Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

monstermarketplace cant find anything to remove it


  • This topic is locked This topic is locked
15 replies to this topic

#1 htbentzur

htbentzur

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Israel
  • Local time:04:09 AM

Posted 13 October 2013 - 01:46 AM

hi.  my husbands laptop has been hijacked by monstermarketplace.  tried all the advice from google searching .  cant find any new programs to delete  no extensions  nada.  i installed hackthis and did a scan  can someone please help!!!!


Edited by Elise, 13 October 2013 - 04:26 AM.
Log removed and topic moved to AII ~ Elise


BC AdBot (Login to Remove)

 


#2 htbentzur

htbentzur
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Israel
  • Local time:04:09 AM

Posted 13 October 2013 - 01:48 AM

also have bitdefender total security 2013.  did system scan and registry cleaner  



#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:09 PM

Posted 13 October 2013 - 04:09 AM

Please go - Start > Control Panel > Programs and Features and remove any monstermarketplace or recent unknown programs - Ask if you are not sure.

 

 

Download Security Check by Screen317 from Here
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

Please follow How To Temporarily Disable Your Anti-virus

 

Please download Junkware Removal Tool by thisisu to your desktop
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

 

While your Antivirus is disabled

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
*  Do not reboot your computer after running RKill as the malware programs will start again.
* If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.

 

 

Scan your machine with ESET OnlineScan
1. Hold down Control and click HERE to open ESET OnlineScan in a new window.
2.Click the ESET Online Scanner button.
3.NOTE :.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

- 1. Click on This Link to download the ESET Smart Installer. Save it to your desktop.
- 2. Double click on the ESET Online Scanner icon on your desktop.

 4. Check "YES, I accept the Terms of Use."
 5. Click the Start button.
 6. Accept any security warnings from your browser.
 7. Under scan settings, check "Scan Archives" and "Remove found threats"
8. Click Advanced settings and select the following:

Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

 9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time to download the program for a first time, and then download updated data base (1 to 2  hours is not unusual)
10. When the scan completes, click List Threats
11. Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12. Click the Back button.
13. Click the Finish button
Or you can find a report at  C:\Program Files\esetonlinescanner\log.txt.

 

 

Now enable your Antivirus again -

 

 

Please download Malwarebytes Anti-Malware Free (aka MBAM)
* Untick the > Free Pro Trial < option at this time
* Double-click MBAM -setup.exe and follow the prompts to install the program.
* At the end, be sure to Check for Updates to be so it is current
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Scan, then click Quick Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* NOTE : You may be asked to Reboot to fully remove any found infections.
* When completed, a log will open in Notepad.
* Post the log back here.
* If you are not sure of any items, post the log and ask if it should be removed.

 

Thank You -



#4 htbentzur

htbentzur
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Israel
  • Local time:04:09 AM

Posted 13 October 2013 - 06:57 AM

You are absolutely awesome! My husband and I are both self-employed and our computers are our lifeblood for our businesses! Your instructions were easy to understand, not too technical for the average computer user who knows very little to nothing about the mouse inside that wheel.
 
I followed your instructions, and after rebooting, all was working normally again. You are a lifesaver!

 

My husband's computer is only about 2 months old, and he really tries to be careful, so if you could let us know how you think he got it on his computer that would be awesome!

 

Here are the txt files: (COULDN'T FIND THE OPTION TO UPLOAD A FILE SO I PASTED THEM ALL HERE.

 

CHECKUP.TXT:

 

Results of screen317's Security Check version 0.99.74 

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 10 

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled! 

Bitdefender Antivirus  

Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Adobe Flash Player 11.9.900.117 

