Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE hijack, Chrome & FF new tabs, Avast, mbam, SS&D don't spot


  • Please log in to reply
19 replies to this topic

#1 DiverMike

DiverMike

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 01 March 2013 - 10:23 PM

It appears to be a variant of the websearch virus.  IE home page splashes for 1/2 second, then gets redirected to (websearch.pu-results.info).  Chrome and Firefox, secondary pages/new tab redirects also, first page okay?  Resetting home pages in settings only clears until reboot.

  Avast full scan didn't spot anything, mbam detected and removed 2 malicious files (Adware.Muliplug), but no change on reboot. D/L and ran Spybot S & D, full scan then boot scan, don't see a log to see what was removed  Kaspersky online scan doesn't spot anything.

   Thank you in advance,

 



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:15 AM

Posted 01 March 2013 - 10:35 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters




  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now




  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue




  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.



  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.



  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results


 



#3 DiverMike

DiverMike
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 02 March 2013 - 02:40 PM

Okay, tried to post all together, post didn't go out in over 5 mins, will try it as separate pieces (if this goes)



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:15 AM

Posted 02 March 2013 - 02:48 PM

Post last few lines of TDSSkiller log alone.



#5 DiverMike

DiverMike
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 02 March 2013 - 03:02 PM

TDSSKiller log  - An error occurred post_too_long - Tried posting first 50 pages, no go.  My connection is iffy now, TDSSKiller log is 118 pages single spaced (!?) will post in reverse order, attempt to save 50 pages at a time unsuccessfule. not sure if it's my connection or forum limits now

 

 

aswMBR log:



aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software



Run date: 2013-03-02 07:54:18



-----------------------------



07:54:18.791    OS Version: Windows
x64 6.1.7601 Service Pack 1



07:54:18.791    Number of processors:
4 586 0x502



07:54:18.791    ComputerName:
QUAD-PC  UserName: Quad



07:54:20.273    Initialize success



07:54:20.382    AVAST engine defs:
13030200



07:54:47.448    Disk 0 (boot)
\Device\Harddisk0\DR0 -> \Device\00000066



07:54:47.464    Disk 0 Vendor:
WDC_WD10 01.0 Size: 953869MB BusType: 3



07:54:47.495    Disk 0 MBR read
successfully



07:54:47.511    Disk 0 MBR scan



07:54:47.511    Disk 0 Windows 7
default MBR code



07:54:47.542    Disk 0 Partition 1 80
(A) 07    HPFS/NTFS NTFS          100 MB offset 2048



07:54:47.558    Disk 0 Partition 2
00     07    HPFS/NTFS NTFS       862582 MB offset 206848



07:54:47.558    Disk 0 Partition -
00     05     Extended             80000 MB offset 1766774784



07:54:47.620    Disk 0 Partition 3
00     07    HPFS/NTFS NTFS        11185 MB offset 1930614784



07:54:47.745    Disk 0 Partition 4
00     07    HPFS/NTFS NTFS        79999 MB offset 1766776832



07:54:47.792    Disk 0 scanning
C:\Windows\system32\drivers



07:55:06.590    Service scanning



07:55:33.858    Modules scanning



07:55:33.874    Disk 0 trace - called
modules:



07:55:34.217    ntoskrnl.exe
fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vsflt67.sys ACPI.sys storport.sys
hal.dll nvstor64.sys



07:55:34.233    1 nt!IofCallDriver
-> \Device\Harddisk0\DR0[0xfffffa8005b61060]



07:55:34.248    3
CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver ->
[0xfffffa80059ecd60]



07:55:34.264    5
vsflt67.sys[fffff88000e657cd] -> nt!IofCallDriver -> [0xfffffa8005805e40]



07:55:34.264    7
ACPI.sys[fffff88000fb17a1] -> nt!IofCallDriver ->
\Device\00000066[0xfffffa80058cb580]



07:55:35.902    AVAST engine scan
C:\Windows



07:56:00.800    AVAST engine scan
C:\Windows\system32



07:58:50.933    AVAST engine scan
C:\Windows\system32\drivers



07:59:11.385    AVAST engine scan
C:\Users\Quad



09:04:13.197    AVAST engine scan
C:\ProgramData



09:09:44.847    Scan finished
successfully



09:10:31.453    Disk 0 MBR has been
saved successfully to "C:\Users\Quad\Desktop\MBR.dat"



