
ArcSoft Panorama Maker 4
AVG 2013 (Version: 13.0.2641)
AVG 2013 (Version: 13.0.2899)
AVG 2013 (Version: 2013.0.2899)
BACS (Version: 3.36.0000)
Broadcom Advanced Control Suite (Version: 3.36.0000)
Canon Easy-PhotoPrint EX
Canon MP Navigator EX 4.0
Canon MP280 series MP Drivers
Canon MP280 series User Registration
Canon My Printer
Canon Solution Menu EX
CCleaner (Version: 3.28)
CDBurnerXP (Version: 4.5.0.3717)
Click-N-Ship for Business® (Version: 4.1.167.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Defraggler (Version: 2.13)
Dell Driver Download Manager (Version: 3.0.0.0)
Dell ResourceCD
Dell System Detect (Version: 3.3.2.0)
ESET Online Scanner v3
File Uploader (Version: 1.2.5)
Google Talk Plugin (Version: 3.14.17.11865)
HSP56 Modem Drivers
ieSpell (Version: 2.5.1 (build 106))
Intel® PRO Network Adapters and Drivers
Java 7 Update 11 (Version: 7.0.110)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.1 (Version: 2.1.1)
K-Lite Mega Codec Pack 8.8.5 (Version: 8.8.5)
Lexmark 5400 Series
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content (Version: 10.0.2619.0)
Microsoft Office XP Small Business (Version: 10.0.6626.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MPC-HC 1.6.5.6366 (Version: 1.6.5.6366)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0)
NETGEAR WNA1100 wireless USB 2.0 adapter (Version: 1.0.0.133)
Nikon Message Center (Version: 0.92.000)
Nikon Transfer (Version: 1.5.3)
NVIDIA Drivers
P2PFilter 3.0.5 (Version: 3.0.5)
PDF-Viewer (Version: 2.0.54.0)
PDF-Viewer (Version: 2.5.201.0)
PPStream V2.7.0.1266 Final (Version: 2.7.0.1266)
Readon TV Movie Radio Player 7.6.0.0 (Version: 7.6.0)
Revo Uninstaller 1.94 (Version: 1.94)
SoundMAX
Speccy (Version: 1.20)
System Requirements Lab
Turbo Lister 2 (Version: 2.00.0000)
TVUPlayer 2.5.3.1 (Version: 2.5.3.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
WebFldrs XP (Version: 9.50.6513)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
XML Paper Specification Shared Components Pack 1.0


 


========================= Devices: ================================


 


========================= Memory info: ===================================


 

Percentage of memory in use: 35%
Total physical RAM: 2046.98 MB
Available physical RAM: 1311.52 MB
Total Pagefile: 2663.55 MB
Available Pagefile: 2010.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.02 MB


 

========================= Partitions: =====================================


 

2 Drive c: (DRV1_VOL1) (Fixed) (Total:128 GB) (Free:112.29 GB) NTFS


 

========================= Users: ========================================


 

User accounts for \\ARTHURS


 

Administrator            Arthur                   Guest                   
HelpAssistant            SUPPORT_388945a0        


 


**** End of log ****

 

 

Farbar's Service Scanner log

 

 

 

Farbar Service Scanner Version: 03-03-2013
Ran by Arthur (administrator) on 04-03-2013 at 23:23:47
Running from "C:\Documents and Settings\Arthur\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************


 

Internet Services:
============


 

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


 


Windows Firewall:
=============


 

Firewall Disabled Policy:
==================


 


System Restore:
============


 

System Restore Disabled Policy:
========================


 


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


 


Windows Update:
============


 

Windows Autoupdate Disabled Policy:
============================


 


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2009-01-08 17:25] - [2008-04-13 16:12] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A


 

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2002-09-03 08:59] - [2009-02-06 03:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315


 


Extra List:
=======
Avgtdix(12) Gpc(3) IPSec(5) JSWSCIMD(11) NetBT(6) PSched(7) Tcpip(4) WSIMD(10)
0x0D00000005000000010000000200000003000000040000000900000008000000070000000A0000000B0000000D0000000C00000006000000
IpSec Tag value is correct.


 

**** End of log ****

 

 

AdwCleaner log

 

# AdwCleaner v2.114 - Logfile created 03/04/2013 at 23:26:10
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Arthur - ARTHURS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Arthur\Desktop\AdwCleaner.exe
# Option [Delete]


 


***** [Services] *****


 


***** [Files / Folders] *****


 

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\Arthur\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Arthur\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Arthur\Local Settings\Application Data\OpenCandy
Folder Deleted : C:\Program Files\Conduit


 

***** [Registry] *****


 

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\PIP
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]


 

***** [Internet Browsers] *****


 

-\\ Internet Explorer v8.0.6001.18702


 

[OK] Registry is clean.