Adobe Reader XI 

Google Chrome 30.0.1599.66 

Google Chrome 30.0.1599.69 

````````Process Check: objlist.exe by Laurent````````

Spybot Teatimer.exe is disabled!

Bitdefender Bitdefender vsserv.exe 

Bitdefender Bitdefender updatesrv.exe 

Bitdefender Bitdefender SafeBox safeboxservice.exe 

Bitdefender Bitdefender bdagent.exe 

Bitdefender Bitdefender pmbxag.exe 

Bitdefender Bitdefender antispam32 bdapppassmgr.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

 

 

ESET.TXT FILE:

C:\Program Files (x86)\FLV Player\FLVPlayer.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined

C:\Program Files (x86)\FLV Player\Uninstall\__Uninstall_.exe a variant of Win32/InstallCore.DK application cleaned by deleting - quarantined

C:\Users\hezy\Desktop\COMPUTER PROGRAMS\FLVPlayerSetup.exe a variant of Win32/InstallCore.DK application cleaned by deleting - quarantined

C:\Users\hezy\Desktop\COMPUTER PROGRAMS\SoftonicDownloader_for_screenpresso-screen-capture.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined

C:\Users\hezy\Desktop\mozy migration\Desktop\temp hold\freefileviewer_730.exe a variant of Win32/InstallIQ.A application cleaned by deleting - quarantined

C:\Users\hezy\Desktop\mozy migration\Desktop\Web Tools\SoftonicDownloader_for_jing.exe Win32/SoftonicDownloader.E application cleaned by deleting - quarantined

 

JRT.TXT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.4 (10.06.2013:1)

OS: Windows 7 Professional x64

Ran by hezy on Sun 10/13/2013 at 12:41:25.53

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

~~~ Services

 

 

~~~ Registry Values

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic

 

 

~~~ Files

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\hezy\AppData\Roaming\opencandy"

 