09:10:31.458    The log file has been
saved successfully to "C:\Users\Quad\Desktop\aswMBR.txt"



 



-------------------------------------------------------------------------------------------------------------------------------------



ESET results:



C:\Users\All Users\BrowwSe2savee\512ebfcadca05.dll    a variant of Win32/Adware.MultiPlug.I
application   



C:\Users\All Users\SeaRoch-NewTTab\512ebfe9ef92e.dll    a variant of Win32/Adware.MultiPlug.I
application   



C:\d\Download\FreeAudioConverter.exe   
Win32/OpenCandy application   
cleaned by deleting - quarantined



C:\d\Phones\Android
2011\TitaniumBackup\com.alienmanfc6.wheresmyandroid-d13c3006d126b1f813fc0681747e536a.apk.gz    a variant of Android/Walien.A
application    deleted - quarantined



C:\d\Transfer\UBCD4Win-Mike.iso   
Win32/PrcView application   
deleted - quarantined



C:\d\Transfer\UBCD4WinV350.exe   
Win32/PrcView application   
cleaned by deleting - quarantined



C:\d\Transfer\Vundo Removal\VirtumundoBeGone.exe    Win32/PrcView application    cleaned by deleting - quarantined



C:\d\Utils\pc-wizard_2012.2.11-setup.exe   
a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined



C:\d\Utils\SetupImgBurn_2.5.2.0.exe   
a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined



C:\d\Utils\Setup_FreeConverter.exe   
Win32/Toolbar.Widgi application   
cleaned by deleting - quarantined



C:\d\Utils\tb_free.exe    a variant
of Win32/TFTPD32.A application    cleaned
by deleting - quarantined



C:\d\Utils\UBCD4WinV360.exe   
Win32/PrcView application   
cleaned by deleting - quarantined



C:\d\Virus Removal\VirtumundoBeGone.exe   
Win32/PrcView application   
cleaned by deleting - quarantined



C:\Program Files (x86)\EaseUS\Todo Backup\bin\PxeServer.dll    a variant of Win32/TFTPD32.A application    cleaned by deleting - quarantined



C:\ProgramData\BrowwSe2savee\512ebfcadca05.dll    a variant of Win32/Adware.MultiPlug.I
application    cleaned by deleting -
quarantined



C:\ProgramData\SeaRoch-NewTTab\512ebfe9ef92e.dll    a variant of Win32/Adware.MultiPlug.I
application    cleaned by deleting -
quarantined



C:\UBCD4Win\plugin\Cleanup Tools\SDFix\SDFix.exe    Win32/PrcView application    deleted - quarantined



C:\Users\Quad\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aangflopbieaepclikphcemnllomagjn\1\512ebfcadc7b76.92186977.js    Win32/Adware.MultiPlug.H application    cleaned by deleting - quarantined



C:\Users\Quad\AppData\Local\Google\Chrome\User
Data\Default\Extensions\lfeobenjiheeknlneaphcimclbjibcif\1\512ebfe9ef7103.17128490.js    Win32/Adware.MultiPlug.H application    cleaned by deleting - quarantined



C:\Users\Quad\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Content.IE5\98ICQ6UE\wsconduit__166[1].exe    a variant of Win32/Amonetize.B
application    cleaned by deleting -
quarantined



C:\Users\Quad\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Content.IE5\JEGT4DJQ\search_defender_166[1].exe    a variant of Win32/SProtector.A
application    cleaned by deleting - quarantined



C:\Users\Quad\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Content.IE5\JEGT4DJQ\search_defender_alternate_166[1].exe    a variant of Win32/SProtector.A
application    cleaned by deleting -
quarantined



C:\Users\Quad\AppData\Roaming\Mozilla\Firefox\Profiles\n7zgg293.default\extensions\cqaayey@oouuq.com\content\bg.js    Win32/Adware.MultiPlug.H application    cleaned by deleting - quarantined



C:\Users\Quad\AppData\Roaming\Mozilla\Firefox\Profiles\n7zgg293.default\extensions\vpsr2xc6@uy-eoie.org\content\bg.js    Win32/Adware.MultiPlug.H application    cleaned by deleting - quarantined



C:\Users\Quad\Desktop\cbsidlm-tr1_11-GMER-SEO-10720107.exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined



C:\Users\Quad\Desktop\Maint\EasUS Todo Free Backup.exe    a variant of Win32/TFTPD32.A
application    cleaned by deleting -
quarantined



C:\Users\Quad\Desktop\Maint\UBCD4WinV360.exe    Win32/PrcView application    cleaned by deleting - quarantined



C:\Users\Quad\Desktop\Maint\Hirens.BootCD.15.0\Hiren's.BootCD.15.0.iso    multiple threats    deleted - quarantined



C:\Users\Quad\Desktop\Media\avc-free.exe   
Win32/OpenCandy application   
cleaned by deleting - quarantined



Here's the end of the TDSSKiller log:

 

07:33:55.0589 4768  Scan finished



07:33:55.0589 4768 
============================================================



07:33:55.0602 6748  Detected object count: 0



07:33:55.0602 6748  Actual detected object count: 0



07:39:57.0206 1388  Deinitialize success



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:15 AM

Posted 02 March 2013 - 03:03 PM


Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.  You can also right click on the link and select Save Link As

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log

 



#7 DiverMike

DiverMike
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 02 March 2013 - 03:06 PM

I was reading the scan logs, ran CCleaner and removed all IE, Chrome, and FF temporary Internet files, should have done that earlier.



#8 DiverMike

DiverMike
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 02 March 2013 - 06:45 PM

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.03.02.12
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Quad :: QUAD-PC [administrator]
 
3/2/2013 3:12:03 PM
mbam-log-2013-03-02 (15-12-03).txt
 
Scan type: Full scan (C:\|D:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 533950
Time elapsed: 1 hour(s), 41 minute(s), 45 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0


#9 DiverMike

DiverMike
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 02 March 2013 - 06:56 PM

Farbars Mini-Toolbox:

  MiniToolBox by Farbar  Version:01-03-2013

Ran by Quad (administrator) on 02-03-2013 at 18:48:39
Running from "C:\Users\Quad\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.type", 0
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
NVIDIA nForce 10/100 Mbps Ethernet  = HomeNet (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Quad-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : earthlink.net
 
Ethernet adapter HomeNet:
 
   Connection-specific DNS Suffix  . : earthlink.net
   Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet 
   Physical Address. . . . . . . . . : 00-23-54-FD-EB-EF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.151(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, March 02, 2013 9:07:11 AM
   Lease Expires . . . . . . . . . . : Sunday, March 03, 2013 9:07:10 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.earthlink.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dlinkrouter.earthlink.net
Address:  192.168.0.1
 
Name:    google.com
Addresses:  2607:f8b0:4004:803::1005
      74.125.228.34
      74.125.228.33
      74.125.228.38
      74.125.228.39
      74.125.228.41
      74.125.228.40
      74.125.228.46
      74.125.228.35
      74.125.228.36
      74.125.228.37
      74.125.228.32
 
 
Pinging google.com [74.125.228.32] with 32 bytes of data:
Reply from 74.125.228.32: bytes=32 time=37ms TTL=52
Reply from 74.125.228.32: bytes=32 time=40ms TTL=52
 
Ping statistics for 74.125.228.32:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 37ms, Maximum = 40ms, Average = 38ms
Server:  dlinkrouter.earthlink.net
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  206.190.36.45
      98.138.253.109
      98.139.183.24
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=284ms TTL=47
Reply from 98.139.183.24: bytes=32 time=223ms TTL=47
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 223ms, Maximum = 284ms, Average = 253ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...00 23 54 fd eb ef ......NVIDIA nForce 10/100 Mbps Ethernet 
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.151     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.151    276
    192.168.0.151  255.255.255.255         On-link     192.168.0.151    276
    192.168.0.255  255.255.255.255         On-link     192.168.0.151    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.151    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.151    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/02/2013 05:23:36 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (03/02/2013 05:23:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (03/02/2013 05:22:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/02/2013 05:22:36 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (03/02/2013 05:20:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/02/2013 02:12:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/02/2013 09:15:04 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/02/2013 09:15:00 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/02/2013 09:15:00 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/02/2013 09:14:58 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (03/02/2013 07:45:48 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
StarOpen
 
Error: (03/02/2013 07:43:09 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (03/02/2013 07:26:31 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004
 
Error: (03/02/2013 07:26:31 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004
 
Error: (03/02/2013 07:26:28 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
StarOpen
 