 

*************************


 

AdwCleaner[S1].txt - [2088 octets] - [04/03/2013 23:26:10]


 

########## EOF - C:\AdwCleaner[S1].txt - [2148 octets] ##########

 

 

Junkweare Remove tool log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.8 (03.04.2013:1)
OS: Microsoft Windows XP x86
Ran by Arthur on Mon 03/04/2013 at 23:41:52.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 

 


 


~~~ Services


 

 


 

~~~ Registry Values


 

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL


 

 


 

~~~ Registry Keys


 

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}


 

 


 

~~~ Files


 

 


 

~~~ Folders


 

 


 

 


 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/04/2013 at 23:55:34.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Rkill log

 

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html


 

Program started at: 03/05/2013 12:04:40 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3


 

Checking for Windows services to stop:


 

 * No malware services found to stop.


 

Checking for processes to terminate:


 

 * C:\WINDOWS\system32\acs.exe (PID: 244) [WD-HEUR]
 * C:\WINDOWS\system32\pctspk.exe (PID: 792) [WD-HEUR]


 

2 proccesses terminated!


 

Checking Registry for malware related settings:


 

 * No issues found in the Registry.


 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.


 

Performing miscellaneous checks:


 

 * No issues found.


 

Checking Windows Service Integrity:


 

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled


 

 * AppMgmt [Missing ServiceDLL Value]
 * HidServ [Missing ServiceDLL Value]


 

Searching for Missing Digital Signatures:


 

 * No issues found.


 

Checking HOSTS File:


 

 * HOSTS file entries found:


 

  127.0.0.1 localhost


 

Program finished at: 03/05/2013 12:05:32 AM
Execution time: 0 hours(s), 0 minute(s), and 52 seconds(s)

 

Autoruns log

 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AVG_UI" "AVG User Interface" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgui.exe"
+ "LXCTCATS" "Lexmark Connect Timer DLL" "Lexmark International Inc." "c:\windows\system32\spool\drivers\w32x86\3\lxcttime.dll"
+ "MCAgentExe" "McAfee SecurityCenter Agent" "McAfee, Inc" "c:\program files\mcafee.com\agent\mcagent.exe"
+ "MCUpdateExe" "McAfee SecurityCenter Update Engine" "McAfee, Inc" "c:\program files\mcafee.com\agent\mcupdate.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "NvMediaCenter" "NVIDIA Media Center Library" "NVIDIA Corporation" "c:\windows\system32\nvmctray.dll"
+ "nwiz" "NVIDIA nView Wizard, Version 110.60 " "NVIDIA Corporation" "c:\windows\system32\nwiz.exe"
+ "OASClnt" "McAfee VirusScan OAS Client" "McAfee, Inc." "c:\program files\mcafee.com\vso\oasclnt.exe"
+ "PCTVOICE" "pctvoice MFC Application" "" "c:\windows\system32\pctspk.exe"
+ "VirusScan Online" "McAfee VirusScan ActiveShield Resource" "McAfee, Inc." "c:\program files\mcafee.com\vso\mcvsshld.exe"
+ "VSOCheckTask" "McAfee VirusScan Command Handler" "McAfee, Inc." "c:\program files\mcafee.com\vso\mcmnhdlr.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Google Update" "Google Installer" "Google Inc." "c:\documents and settings\arthur\local settings\application data\google\update\googleupdate.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "mso-offdap" "Microsoft Office XP Web Components" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\10\owc10.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
+ "1" "" "" "File not found: http://www.ezdropship.com/"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "Advanced SystemCare" "ASCExtMenu Module" "" "c:\program files\iobit\advanced systemcare 6\ascextmenu.dll"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgse.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "VSCContextMenu Class" "McAfee VirusScan Shell Extension Module" "McAfee, Inc." "c:\program files\mcafee.com\vso\mcvsshl.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "InfoPage" "PDF-XChange Shell Extention" "Tracker Software Products (Canada) Ltd." "c:\program files\tracker software\shell extensions\xcshinfo.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "Advanced SystemCare" "ASCExtMenu Module" "" "c:\program files\iobit\advanced systemcare 6\ascextmenu.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "00nView" "NVIDIA Desktop Explorer, Version 110.60 " "NVIDIA Corporation" "c:\windows\system32\nvshell.dll"
+ "NvCplDesktopContext" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
+ "PXCInfoShlExt Class" "PDF-XChange Shell Extention" "Tracker Software Products (Canada) Ltd." "c:\program files\tracker software\shell extensions\xcshinfo.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgse.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "VSCContextMenu Class" "McAfee VirusScan Shell Extension Module" "McAfee, Inc." "c:\program files\mcafee.com\vso\mcvsshl.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Reader Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "McAfee VirusScan" "McAfee VirusScan Shell Extension Module" "McAfee, Inc." "c:\program files\mcafee.com\vso\mcvsshl.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "ieSpell" "" "" "File not found: C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM"
+ "ieSpell Options" "" "" "File not found: C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.6 r602" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "ASC4_PerformanceMonitor.job" "" "" "File not found: C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe"