 

~~~ Event Viewer Logs were cleared

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 10/13/2013 at 12:48:06.71

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

RKILL.TXT:

 

Rkill 2.6.1 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

 

Program started at: 10/13/2013 12:56:08 PM in x64 mode.

Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:

C:\Users\hezy\Desktop\rkill\rkill-10-13-2013-12-56-23.reg

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

Performing miscellaneous checks:

 

* Windows Defender Disabled

 

   [HKLM\SOFTWARE\Microsoft\Windows Defender]

   "DisableAntiSpyware" = dword:00000001

* Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

   "EnableFirewall" = dword:00000000

 

Checking Windows Service Integrity:

 

* Windows Defender (WinDefend) is not Running.

   Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 10/13/2013 12:56:34 PM

Execution time: 0 hours(s), 0 minute(s), and 25 seconds(s)

 

 

 

MBAM-LOG-2013-10-13-50-18).TXT (QUICK SCAN):

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.10.13.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16721

hezy :: HEZY-PC [administrator]

10/13/2013 13:50:18

mbam-log-2013-10-13 (13-50-18).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 201663

Time elapsed: 1 minute(s), 52 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 2

HKLM\SOFTWARE\dosearchesSoftware (PUP.Optional.DoSearches.A) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

MBAMLOG-FULL SCAN-201310-13 (13-53-37).TXT:

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.10.13.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16721

hezy :: HEZY-PC [administrator]

10/13/2013 13:53:37

mbam-log-2013-10-13 (13-53-37).txt

 

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 315105

Time elapsed: 17 minute(s), 44 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 2

C:\System Volume Information\SystemRestore\FRStaging\Users\hezy\AppData\Local\Temp\sof_ar_20139619370_dosearches.exe (PUP.Optional.Elex) -> Quarantined and deleted successfully.

C:\System Volume Information\SystemRestore\FRStaging\Users\hezy\AppData\Local\Temp\eIntaller\B3C5B1F0ED9F48a9800557FD250A3CB1\eXQ.exe (PUP.Optional.DProtect.A) -> Quarantined and deleted successfully.

 

(end)

 

 

Moderator Edit: Removed HiJackThis Log. Not Allowed in this forum

Roger


Edited by rotor123, 13 October 2013 - 05:33 PM.


#5 htbentzur

htbentzur
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Israel
  • Local time:04:09 AM

Posted 13 October 2013 - 09:35 AM

Hi again. It's back! BUT -- maybe this is what's causing it? My husband gave his old laptop to our kids. My son's been home about 2 hours and he plays Mindcraft and things. When I asked my husband where he (hubby) has been since we got things all cleaned up, he went into his browser history and when he mentioned some of the sites it dawned on me. The older laptop Chrome it attached to my husband's Google Accounts. So now when my husband, on his new computer, goes into his Chrome, maybe where my son's been on the other laptop is causing the problem?



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:09 PM

Posted 13 October 2013 - 05:55 PM

Sorry but we all have problems and my Text Editor just went up in smoke with your reply
Not to worry as it is just software and will be replaced later today ...........
Meanwhile I am back to Notepad, without my program links -

 

Delete Chrome from the old computer and do not use it while connected to the new one. Use I.E or F/fox
Remove SpeedBitVideoAccelerator from all computers as this has many bells and whistles, but does very little.

 

 

TFCleaner

Please download TFC, or Temp File Cleaner By Old Timer

Usage Instructions:

* Download TFC from the download link above and save the file on your desktop.

* Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.

* Double-click on the TFC icon.

* When the program opens, click on the Start button.

* TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.

* When done, press OK and reboot your computer and finish the cleanup.

 

 

Autoruns -

* Download Autoruns in Zip file.

* Extract (unzip) to desktop and launch autoruns.exe

* Allow the scan to fully finish. This may take up to 4 or 5 minutes.

* Next, click on FILE > SAVE

* Use the Filename:Autoruns.txt

* Save as type : Text : Next > Save to desktop

* Copy and paste the log back here

It may not look pretty, but it shows me a great deal -

 

Thank You -



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:09 PM

Posted 13 October 2013 - 07:05 PM

You can also do these steps to help.

 

Please download AdwCleaner to desktop.
* Close all other running programs including your browser, as your computer will be rebooted after the scan.
* Double click on the AdwCleaner icon to run the program
* Vista or Win7 users Right click and select Run as Administrator
* Select Scan from the menu, then check the listed programs if you want to keep any

* Now click Clean, Confirm with OK when asked.

* NOTE : It is here that your system will be Auto rebooted
* A logfile will be produced after the reboot, please post it back here

 

 

Reset all browsers back to Default, as I know you use Chrome, but check the others also, and remove these extensions (if they exist) ......

 

Internet Explorer:

Open Internet Explorer, Go > Tools > Manage Add-ons > Toolbars and Extensions.

Here, look for Abest, QWProtect, AntivirusBest, MonsterMarketplace and click uninstall.

Change your start page and default search engine back to normal.

 

Google Chrome:

Open Google Chrome > Click Wrench Icon > Settings > Manage Search Engines.

Remove Abest, QWProtect, AntivirusBest, MonsterMarketplace and other unnecessary entries from the list.

Change your start page and default search engine back to normal.

 

Mozilla Firefox:

Open Mozilla Firefox, Go - Tools > Add-ons > Extensions

 Find Abest, QWProtect, AntivirusBest, MonsterMarketplace, or any other unknown add-on and click Uninstall.

Change your start page and default search engine back to normal.

 

Thanks -



#8 htbentzur

htbentzur
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Israel
  • Local time:04:09 AM

Posted 15 October 2013 - 12:05 AM

Did the Adwcleaner and the autoruns but can't find a way to upload those files. I tried to reply to the bleep@bleepingcomputer.com email but it was returned. how to I send in the logs?



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:09 PM

Posted 15 October 2013 - 12:16 AM

In this forum area please Copy / Paste all logs.

If they are hidden, then it would take us twice as long to reply to you -

 

Thank You -

EDIT - As this is Am I Infected, we would not like people to send hidden attachments that may contain any infections.


Edited by noknojon, 15 October 2013 - 12:28 AM.


#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:09 PM

Posted 19 October 2013 - 04:29 AM

Hello -

As you stopped responding to my questions, are you now finished with this topic ?

I do understand that other things come up unexpectedly -

 

Thank You



#11 htbentzur

htbentzur
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Israel
  • Local time:04:09 AM

Posted 19 October 2013 - 11:41 AM

Hi, thanks for your email. My husband is even less technically inclined than me. He needs to run the last set of programs so he can save the logs again but he did say when he ran them nothing seemed to change. But I told him he needs to send the logs to you so you can see what's going on.

 

BTW I cannot find a way to send the logs via this forum. The autoruns wont copy/paste here. And I can't see anywhere to attach a file like I did when I first opened this thread. Help? Thanks.



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:09 PM

Posted 19 October 2013 - 03:23 PM

Hello -

EDIT - Please note that you have not attached any posts here, just Copy / Paste............

 

Please just take 3 minutes (even print out) and it is very simple. You can EDIT the text after I have finished just to make sure there is nothing showing that you do not want shown. You have "dead" or unwanted entries that I can help remove, or you can always post to Malware / Virus Removal Logs area with This Guide Preparation Guide. Again this was just a helping call to you ......

Re-read at the bottom -

 

Thank You -

 

Only with the directions I gave, and nothing more, I managed to post this =>>

It took 3 minutes after the scan "populated" as I have not posted this XPs earlier.

 

 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "14/09/2013 11:08 AM"
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe" "5/04/2013 8:05 AM"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe" "17/04/2013 2:13 PM"
+ "CorelCreatorClient" "gDocCreator Client application" "Global Graphics Software Ltd." "c:\program files\corel\corel pdf fusion\corelcreatorclient.exe" "25/04/2012 8:45 PM"
+ "EssSpkPhone" "" "" "c:\windows\essspk.exe" "20/10/2001 5:49 AM"
+ "GrooveMonitor" "GrooveMonitor Utility" "Microsoft Corporation" "c:\program files\microsoft office\office12\groovemonitor.exe" "26/02/2009 11:53 PM"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe" "13/08/2013 4:10 AM"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll" "2/04/2005 11:29 AM"
+ "PRONoMgr.exe" "PRONotifyMgr Module" "Intel® Corporation" "c:\program files\intel\ncs\proset\pronomgr.exe" "12/03/2003 11:24 AM"
+ "SiSRaid" "Sraid Application" "SiS" "c:\program files\silicon integrated systems\sisraidpackage\sraid.exe" "18/05/2005 5:44 PM"
+ "SoundMan" "Realtek Sound Manager" "Realtek Semiconductor Corp." "C:\WINDOWS\soundman.exe" "27/07/2004 8:01 PM"
X "SSBkgdUpdate" "" "" "File not found: C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot" ""
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Oracle Corporation" "c:\program files\common files\java\java update\jusched.exe" "3/07/2013 3:16 AM"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" "" "14/09/2013 11:06 AM"
+ "Secunia PSI Tray.lnk" "Secunia PSI Tray" "Secunia" "c:\program files\secunia\psi\psi_tray.exe" "12/10/2011 7:23 PM"
+ "Windows Search.lnk" "Windows Search System Tray" "Microsoft Corporation" "c:\program files\windows desktop search\windowssearch.exe" "27/05/2008 4:19 PM"
"C:\Documents and Settings\USER\Start Menu\Programs\Startup" "" "" "" "6/09/2013 8:29 AM"
+ "Lotus QuickStart.lnk" "Lotus QuickStart Executable" "Lotus Development Corporation" "c:\lotus\wordpro\ltsstart.exe" "15/05/1997 7:22 AM"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "25/07/2013 5:59 PM"
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe" "14/04/2008 5:30 AM"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe" "14/04/2008 5:30 AM"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" "" "30/08/2013 8:24 PM"