Error: (03/02/2013 07:26:28 AM) (Source: Service Control Manager) (User: )
Description: The Skype Updater service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/02/2013 07:24:33 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (03/02/2013 06:57:04 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004
 
Error: (03/02/2013 06:56:55 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
StarOpen
 
Error: (03/02/2013 06:54:39 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
 
Microsoft Office Sessions:
=========================
Error: (01/23/2013 06:08:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 215 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (09/21/2010 07:26:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 296 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (07/16/2010 10:38:06 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (07/14/2010 05:19:13 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (07/11/2010 10:27:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (07/05/2010 06:23:58 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (07/03/2010 02:29:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/15/2010 06:49:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/31/2010 11:40:55 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
=========================== Installed Programs ============================
 
 Update for Microsoft Office 2007 (KB2508958)
 
ABBYY FineReader 5.0 Sprint Plus (Version: 5.0.482.3431)
Acrobat.com (Version: 2.1.0)
Acrobat.com (Version: 2.1.0.0)
Acronis True Image Home 2012 (Version: 15.0.7119)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.3)
Adobe AIR (Version: 3.6.0.5970)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.171)
Adobe Flash Player 11 Plugin (Version: 11.6.602.171)
Adobe Reader X (10.1.6) (Version: 10.1.6)
aioprnt (Version: 5.3.1.0)
aioscnnr (Version: 6.2.3.10)
aioscnnr (Version: 7.3.4.0)
Android SDK Tools (Version: 1.16)
Any Video Converter 3.5.7
Any Video Converter 5 5.0.3
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 3.1.0.62)
Apple Software Update (Version: 2.1.3.127)
Auslogics Disk Defrag (Version: version 3.2)
avast! Free Antivirus (Version: 8.0.1482.0)
Bonjour (Version: 2.0.2.0)
Box Sync (64 bit) (Version: 3.3.51.0)
Byki (Version: 4.0)
Byki Deluxe
C4USelfUpdater (Version: 1.00.0000)
CardRecovery 5.30
CCleaner (Version: 3.26)
center (Version: 6.2.5.0)
Clash'N'Slash (Version: 1.0.0.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Core FTP LE 2.1
CramMaster
CramMaster (Version: 1.0)
CutePDF Writer 2.8
CyberLink DVD Suite Deluxe (Version: 7.0.2115)
D3DX10 (Version: 15.4.2368.0902)
Dashlane (Version: 1.7.5.28568)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904)
Dropbox (Version: 1.6.16)
DVD Decrypter (Remove Only)
DVD Menu Pack for HP MediaSmart Video (Version: 3.1.3224)
DVD Shrink 3.2
EaseUS Todo Backup Free 5.3 (Version: 5.3)
ESET Online Scanner v3
essentials (Version: 6.0.14.0)
FMS
Free Audio Converter version 5.0.17.822 (Version: 5.0.17.822)
Google Chrome (Version: 25.0.1364.97)
Google Drive (Version: 1.7.4018.3496)
Google Earth (Version: 6.0.1.2032)