+ "ASC6_PerformanceMonitor.job" "Advanced SystemCare 6 Monitor" "IObit" "c:\program files\iobit\advanced systemcare 6\monitor.exe"
+ "GoogleUpdateTaskUserS-1-5-21-1060284298-261478967-682003330-1005Core.job" "Google Installer" "Google Inc." "c:\documents and settings\arthur\local settings\application data\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-1060284298-261478967-682003330-1005UA.job" "Google Installer" "Google Inc." "c:\documents and settings\arthur\local settings\application data\google\update\googleupdate.exe"
+ "Npivtxmnzx.job" "" "" "c:\windows\system32\ssmyst1.dll"
+ "RealUpgradeLogonTaskS-1-5-21-1060284298-261478967-682003330-1005.job" "" "" "File not found: C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck"
+ "RealUpgradeScheduledTaskS-1-5-21-1060284298-261478967-682003330-1005.job" "" "" "File not found: C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ACS" "Gives access to single sign on and a mechanism to communicate with the supplicant for security negotiation." "Atheros" "c:\windows\system32\acs.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AdvancedSystemCareService6" "Advanced SystemCare Service" "IObit" "c:\program files\iobit\advanced systemcare 6\ascservice.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgwdsvc.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\jqs.exe"
+ "jswpsapi" "Provides support for JumpStart using Wi-Fi Protected Setup." "Atheros Communications, Inc." "c:\program files\netgear\wna1100\jswpsapi.exe"
+ "lxct_device" "Printer Communication System" " " "c:\windows\system32\lxctcoms.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "McDetect.exe" "McAfee WSC Integration Service" "McAfee, Inc" "c:\program files\mcafee.com\agent\mcdetect.exe"
+ "McShield" "On-Access Scanner service" "McAfee Inc." "c:\program files\mcafee.com\vso\mcshield.exe"
+ "McTskshd.exe" "McAfee Task Scheduler" "McAfee, Inc" "c:\program files\mcafee.com\agent\mctskshd.exe"
+ "mcupdmgr.exe" "McAfee SecurityCenter Update Manager" "McAfee, Inc" "c:\program files\mcafee.com\agent\mcupdmgr.exe"
+ "NVSvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "WSWNA1100" "Wifi Service" "" "c:\program files\netgear\wna1100\wifisvc.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "aeaudio" "Andrea Audio Stub Driver" "Andrea Electronics Corporation" "c:\windows\system32\drivers\aeaudio.sys"
+ "AR9271" "Driver for Atheros Wireless Network Adapter" "Atheros Communications, Inc." "c:\windows\system32\drivers\athuw.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdriverx.sys"
+ "AVGIDSHX" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidshx.sys"
+ "AVGIDSShim" "AVG Technologies IDS Application Activity Monitor Shim Loader Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsshimx.sys"
+ "Avgldx86" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx86.sys"
+ "Avglogx" "AVG Logging Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avglogx.sys"
+ "Avgmfx86" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx86.sys"
+ "Avgrkx86" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx86.sys"
+ "Avgtdix" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdix.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "E100B" "Intel® PRO/100 Adapter NDIS 5.1 driver" "Intel Corporation" "c:\windows\system32\drivers\e100b325.sys"
+ "esgiguard" "" "" "File not found: C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "JSWSCIMD" "Wireless Intermediate Miniport Driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\jswscimd.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "mbamchameleon" "" "" "c:\windows\system32\drivers\mbamchameleon.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "NaiAvFilter1" "Anti-Virus File System Filter Driver" "McAfee Inc." "c:\windows\system32\drivers\naiavf5x.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 93.71 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "OMCI" "OMCI Device Driver" "Dell Computer Corporation" "c:\windows\system32\drivers\omci.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "Ptserial" "HSP Modem Serial Device Driver" "PCTEL, INC." "c:\windows\system32\drivers\ptserial.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "smwdm" "SoundMAX Integrated Digital Audio " "Analog Devices, Inc." "c:\windows\system32\drivers\smwdm.sys"
+ "ssfs0bbc" "Spy Sweeper File System Filter Driver" "Webroot Software, Inc. (www.webroot.com)" "c:\windows\system32\drivers\ssfs0bbc.sys"
+ "sshrmd" "Spy Sweeper Hookrack MiniDriver" "Webroot Software, Inc. (www.webroot.com)" "c:\windows\system32\drivers\sshrmd.sys"
+ "ssidrv" "Spy Sweeper Interdiction Driver" "Webroot Software, Inc. (www.webroot.com)" "c:\windows\system32\drivers\ssidrv.sys"
+ "StarOpen" "" "" "c:\windows\system32\drivers\staropen.sys"
+ "Vmodem" "HSP Modem Modem Device Driver" "PCTEL, INC." "c:\windows\system32\drivers\vmodem.sys"
+ "Vpctcom" "HSP Modem Virtual Control Device" "PCtel, Inc." "c:\windows\system32\drivers\vpctcom.sys"
+ "Vvoice" "HSP Modem device driver" "PCtel, Inc." "c:\windows\system32\drivers\vvoice.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "WSIMD" "Wireless Intermediate Miniport Driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\wsimd.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.ac3acm" "AC-3 ACM Codec" "fccHandler" "c:\windows\system32\ac3acm.acm"
+ "msacm.l3acm" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecp.acm"
+ "msacm.lameacm" "Lame MP3 codec engine" "http://www.mp3dev.org/" "c:\windows\system32\lameacm.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "VIDC.FFDS" "ffdshow VFW" "" "c:\windows\system32\ff_vfw.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "VIDC.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