X "News.net" "" "" "File not found: C:\Program Files\News.net\BreakingNews\DesktopContainer.exe" ""
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe" "2/03/2007 9:23 AM"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" "" "25/07/2013 5:59 PM"
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll" "27/02/2009 3:00 AM"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" "" "25/07/2013 5:59 PM"
+ "grooveLocalGWS" "GrooveSystemServices Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\groovesystemservices.dll" "27/02/2009 12:20 AM"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll" "19/08/2006 7:23 PM"
+ "wot" "" "" "c:\program files\wot\wot.dll" "3/08/2012 2:13 AM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" "" "14/09/2013 11:06 AM"
+ "Groove GFS Stub Execution Hook" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll" "27/02/2009 12:20 AM"
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll" "19/07/2011 10:22 AM"
+ "Windows Desktop Search Namespace Manager" "Windows Search Namespace Manager" "Microsoft Corporation" "c:\program files\windows desktop search\msnlnamespacemgr.dll" "25/05/2009 4:41 PM"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "14/01/2005 11:09 PM"
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll" "19/04/2011 5:34 AM"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll" "13/08/2013 4:10 AM"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll" "24/05/2013 6:59 AM"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll" "27/02/2009 12:20 AM"
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "26/07/2013 12:19 PM"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll" "13/08/2013 4:10 AM"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "25/07/2013 5:59 PM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll" "1/03/2013 7:39 AM"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll" "27/02/2009 12:20 AM"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "26/07/2013 12:19 PM"
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll" "19/04/2011 5:34 AM"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll" "13/08/2013 4:10 AM"
+ "RecuvaShellExt" "Recuva shell extensions" "Piriform Ltd" "c:\program files\recuva\recuvashell.dll" "29/03/2013 10:31 PM"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll" "24/05/2013 6:59 AM"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll" "27/02/2009 12:20 AM"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" "" "26/07/2013 12:19 PM"
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll" "19/04/2011 5:34 AM"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "25/07/2013 5:59 PM"
+ "00nView" "NVIDIA Desktop Explorer, Version 100.40 " "NVIDIA Corporation" "c:\windows\system32\nvshell.dll" "31/03/2005 5:41 PM"
+ "NvCplDesktopContext" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll" "2/04/2005 11:29 AM"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll" "27/02/2009 12:20 AM"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "25/07/2013 5:59 PM"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll" "11/05/2013 8:34 PM"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "25/07/2013 5:59 PM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll" "1/03/2013 7:39 AM"
+ "RecuvaShellExt" "Recuva shell extensions" "Piriform Ltd" "c:\program files\recuva\recuvashell.dll" "29/03/2013 10:31 PM"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll" "27/02/2009 12:20 AM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "14/09/2013 11:06 AM"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll" "27/02/2009 12:20 AM"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll" "27/02/2009 12:20 AM"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll" "27/02/2009 12:20 AM"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll" "27/02/2009 12:20 AM"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll" "27/02/2009 12:20 AM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "14/09/2013 11:06 AM"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll" "9/10/2013 1:43 AM"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll" "9/10/2013 1:43 AM"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll" "23/01/2009 10:42 AM"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" "" "30/08/2013 8:22 PM"
+ "&Google Toolbar" "" "" "c:\program files\google\google toolbar\googletoolbar.dll" "7/11/2008 1:28 PM"
+ "WOT" "" "" "c:\program files\wot\wot.dll" "3/08/2012 2:13 AM"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "30/08/2013 8:22 PM"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll" "20/07/2011 5:13 PM"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe" "14/04/2008 5:34 AM"
"Task Scheduler" "" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.9 r900" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe" "27/09/2013 11:46 AM"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe" "16/02/2012 1:43 PM"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe" "16/02/2012 1:43 PM"
+ "Microsoft Antimalware Scheduled Scan.job" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe" "13/08/2013 4:09 AM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "19/10/2013 1:59 PM"