Google Update Helper (Version: 1.3.21.135)
GoZone iSync (Version: 2.0.0)
Hardware Diagnostic Tools (Version: 6.0.5247.34)
HashCalc 2.02
HP Customer Experience Enhancements (Version: 6.0.1.3)
HP Games (Version: 1.0.0.71)
HP MediaSmart DVD (Version: 3.1.3317)
HP MediaSmart Music/Photo/Video (Version: 3.1.3601)
HP MediaSmart SmartMenu (Version: 3.1.0.1)
HP Odometer (Version: 2.10.0000)
HP Remote Solution (Version: 1.1.11.0)
HP Setup (Version: 1.2.3560.3170)
HP Support Assistant (Version: 4.4.6.3)
HP Support Information (Version: 10.1.0002)
HP Update (Version: 5.001.000.014)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
Hulu Desktop (Version: 0.9.14)
HWiNFO64 Version 4.06 (Version: 4.06)
ImgBurn (Version: 2.5.5.0)
ISO Recorder (Version: 3.1.0)
Java 7 Update 15 (Version: 7.0.150)
Java Auto Updater (Version: 2.1.9.0)
Junk Mail filter update (Version: 15.4.3502.0922)
Kaspersky Security Scan (Version: 12.0.1.117)
Kodak AIO Printer (Version: 7.0.3.0)
KODAK AiO Software (Version: 7.6.12.20)
LG United Mobile Driver (Version: 3.8.1)
magicJack (Version: 2.0.6073.4413)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Media Cope 2.0
Memeo Instant Backup (Version: 4.60.0.7946)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft 70-680 TS Windows 7, Configuring (Version: 1.0.0)
Microsoft 70-680 TS Windows 7, Configuring SE
Microsoft 70-680 TS Windows 7, Configuring SE (Version: 1.0)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Live Search Toolbar (Version: 3.0.566.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 19.0 (x86 en-GB) (Version: 19.0)
Mozilla Maintenance Service (Version: 19.0)
MSVC80_x64 (Version: 1.0.1.0)
MSVC80_x86 (Version: 1.0.1.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
NVIDIA Drivers (Version: 1.5)
ocr (Version: 6.2.3.50)
OneClickdigital Media Manager (Version: 61.0.0.0)
OverDrive Media Console (Version: 3.2.20)
Package: Google Nexus 7 ToolKit (Version: 1.0.0.0)
PC Wizard 2012.2.11
Philips SPC230NC Webcam (Version: 1.0.0.0)
PictureMover (Version: 3.3.1.19)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Power2Go (Version: 6.0.3304)
PreReq (Version: 6.2.4.0)
Quicken 2007 (Version: 16.1.1.27)
QuickTime (Version: 7.72.80.56)
RealDownloader (Version: 1.3.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6196)
RealUpgrade 1.1 (Version: 1.1.0)
Recovery Manager (Version: 5.5.2216)
RoboForm 7-8-6-5 (All Users) (Version: 7-8-6-5)
SAMSUNG Mobile USB Device (Version: 1.00.0000)
SAMSUNG USB Driver for Mobile Phones V5.16.0.0 (Version: 1.2.2200.0)
Sansa Updater
Seagate Dashboard (Version: 1.1.0.1548)
Secunia PSI (3.0.0.2004) (Version: 3.0.0.2004)
Skype™ 5.10 (Version: 5.10.116)
Speccy (Version: 1.18)
Spybot - Search & Destroy (Version: 1.6.2)
TaxACT 2010
TaxACT 2011 - 1040 Edition
TaxACT 2012 - 1040 Edition
TeamViewer 7 (Version: 7.0.14484)
TUGZip 3.5
UBCD4Win 3.60
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
VLC media player 2.0.4 (Version: 2.0.4)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Mobile Device Center (Version: 6.1.6965.0)
Windows XP Mode (Version: 1.3.7600.16423)
Xvid 1.2.2 final uninstall (Version: 1.2)
Yahoo! Messenger
Yahoo! Software Update
YTD Video Downloader 3.9.4
 