+ "VIDC.YV12" "" "" "c:\windows\system32\xvidvfw.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "AC3File" "" "" "c:\program files\k-lite codec pack\filters\ac3file.ax"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "DC-Bass Source" "DirectShow™ Audio Decoder" "http://www.dsp-worx.de" "c:\program files\k-lite codec pack\filters\dcbasssource.ax"
+ "DirectVobSub" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "MPC-HC Team" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "DirectVobSub (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "MPC-HC Team" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow DXVA Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "File Source (Monkey Audio)" "" "" "c:\program files\k-lite codec pack\filters\monkeysource.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Video Renderer" "" "" "c:\program files\k-lite codec pack\filters\haali\dxr.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "LAV Audio Decoder" "LAV Audio Decoder - DirectShow Audio Decoder" "1f0.de - Hendrik Leppkes" "c:\program files\k-lite codec pack\filters\lav\lavaudio.ax"
+ "LAV Splitter" "LAV Splitter - DirectShow Media Splitter" "1f0.de - Hendrik Leppkes" "c:\program files\k-lite codec pack\filters\lav\lavsplitter.ax"
+ "LAV Splitter Source" "LAV Splitter - DirectShow Media Splitter" "1f0.de - Hendrik Leppkes" "c:\program files\k-lite codec pack\filters\lav\lavsplitter.ax"
+ "LAV Video Decoder" "LAV Video Decoder - DirectShow Video Decoder" "1f0.de - Hendrik Leppkes" "c:\program files\k-lite codec pack\filters\lav\lavvideo.ax"
+ "madFlac Decoder" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files\k-lite codec pack\filters\madflac.ax"
+ "madFlac Source" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files\k-lite codec pack\filters\madflac.ax"
+ "madVR" "madshi's D3D9 based video renderer" "madshi.net" "c:\program files\k-lite codec pack\filters\madvr\madvr.ax"
+ "MainConcept (Nikon) MPEG Audio Decoder" "MPEG Video and Audio Decoder" "MainConcept AG (Nikon)" "c:\program files\common files\nikon\mpeg\nikondsmpeg.ax"
+ "MainConcept (Nikon) MPEG Encoder" "MPEG Encoder and Muxer" "MainConcept AG (Nikon)" "c:\program files\common files\nikon\mpeg\nikonesmpeg.ax"
+ "MainConcept (Nikon) MPEG Video Decoder" "MPEG Video and Audio Decoder" "MainConcept AG (Nikon)" "c:\program files\common files\nikon\mpeg\nikondsmpeg.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "MpegVideo Filter" "MpegVideo Module" "DScaler Team" "c:\program files\k-lite codec pack\filters\mpegvideo.dll"
+ "muvee Music Analyser" "Music Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvmanalyse.ax"
+ "muvee WAV Encoder" "mvWavEncoder Filter (Sample)" "Microsoft Corporation" "c:\program files\common files\muvee technologies\030625\mvwavenc.ax"
+ "QuickTime Source Filter" "QuickTimeSource Module" "" "c:\program files\common files\muvee technologies\030625\quicktimesource.dll"
+ "RadLight OptimFROG DirectShow Filter" "RLOFRDec" "RadLight" "c:\program files\k-lite codec pack\filters\rlofrdec.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotBoundaryDet" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "SopCast ASF Splitter" "P2P Filter" "" "c:\program files\p2pfilter\p2pfilter.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "T" "VP7 Decompression Filter" "On2.com Inc." "c:\program files\k-lite codec pack\filters\vp7dec.ax"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "Windows Media Pad VU Data Grabber" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart" "AVG Resident Shield Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgrsx.exe"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "5400 Series Port" "Printer Communication System" " " "c:\windows\system32\lxctlmpm.dll"
+ "Canon BJ Language Monitor MP280 series" "IJ Language Monitor" "CANON INC." "c:\windows\system32\cnmlmaa.dll"
+ "Fax Lexmark 5400 Series Port" "Print Monitor (Win2k/WinXP)" "" "c:\windows\system32\lxctpmon.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "ACS" "Atheros Wireless LAN" "Atheros" "c:\windows\system32\athgina.dll"

 

Regards
 



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:27 AM

Posted 05 March 2013 - 12:28 PM

You missed adware cleaner and junkware log



#7 Firerock

Firerock
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 05 March 2013 - 07:33 PM

Opened adwere cleaner pressed delete button only not search button.

 

# AdwCleaner v2.114 - Logfile created 03/05/2013 at 16:02:42
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Arthur - ARTHURS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Arthur\Desktop\AdwCleaner.exe
# Option [Delete]


 


***** [Services] *****


 


***** [Files / Folders] *****


 


***** [Registry] *****


 


***** [Internet Browsers] *****


 

-\\ Internet Explorer v8.0.6001.18702


 

[OK] Registry is clean.


 

*************************


 

AdwCleaner[R1].txt - [718 octets] - [05/03/2013 16:00:00]
AdwCleaner[S1].txt - [2217 octets] - [04/03/2013 23:26:10]
AdwCleaner[S2].txt - [334 octets] - [05/03/2013 16:01:17]
AdwCleaner[S3].txt - [709 octets] - [05/03/2013 16:02:42]


 

########## EOF - C:\AdwCleaner[S3].txt - [768 octets] ##########

 

junkware  log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.8 (03.04.2013:1)
OS: Microsoft Windows XP x86
Ran by Arthur on Tue 03/05/2013 at 16:09:51.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 

 


 