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore.exe" "24/05/2013 7:11 AM"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe" "27/09/2013 11:46 AM"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe" "7/08/2010 2:24 AM"
X "AppMgmt" "Provides software installation services such as Assign, Publish, and Remove." "" "File not found: C:\WINDOWS\System32\appmgmts.dll" ""
+ "Brother XP spl Service" "brsvc01a" "brother Industries Ltd" "c:\windows\system32\brsvc01a.exe" "28/08/2003 6:06 PM"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe" "16/02/2012 1:43 PM"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe" "16/02/2012 1:43 PM"
X "gusvc" "" "" "File not found: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" ""
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe" "22/10/2004 7:24 PM"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Oracle Corporation" "c:\program files\java\jre7\bin\jqs.exe" "9/10/2013 1:29 AM"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamscheduler.exe" "1/03/2013 7:38 AM"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe" "1/03/2013 7:38 AM"
+ "Microsoft Office Groove Audit Service" "Groove Audit Service" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveauditservice.exe" "26/02/2009 11:44 PM"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe" "13/08/2013 4:08 AM"
+ "NetSvc" "NetSvc Module" "Intel® Corporation" "c:\program files\intel\ncs\sync\netsvc.exe" "4/03/2003 8:33 AM"
+ "NVSvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe" "2/04/2005 11:46 AM"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe" "20/07/2011 4:12 PM"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe" "27/10/2006 8:00 AM"
+ "Secunia PSI Agent" "Performs routine software inspections of the system, the results of which can be seen in your Secunia PSI" "Secunia" "c:\program files\secunia\psi\psia.exe" "12/10/2011 7:26 PM"
+ "Secunia Update Agent" "Performs routine updates of selected software on the system, the results of which can be seen in your Secunia PSI" "Secunia" "c:\program files\secunia\psi\sua.exe" "12/10/2011 7:23 PM"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe" "19/10/2006 3:05 PM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "19/10/2013 1:59 PM"
+ "ALCXSENS" "Sensaura WDM 3D Audio Driver" "Sensaura" "c:\windows\system32\drivers\alcxsens.sys" "24/02/2004 5:11 AM"
+ "ALCXWDM" "Realtek AC'97 Audio Driver (WDM)" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\alcxwdm.sys" "3/08/2004 12:09 AM"
+ "BrPar" "Brother Parallel class Driver  version 1.01" "Brother Industries Ltd." "c:\windows\system32\drivers\brpar.sys" "25/07/2000 5:18 AM"
+ "cdrbsdrv" "CD-ROM Filter Driver for Windows2000/xp" "B.H.A Corporation" "c:\windows\system32\drivers\cdrbsdrv.sys" "8/03/2004 2:55 PM"
X "cdrbsvsd" "" "" "File not found: C:\WINDOWS\System32\Drivers\cdrbsvsd.sys" ""
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys" ""
+ "CVirtA" "Cisco Systems VPN Adapter" "Cisco Systems, Inc." "c:\windows\system32\drivers\cvirta.sys" "19/01/2007 7:28 AM"
+ "E1000" "Intel® PRO/1000 Adapter NDIS 5.1 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1000325.sys" "30/08/2003 4:26 AM"
+ "Edspport" "ESS Telephony Driver" "ESS Technology, Inc." "c:\windows\system32\drivers\es56hpi.sys" "26/10/2001 10:22 AM"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys" "18/05/2009 11:16 PM"
X "gfiark" "" "" "File not found: system32\drivers\gfiark.sys" ""
X "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys" ""
X "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys" ""
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys" "1/03/2013 7:33 AM"
+ "MpKsldbb7d8ec" "KSLDriver" "Microsoft Corporation" "c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c6dd489-1df1-4138-9b10-afde3dbef0a5}\mpksldbb7d8ec.sys" "22/08/2013 9:32 AM"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 71.89 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys" "2/04/2005 10:53 AM"
X "Partizan" "" "" "File not found: system32\drivers\Partizan.sys" ""
X "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys" ""
X "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys" ""
X "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys" ""
X "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys" ""
X "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys" ""
+ "PSI" "PSI mini-filter driver" "Secunia" "c:\windows\system32\drivers\psi_mf.sys" "1/09/2010 6:53 PM"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys" "18/08/2001 7:49 AM"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys" "22/07/2011 10:03 AM"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys" "13/07/2011 7:24 AM"
X "sbaphd" "" "" "File not found: system32\drivers\sbaphd.sys" ""
X "sbapifs" "" "" "File not found: system32\drivers\sbapifs.sys" ""
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys" "14/09/2006 12:18 AM"
+ "sisidex" "FileSpy Filter Driver" "Windows ® 2000 DDK provider" "c:\windows\system32\drivers\sisidex.sys" "8/08/2003 9:00 PM"
+ "SISNIC" "SiS PCI Fast Ethernet Adapter Driver" "SiS Corporation" "c:\windows\system32\drivers\sisnic.sys" "29/10/2003 6:55 PM"
+ "SiSRaid" "SiS RAID Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid.sys" "6/05/2005 8:14 PM"
+ "SONYPVU1" "Sony USB Lower Filter driver" "Sony Corporation" "c:\windows\system32\drivers\sonypvu1.sys" "18/08/2001 7:56 AM"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys" "1/04/2010 2:20 PM"