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 37%
Total physical RAM: 5887.24 MB
Available physical RAM: 3687.82 MB
Total Pagefile: 11772.66 MB
Available Pagefile: 9002.98 MB
Total Virtual: 4095.88 MB
Available Virtual: 3966.52 MB
 
========================= Partitions: =====================================
 
1 Drive c: (HP) (Fixed) (Total:842.37 GB) (Free:594.21 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.92 GB) (Free:0.03 GB) NTFS
4 Drive f: (Backup-2) (Fixed) (Total:78.12 GB) (Free:31.46 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\QUAD-PC
 
Administrator            Guest                    Quad                     
Quad-Share               
 
**** End of log ****
----------------------------------------------------------------------------------------------------------------------------------
         FSS.txt
Farbar Service Scanner Version: 20-02-2013
Ran by Quad (administrator) on 02-03-2013 at 18:52:29
Running from "C:\Users\Quad\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
**** End of log ****
--------------------------------------------------------------------------------------------------------------
 
AdwCleaner is being flagged by Avast as malicious, should I keep it, or dump it?


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:15 AM

Posted 02 March 2013 - 07:08 PM

AdwCleaner is being flagged by Avast as malicious, should I keep it, or dump it?

 

Disable Avast and download it



#11 DiverMike

DiverMike
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 02 March 2013 - 07:41 PM

     AdwCleaner:

 

# AdwCleaner v2.113 - Logfile created 03/02/2013 at 19:12:23
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Quad - QUAD-PC
# Boot Mode : Normal
# Running from : C:\Users\Quad\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\Users\Quad\AppData\Roaming\Mozilla\Firefox\Profiles\n7zgg293.default\searchplugins\WebSearch.xml
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\ProgramData\FreeRIP
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Users\Quad\AppData\Local\APN
Folder Deleted : C:\Users\Quad\AppData\Local\Conduit
Folder Deleted : C:\Users\Quad\AppData\Local\Coupon Companion Plugin
Folder Deleted : C:\Users\Quad\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Quad\AppData\Roaming\OpenCandy
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GreenTree Applications
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16464
 
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.pu-results.info/?pid=724&r=2013/02/28&hid=3826013372&lg=EN&cc=US --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.pu-results.info/?pid=724&r=2013/02/28&hid=3826013372&lg=EN&cc=US --> hxxp://www.google.com
 
-\\ Mozilla Firefox v19.0 (en-GB)
 
File : C:\Users\Quad\AppData\Roaming\Mozilla\Firefox\Profiles\n7zgg293.default\prefs.js
 
C:\Users\Quad\AppData\Roaming\Mozilla\Firefox\Profiles\n7zgg293.default\user.js ... Deleted !
 
Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.pu-results.info/?pid=724&r=2013/02/28&hid=3[...]
Deleted : user_pref("browser.search.order.1", "WebSearch");
Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationTime", 1359074238);
Deleted : user_pref("extensions.crossriderapp21804.21804.active", true);
Deleted : user_pref("extensions.crossriderapp21804.21804.addressbar", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.addressbarenhanced", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundjs", "\n\n//\n");
Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundver", 9);
Deleted : user_pref("extensions.crossriderapp21804.21804.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp21804.21804.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.value", "1359074238");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.value", "1359074238");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_arbitrary_code.expiration", "Fri Jan 25 2[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_arbitrary_code.value", "%22%28function%28[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.expiration", "Fri Jan 25 2013 1[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.value", "%22nonexistantdomain.c[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.expiration", "Thu Jan 31 201[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.value", "%22US%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.value", "1359152992");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.value", "%221359140002%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.value", "%7B%22source_id[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.value", "%221359062183%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.value", "%2214019%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.value", "1359074261464");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.value", "%221175%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.value", "%22135260%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.value", "1359074251924");
Deleted : user_pref("extensions.crossriderapp21804.21804.description", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp21804.21804.domain", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.group", 0);
Deleted : user_pref("extensions.crossriderapp21804.21804.homepage", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.iframe", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.value", "23");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.value", "1");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.expiration", "Fri Jan [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp21804.21804.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.name", "Coupon Companion Plugin");
Deleted : user_pref("extensions.crossriderapp21804.21804.newtab", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.opensearch", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.code", "Array.prototype.indexO[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.ver", 15);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.code", "var a=appAPI.db.getLis[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.ver", 11);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.code", "(function(f){var u={};var e[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.ver", 4);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.name", "CrossriderInfo");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_0", "4,14,78,16,64,47,72,100001[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_1", "17,14,78,13,16,15,64,4,1,2[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsversion", 20);
Deleted : user_pref("extensions.crossriderapp21804.21804.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp21804.21804.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp21804.21804.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.thankyou", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp21804.21804.ver", 23);
Deleted : user_pref("extensions.crossriderapp21804.apps", "21804");
Deleted : user_pref("extensions.crossriderapp21804.bic", "13c587c1ab74ae1aaff256efb9103282");
Deleted : user_pref("extensions.crossriderapp21804.cid", 21804);
Deleted : user_pref("extensions.crossriderapp21804.firstrun", false);
Deleted : user_pref("extensions.crossriderapp21804.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp21804.installationdate", 1359074237);
Deleted : user_pref("extensions.crossriderapp21804.lastcheck", 22652549);
Deleted : user_pref("extensions.crossriderapp21804.lastcheckitem", 22652555);
Deleted : user_pref("extensions.crossriderapp21804.modetype", "production");
Deleted : user_pref("extensions.crossriderapp21804.reportInstall", true);
Deleted : user_pref("keyword.URL", "hxxp://websearch.pu-results.info/?pid=724&r=2013/02/28&hid=3826013372&lg=E[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
 
-\\ Google Chrome v25.0.1364.97
 
File : C:\Users\Quad\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.40] : icon_url = "hxxp://websearch.pu-results.info/favicon.ico",
Deleted [l.43] : keyword = "websearch",
Deleted [l.46] : search_url = "hxxp://websearch.pu-results.info/?l=1&q={searchTerms}&pid=724&r=2013/02/28&hid=[...]
Deleted [l.47] : suggest_url = "hxxp://websearch.pu-results.info/?l=1&q={searchTerms}&pid=724&r=2013/02/28&hid[...]
 