~~~ Services


 

 


 

~~~ Registry Values


 

 


 

~~~ Registry Keys


 

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}


 

 


 

~~~ Files


 

 


 

~~~ Folders


 

 


 

 


 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/05/2013 at 16:26:14.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:27 AM

Posted 05 March 2013 - 10:57 PM

Press Windows+R key and type

 

cmd and click ok and run these commands

 

cd c:\windows\system32

cacls ssmyst1.dll /p everyone:f

attrib -s -h -r ssmyst1.dll

del ssmyst1.dll

 

Restart the PC ,press windows+R key and type

 

tasks and click ok

 

Delete Npivtxmnzx.job file.Browse for a while and let me know if you still have redirects


Edited by narenxp, 05 March 2013 - 10:59 PM.


#9 Firerock

Firerock
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 06 March 2013 - 12:14 AM

I need to know how exactly to type in the command prompt (one or all) of the commands you requested, spaces etc?  then what to do?. I tryed to do this but the seconded click it redirected me again. after rebooting, typing in tasks and deleting the Npivtxmnzx.job file. I did something wrong? I need step by step instructions, the Npivtxmnzx.job file was restored from the recycle bin.You say run these commands how?

 

cd c:\windows\system32


 

cacls ssmyst1.dll /p everyone:f


 

attrib -s -h -r ssmyst1.dll


 

del ssmyst1.dll


Edited by Firerock, 06 March 2013 - 02:19 AM.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:27 AM

Posted 06 March 2013 - 03:36 AM

Sorry,copy the commands one by one and paste it in command window and press ENTER

 

Please run Autoruns again after all steps have been completed


Edited by narenxp, 06 March 2013 - 03:36 AM.