X "vsdatant" "" "" "File not found: C:\WINDOWS\system32\vsdatant.sys" ""
X "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys" ""
+ "WF23880" "WinFast WDM Video Capture Driver.(88X)" "Copyright @2000-2006 Leadtek Research Inc." "c:\windows\system32\drivers\wf88vcap.sys" "18/10/2004 2:25 PM"
+ "WF88XBAR" "WinFast WDM Crossbar Driver.(88X)" "Copyright @2000-2006 Leadtek Research Inc." "c:\windows\system32\drivers\wf88xbar.sys" "18/10/2004 2:25 PM"
X "WFIOCTL" "" "" "File not found: C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS" ""
+ "WFTUNE" "WinFast WDM Tuner Driver.(88X)" "Copyright @2000-2006 Leadtek Research Inc." "c:\windows\system32\drivers\wf88tune.sys" "18/10/2004 2:25 PM"
X "WIMMount" "wimmount" "" "File not found: C:\Program Files\Macrium\Reflect\wimmount.sys" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "20/10/2013 6:50 AM"
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax" "14/04/2008 11:09 AM"
+ "msacm.l3acm" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecp.acm" "19/10/2006 3:05 PM"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm" "14/04/2008 11:11 AM"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm" "18/08/2001 4:35 PM"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll" "18/06/2010 1:03 AM"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll" "18/08/2001 4:33 PM"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll" "18/08/2001 4:33 PM"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax" "14/04/2008 11:10 AM"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll" "14/04/2008 11:10 AM"
"HKLM\Software\Classes\Filter" "" "" "" "20/10/2013 6:53 AM"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax" "14/04/2008 11:10 AM"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax" "14/04/2008 11:10 AM"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax" "14/04/2008 11:10 AM"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax" "14/04/2008 11:10 AM"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "25/07/2013 5:59 PM"
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 11:11 AM"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax" "18/08/2001 4:35 PM"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 11:11 AM"
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files\google\google earth\client\wavdest.ax" "12/07/2013 9:34 PM"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 11:11 AM"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\shared files\audiofilter\claud.ax" "29/10/2003 9:31 PM"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\shared files\audiofilter\claudfx.ax" "28/10/2003 12:46 PM"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\shared files\audiofilter\claudiocd.ax" "28/10/2003 3:04 PM"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\shared files\navfilter\clnavx.ax" "31/10/2003 9:22 PM"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\shared files\videofilter\clline21.ax" "30/06/2003 5:20 PM"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\shared files\audiofilter\clauts.ax" "4/07/2003 7:42 PM"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\shared files\videofilter\clvsd.ax" "31/10/2003 5:32 PM"
+ "DV Scenes" "NeroVision Express" "Ahead Software AG" "c:\program files\ahead\nerovision\nvdv.dll" "20/04/2004 2:54 AM"
+ "DV Source Filter" "NeroVision Express" "Ahead Software AG" "c:\program files\ahead\nerovision\nvdv.dll" "20/04/2004 2:54 AM"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 11:11 AM"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax" "14/04/2008 11:09 AM"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll" "14/04/2008 11:10 AM"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll" "14/04/2008 11:10 AM"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax" "16/06/2010 3:17 AM"
+ "Muvee Video Decoder" "MPEG-1/2/4 video decoder w/ DxVA" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax" "20/04/2004 12:11 AM"
+ "Nero Audio Encoder" " " "Ahead Software AG
Karlsbad
Germany
Phone: ++49-7248-911-800
Fax: ++49-7248-911-888
E-Mail: info@nero.com" "c:\program files\common files\ahead\dsfilter\neaudioenc.ax" "7/03/2003 7:54 PM"
+ "Nero Audio Processor" "Audio Processor" "Ahead Software AG
 " "c:\program files\common files\ahead\dsfilter\neaudioconv.ax" "26/03/2004 11:53 PM"
+ "Nero Audio Source" "Nero Library" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nerender.ax" "4/11/2003 8:53 PM"
+ "Nero Audio Stream Renderer" "Nero Library" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nerender.ax" "4/11/2003 8:53 PM"
+ "Nero Audio Stream Renderer" "Nero Library" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nerender.ax" "4/11/2003 8:53 PM"
+ "Nero Digital Audio Decoder" "Nero Digital Audio Decoding Filter" "Ahead Software AG and its licensors" "c:\program files\common files\ahead\dsfilter\neaudio.ax" "16/04/2004 2:43 AM"
+ "Nero Digital Audio Encoder" "LC AAC and HE AAC encoder" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nendaud.ax" "15/04/2004 11:40 PM"
+ "Nero Digital Muxer" "Muxing filter for NeroDigital file format" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax" "15/04/2004 11:40 PM"
+ "Nero Digital Parser" "NeroDigital / mp4 / avi / mov parser" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax" "15/04/2004 3:41 AM"