*************************
 
AdwCleaner[S1].txt - [18759 octets] - [02/03/2013 19:12:23]
 
########## EOF - C:\AdwCleaner[S1].txt - [18820 octets] ##########
------------------------------------------------------------------------------------------------------------------------------------
     JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.6 (02.27.2013:1)
OS: Windows 7 Ultimate x64
Ran by Quad on Sat 03/02/2013 at 19:25:38.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} 
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] hkey_local_machine\software\systweak
 
~~~ Files
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
 
~~~ FireFox
 
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] C:\Users\Quad\AppData\Roaming\mozilla\firefox\profiles\n7zgg293.default\searchplugins\bing-zugo.xml
Successfully deleted the following from C:\Users\Quad\AppData\Roaming\mozilla\firefox\profiles\n7zgg293.default\prefs.js
 
user_pref("extensions.crossrider.bic", "13c587c1ab74ae1aaff256efb9103282");
user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !impor
user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.baidu.com.url", "^hxxp\\:\\/\\/www\\.baidu\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .listing .resultsLink + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-re
user_pref("extensions.wrc.SearchRules.excite.com.url", "^hxxp\\:\\/\\/msxml\\.excite\\.com\\/excite\\/ws\\/.+");
user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-r
Emptied folder: C:\Users\Quad\AppData\Roaming\mozilla\firefox\profiles\n7zgg293.default\minidumps [64 files]
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Quad\appdata\local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
 
~~~ Event Viewer Logs were cleared
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/02/2013 at 19:34:08.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------------------------------------------------------------------------------------------------------------------
     
      RKILL
Rkill 2.4.7 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 03/02/2013 07:39:27 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Users\Quad\AppData\Roaming\Dashlane\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Dashlane.exe (PID: 3944) [UP-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 03/02/2013 07:39:44 PM
Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)
 


#12 DiverMike

DiverMike
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 02 March 2013 - 07:45 PM

     And the Autoruns:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""

+ "BoxSyncHelper"    "Box Sync Helper Process"    "Box, Inc."    "c:\program files\box sync\boxsynchelper.exe"
+ "EKIJ5000StatusMonitor"    "Status Monitor for KODAK AiO Printer (64-Bit AMD Athlon™/Opteron™ Build)"    "Eastman Kodak Company"    "c:\windows\system32\spool\drivers\x64\3\ekij5000mui.exe"
X "lxbmmon.exe"    ""    ""    "File not found: C:\Program Files (x86)\Lexmark 4200 Series\lxbmmon.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "Adobe ARM"    "Adobe Reader and Acrobat Manager"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "avast"    "avast! Antivirus"    "AVAST Software"    "c:\program files\avast software\avast\avastui.exe"
+ "Conime"    ""    ""    "File not found: C:\Windows\system32\conime.exe"
+ "EKStatusMonitor"    "Status Monitor for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build)"    "Eastman Kodak Company"    "c:\program files (x86)\kodak\aio\statusmonitor\ekstatusmonitor.exe"
+ "Memeo Instant Backup"    "Memeo Backup Launcher"    "Memeo Inc."    "c:\program files (x86)\memeo\autobackup\memeolauncher2.exe"
+ "QuickTime Task"    "QuickTime Task"    "Apple Inc."    "c:\program files (x86)\quicktime\qttask.exe"
X "QuickTime Task"    "QuickTime Task"    "Apple Inc."    "c:\program files (x86)\quicktime\qttask.exe"
+ "Seagate Dashboard"    "Memeo Dashboard Launcher"    ""    "c:\program files (x86)\seagate\seagate dashboard\memeolauncher.exe"
+ "SunJavaUpdateSched"    "Java™ Update Scheduler"    "Sun Microsystems, Inc."    "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "TkBellExe"    "RealNetworks Scheduler"    "RealNetworks, Inc."    "c:\program files (x86)\real\realplayer\update\realsched.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"    ""    ""    ""
+ "Box Sync.lnk"    "Box Sync"    "Box, Inc."    "c:\program files\box sync\boxsync.exe"
"C:\Users\Quad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"    ""    ""    ""
+ "Dropbox.lnk"    "Dropbox"    "Dropbox, Inc."    "c:\users\quad\appdata\roaming\dropbox\bin\dropbox.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"    ""    ""    ""