#11 Firerock

Firerock
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 06 March 2013 - 11:54 PM

Copy and pasted the commands, then pressed enter. Nothing happened in the command window, this is what it read

 

cd c:\windows\system32 (this one was ok

 

 

cacls ssmyst1.dll /p everyone:f ( This asked are you sure (Y/N)


 

attrib -s -h -r ssmyst1.dll ( This one read Access denided )


 

del ssmyst1.dll ( This one read Could not find)

 

Leaving everything as it was command prompt window open, i restarted my cpu.

 

Then typed tasks opened autoruns and removed ( Npivtxmnzx.job file )

 

Proceeded to open INTERNET browsing, click on approx 15 web sites. No redirects. with Npivtxmnzx.job file  in the recycle bin do i leave it? will my cpu boot up ok that file appears to be run at start up?


 



#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:27 AM

Posted 06 March 2013 - 11:56 PM

Delete Npivtxmnzx.job from recyclebin

 

Restart the PC and run the commands again.This time you will not receive access denied errors.Please run autoruns and post the new log



#13 Firerock

Firerock
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 07 March 2013 - 01:48 AM

Deleted Npivtxmnzx.job file from recycle bin. could not anser y/n and access denied still there after attrib -s -h -r ssmyst1.dll restarted cpu and ran autoruns.

 

 