+ "Nero Digital Video Encoder" "MP4 video encoder filter" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nendvid.ax" "15/04/2004 11:40 PM"
+ "Nero ES Video Reader" "NeroDigital / mp4 / avi / mov parser" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax" "15/04/2004 3:41 AM"
+ "Nero File Source" "Nero Library" "Ahead Software AG
 " "c:\program files\common files\ahead\dsfilter\nefilesrc.ax" "16/08/2003 12:43 AM"
+ "Nero File Source / Splitter" "Push Mode VOB Source Filter" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nefsource.ax" "19/03/2004 8:35 PM"
+ "Nero Format Converter" "NeroFormatConv" "admin" "c:\program files\common files\ahead\dsfilter\neroformatconv.ax" "13/02/2004 1:39 AM"
+ "Nero Scene Change Detector" "Scene Change Detector" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nescenedetector.ax" "23/07/2003 10:50 PM"
+ "Nero Scene Change Detector" "Scene Change Detector" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nescenedetector.ax" "23/07/2003 10:50 PM"
+ "Nero Video Decoder" "MPEG-1/2/4 video decoder w/ DxVA" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax" "20/04/2004 12:11 AM"
+ "Nero Video Processor" "Resize / Deinterlace / Color Correction / Film Effect / Frame Capture Filter" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nerovideoproc.ax" "19/03/2004 7:43 PM"
+ "Nero Video Source" "Nero Library" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nerender.ax" "4/11/2003 8:53 PM"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 11:11 AM"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 11:11 AM"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 11:11 AM"
+ "ULead File Source (Async.)" "Ulead Async Filter" "Ulead Systems" "c:\program files\common files\ulead systems\mpeg\ulasync.ax" "23/08/2003 7:02 PM"
+ "Ulead MPEG Muxer" "MPEG Muxer" "ULead Systems" "c:\program files\common files\ulead systems\mpeg\ulmxmpeg.ax" "6/08/2004 4:33 PM"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax" "18/08/2001 4:35 PM"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 11:11 AM"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 11:11 AM"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 11:11 AM"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 11:11 AM"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 11:11 AM"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 11:11 AM"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 11:11 AM"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 11:11 AM"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 11:11 AM"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 11:11 AM"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 11:11 AM"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 11:11 AM"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 11:11 AM"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 11:11 AM"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 11:11 AM"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 11:11 AM"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" "" "30/08/2013 9:06 PM"
X "TPSvc" "" "" "File not found: TPSvc.dll" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" "" "20/10/2013 6:50 AM"
+ "Canon BJ Language Monitor MP480 series" "IJ Language Monitor" "CANON INC." "c:\windows\system32\cnmlm9f.dll" "29/03/2008 3:29 AM"
+ "Corel PDF Creator Monitor" "" "" "c:\windows\system32\corelcreatorpm.dll" "25/04/2012 8:46 PM"
+ "EPSON Stylus CX5900 Series 32MonitorBP" "EPSON Bi-directional Monitor" "SEIKO EPSON CORPORATION" "c:\windows\system32\e_flbbip.dll" "5/04/2006 1:46 PM"

 

 

Download Autoruns in Zip file.
Extract and launch autoruns.exe
Allow the scan to fully finish. This may take up to 4 or 5 minutes.
1 * Next click on FILE > SAVE
2 *
Use the Filename:Autoruns.txt
3 * Save as type :Text . Save to desktop
Copy and paste the log back here


Edited by noknojon, 19 October 2013 - 06:57 PM.


#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:09 PM

Posted 20 October 2013 - 07:22 PM

OK -

As we seem to be stuck at this point, please follow these directions =>

 

Since you require other assistance, please follow the instructions in the Preparation Guide For Requesting Help starting at Step 6.

 

When you have done that, start a new topic and post the required logs to  Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts.

 

If you are unable to complete any step, please post the topic and leave a full description of your current problems

 

Please Use Copy / Paste for your responses, and Do Not Attach them unless your helper requests this.

 

After doing this, please reply back in this thread with a link to the new topic so we can closed this one.

 

If HelpBot responds to your topic, please follw his Step #1 so the team will be notified.

 

Regards -



#14 htbentzur

htbentzur
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Israel
  • Local time:04:09 AM

Posted 21 October 2013 - 01:13 AM

Thank you. My husband's work has been crazy and he meant to set aside time
last night to run the steps again. I will forward this to him and try to
light a fire under his butt. Appreciate all your time and I'll let you know
how it goes. Thanks again!



#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:09 PM

Posted 21 October 2013 - 03:02 AM

OK -

As you wish -

 

Best Regards -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users