Autoruns Log

 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AVG_UI" "AVG User Interface" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgui.exe"
+ "LXCTCATS" "Lexmark Connect Timer DLL" "Lexmark International Inc." "c:\windows\system32\spool\drivers\w32x86\3\lxcttime.dll"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "NvMediaCenter" "NVIDIA Media Center Library" "NVIDIA Corporation" "c:\windows\system32\nvmctray.dll"
+ "nwiz" "NVIDIA nView Wizard, Version 110.60 " "NVIDIA Corporation" "c:\windows\system32\nwiz.exe"
+ "PCTVOICE" "pctvoice MFC Application" "" "c:\windows\system32\pctspk.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Google Update" "Google Installer" "Google Inc." "c:\documents and settings\arthur\local settings\application data\google\update\googleupdate.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "mso-offdap" "Microsoft Office XP Web Components" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\10\owc10.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
+ "1" "" "" "File not found: http://www.ezdropship.com/"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "Advanced SystemCare" "ASCExtMenu Module" "" "c:\program files\iobit\advanced systemcare 6\ascextmenu.dll"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgse.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "InfoPage" "PDF-XChange Shell Extention" "Tracker Software Products (Canada) Ltd." "c:\program files\tracker software\shell extensions\xcshinfo.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "Advanced SystemCare" "ASCExtMenu Module" "" "c:\program files\iobit\advanced systemcare 6\ascextmenu.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "00nView" "NVIDIA Desktop Explorer, Version 110.60 " "NVIDIA Corporation" "c:\windows\system32\nvshell.dll"
+ "NvCplDesktopContext" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
+ "PXCInfoShlExt Class" "PDF-XChange Shell Extention" "Tracker Software Products (Canada) Ltd." "c:\program files\tracker software\shell extensions\xcshinfo.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgse.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Reader Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "ieSpell" "" "" "File not found: C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM"
+ "ieSpell Options" "" "" "File not found: C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.6 r602" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "ASC4_PerformanceMonitor.job" "" "" "File not found: C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe"
+ "ASC6_PerformanceMonitor.job" "Advanced SystemCare 6 Monitor" "IObit" "c:\program files\iobit\advanced systemcare 6\monitor.exe"
+ "GoogleUpdateTaskUserS-1-5-21-1060284298-261478967-682003330-1005Core.job" "Google Installer" "Google Inc." "c:\documents and settings\arthur\local settings\application data\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-1060284298-261478967-682003330-1005UA.job" "Google Installer" "Google Inc." "c:\documents and settings\arthur\local settings\application data\google\update\googleupdate.exe"
+ "Microsoft Antimalware Scheduled Scan.job" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "MpIdleTask.job" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "RealUpgradeLogonTaskS-1-5-21-1060284298-261478967-682003330-1005.job" "" "" "File not found: C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck"
+ "RealUpgradeScheduledTaskS-1-5-21-1060284298-261478967-682003330-1005.job" "" "" "File not found: C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ACS" "Gives access to single sign on and a mechanism to communicate with the supplicant for security negotiation." "Atheros" "c:\windows\system32\acs.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AdvancedSystemCareService6" "Advanced SystemCare Service" "IObit" "c:\program files\iobit\advanced systemcare 6\ascservice.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgwdsvc.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\jqs.exe"
+ "jswpsapi" "Provides support for JumpStart using Wi-Fi Protected Setup." "Atheros Communications, Inc." "c:\program files\netgear\wna1100\jswpsapi.exe"
+ "lxct_device" "Printer Communication System" " " "c:\windows\system32\lxctcoms.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "NVSvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "WSWNA1100" "Wifi Service" "" "c:\program files\netgear\wna1100\wifisvc.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "aeaudio" "Andrea Audio Stub Driver" "Andrea Electronics Corporation" "c:\windows\system32\drivers\aeaudio.sys"
+ "AR9271" "Driver for Atheros Wireless Network Adapter" "Atheros Communications, Inc." "c:\windows\system32\drivers\athuw.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdriverx.sys"
+ "AVGIDSHX" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidshx.sys"
+ "AVGIDSShim" "AVG Technologies IDS Application Activity Monitor Shim Loader Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsshimx.sys"
+ "Avgldx86" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx86.sys"
+ "Avglogx" "AVG Logging Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avglogx.sys"
+ "Avgmfx86" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx86.sys"
+ "Avgrkx86" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx86.sys"
+ "Avgtdix" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdix.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "E100B" "Intel® PRO/100 Adapter NDIS 5.1 driver" "Intel Corporation" "c:\windows\system32\drivers\e100b325.sys"
+ "esgiguard" "" "" "File not found: C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "JSWSCIMD" "Wireless Intermediate Miniport Driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\jswscimd.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 93.71 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "OMCI" "OMCI Device Driver" "Dell Computer Corporation" "c:\windows\system32\drivers\omci.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "Ptserial" "HSP Modem Serial Device Driver" "PCTEL, INC." "c:\windows\system32\drivers\ptserial.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "smwdm" "SoundMAX Integrated Digital Audio " "Analog Devices, Inc." "c:\windows\system32\drivers\smwdm.sys"
+ "ssfs0bbc" "Spy Sweeper File System Filter Driver" "Webroot Software, Inc. (www.webroot.com)" "c:\windows\system32\drivers\ssfs0bbc.sys"
+ "sshrmd" "Spy Sweeper Hookrack MiniDriver" "Webroot Software, Inc. (www.webroot.com)" "c:\windows\system32\drivers\sshrmd.sys"
+ "ssidrv" "Spy Sweeper Interdiction Driver" "Webroot Software, Inc. (www.webroot.com)" "c:\windows\system32\drivers\ssidrv.sys"
+ "StarOpen" "" "" "c:\windows\system32\drivers\staropen.sys"
+ "Vmodem" "HSP Modem Modem Device Driver" "PCTEL, INC." "c:\windows\system32\drivers\vmodem.sys"
+ "Vpctcom" "HSP Modem Virtual Control Device" "PCtel, Inc." "c:\windows\system32\drivers\vpctcom.sys"
+ "Vvoice" "HSP Modem device driver" "PCtel, Inc." "c:\windows\system32\drivers\vvoice.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "WSIMD" "Wireless Intermediate Miniport Driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\wsimd.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.ac3acm" "AC-3 ACM Codec" "fccHandler" "c:\windows\system32\ac3acm.acm"
+ "msacm.l3acm" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecp.acm"
+ "msacm.lameacm" "Lame MP3 codec engine" "http://www.mp3dev.org/" "c:\windows\system32\lameacm.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "VIDC.FFDS" "ffdshow VFW" "" "c:\windows\system32\ff_vfw.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "VIDC.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
+ "VIDC.YV12" "" "" "c:\windows\system32\xvidvfw.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "AC3File" "" "" "c:\program files\k-lite codec pack\filters\ac3file.ax"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "DC-Bass Source" "DirectShow™ Audio Decoder" "http://www.dsp-worx.de" "c:\program files\k-lite codec pack\filters\dcbasssource.ax"
+ "DirectVobSub" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "MPC-HC Team" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "DirectVobSub (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "MPC-HC Team" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow DXVA Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "File Source (Monkey Audio)" "" "" "c:\program files\k-lite codec pack\filters\monkeysource.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Video Renderer" "" "" "c:\program files\k-lite codec pack\filters\haali\dxr.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "LAV Audio Decoder" "LAV Audio Decoder - DirectShow Audio Decoder" "1f0.de - Hendrik Leppkes" "c:\program files\k-lite codec pack\filters\lav\lavaudio.ax"
+ "LAV Splitter" "LAV Splitter - DirectShow Media Splitter" "1f0.de - Hendrik Leppkes" "c:\program files\k-lite codec pack\filters\lav\lavsplitter.ax"
+ "LAV Splitter Source" "LAV Splitter - DirectShow Media Splitter" "1f0.de - Hendrik Leppkes" "c:\program files\k-lite codec pack\filters\lav\lavsplitter.ax"
+ "LAV Video Decoder" "LAV Video Decoder - DirectShow Video Decoder" "1f0.de - Hendrik Leppkes" "c:\program files\k-lite codec pack\filters\lav\lavvideo.ax"
+ "madFlac Decoder" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files\k-lite codec pack\filters\madflac.ax"
+ "madFlac Source" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files\k-lite codec pack\filters\madflac.ax"
+ "madVR" "madshi's D3D9 based video renderer" "madshi.net" "c:\program files\k-lite codec pack\filters\madvr\madvr.ax"
+ "MainConcept (Nikon) MPEG Audio Decoder" "MPEG Video and Audio Decoder" "MainConcept AG (Nikon)" "c:\program files\common files\nikon\mpeg\nikondsmpeg.ax"
+ "MainConcept (Nikon) MPEG Encoder" "MPEG Encoder and Muxer" "MainConcept AG (Nikon)" "c:\program files\common files\nikon\mpeg\nikonesmpeg.ax"
+ "MainConcept (Nikon) MPEG Video Decoder" "MPEG Video and Audio Decoder" "MainConcept AG (Nikon)" "c:\program files\common files\nikon\mpeg\nikondsmpeg.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "MpegVideo Filter" "MpegVideo Module" "DScaler Team" "c:\program files\k-lite codec pack\filters\mpegvideo.dll"
+ "muvee Music Analyser" "Music Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvmanalyse.ax"
+ "muvee WAV Encoder" "mvWavEncoder Filter (Sample)" "Microsoft Corporation" "c:\program files\common files\muvee technologies\030625\mvwavenc.ax"
+ "QuickTime Source Filter" "QuickTimeSource Module" "" "c:\program files\common files\muvee technologies\030625\quicktimesource.dll"
+ "RadLight OptimFROG DirectShow Filter" "RLOFRDec" "RadLight" "c:\program files\k-lite codec pack\filters\rlofrdec.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotBoundaryDet" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "SopCast ASF Splitter" "P2P Filter" "" "c:\program files\p2pfilter\p2pfilter.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "T" "VP7 Decompression Filter" "On2.com Inc." "c:\program files\k-lite codec pack\filters\vp7dec.ax"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "Windows Media Pad VU Data Grabber" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart" "AVG Resident Shield Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgrsx.exe"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "5400 Series Port" "Printer Communication System" " " "c:\windows\system32\lxctlmpm.dll"
+ "Canon BJ Language Monitor MP280 series" "IJ Language Monitor" "CANON INC." "c:\windows\system32\cnmlmaa.dll"
+ "Fax Lexmark 5400 Series Port" "Print Monitor (Win2k/WinXP)" "" "c:\windows\system32\lxctpmon.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "ACS" "Atheros Wireless LAN" "Atheros" "c:\windows\system32\athgina.dll"
 


Edited by Firerock, 07 March 2013 - 02:02 AM.


#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:27 AM

Posted 07 March 2013 - 05:42 AM

Lets try another way to delete the file

 

Press Windows+R key and type

 

cmd and click ok and run these commands one by one

 

cd c:\windows\system32

cacls ssmyst1.dll /p guest:n

 

Press Y and <ENTER>

 

Restart the PC.Now copy and run these commands one by one

 

cd c:\windows\system32

cacls ssmyst1.dll /p everyone:f

attrib -s -h -r ssmyst1.dll

del ssmyst1.dll

 

Let me know if that worked



#15 Firerock

Firerock
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 07 March 2013 - 01:55 PM

Both commands where enterd one by one, after each entry y was entered then (enter) was presed. It reads y is not reconized as an internal or external command,operable program or batch file.It still asked are you sure y/n under

   cacls ssmyst1.dll /p guest:n did nothing also for

cd c:\windows\system32 i didn't reboot the cpu.

 

Regards






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users