X "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components"    ""    ""    ""
X "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "cdloader"    "magicJack (cdloader2)"    "magicJack L.P."    "c:\users\quad\appdata\roaming\mjusbsp\cdloader2.exe"
+ "Dashlane"    ""    ""    "c:\users\quad\appdata\roaming\dashlane\bin\firefox_extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\dashlane.exe"
+ "GoogleDriveSync"    "Google Drive"    "Google"    "c:\program files (x86)\google\drive\googledrivesync.exe"
+ "RoboForm"    "RoboForm TaskBar Icon"    "Siber Systems"    "c:\program files (x86)\siber systems\ai roboform\robotaskbaricon.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter"    ""    ""    ""
+ "text/xml"    "Microsoft Office XML MIME Filter"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
X "text/xml"    "Microsoft Office XML MIME Filter"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks"    ""    ""    ""
+ "Groove GFS Stub Execution Hook"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
X "Groove GFS Stub Execution Hook"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "DropboxExt"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\users\quad\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "Acronis True Image Shell Extensions"    "Acronis True Image Shell Extensions"    "Acronis"    "c:\program files (x86)\acronis\trueimagehome\tishell64.dll"
+ "avast"    "avast! Shell Extension"    "AVAST Software"    "c:\program files\avast software\avast\ashsha64.dll"
+ "SimpleShlExt"    "EaseUS Todo Backup Application"    "CHENGDU YIWO Tech Development Co.,Ltd"    "c:\program files (x86)\easeus\todo backup\bin\x64\imagesh.dll"
+ "VersionsPageShellExt"    "Versions Page"    "Acronis"    "c:\program files (x86)\acronis\trueimagehome\x64\versions_page.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "avast"    "avast! Shell Extension"    "AVAST Software"    "c:\program files\avast software\avast\ashshell.dll"
+ "TzShell"    "TUGZip shell extension."    ""    "c:\program files (x86)\tugzip\tzshell.dll"
+ "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
X "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers"    ""    ""    ""
+ "VersionsPageShellExt Class"    "Versions Page"    "Acronis"    "c:\program files (x86)\acronis\trueimagehome\x64\versions_page.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "00avast"    "avast! Shell Extension"    "AVAST Software"    "c:\program files\avast software\avast\ashsha64.dll"
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "00avast"    "avast! Shell Extension"    "AVAST Software"    "c:\program files\avast software\avast\ashshell.dll"
+ "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
X "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "DropboxExt"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\users\quad\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "SimpleShlExt"    "EaseUS Todo Backup Application"    "CHENGDU YIWO Tech Development Co.,Ltd"    "c:\program files (x86)\easeus\todo backup\bin\x64\imagesh.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
X "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "DropboxExt"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\users\quad\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files\windows sidebar\sbdrop.dll"
+ "NvCplDesktopContext"    ""    "NVIDIA Corporation"    "c:\windows\system32\nvshext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files (x86)\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
X "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers"    ""    ""    ""
+ "PDF Shell Extension"    "PDF Shell Extension"    "Adobe Systems, Inc."    "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "Acronis True Image Shell Extensions"    "Acronis True Image Shell Extensions"    "Acronis"    "c:\program files (x86)\acronis\trueimagehome\tishell64.dll"
+ "avast"    "avast! Shell Extension"    "AVAST Software"    "c:\program files\avast software\avast\ashsha64.dll"
+ "Create ISO Image from directory"    "ISO Recorder"    "Alex Feinman"    "c:\program files\alex feinman\iso recorder\isorecorder.dll"
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "VersionsPageShellExt"    "Versions Page"    "Acronis"    "c:\program files (x86)\acronis\trueimagehome\x64\versions_page.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "avast"    "avast! Shell Extension"    "AVAST Software"    "c:\program files\avast software\avast\ashshell.dll"
+ "TzShell"    "TUGZip shell extension."    ""    "c:\program files (x86)\tugzip\tzshell.dll"
+ "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
X "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers"    ""    ""    ""
+ "TzShell"    "TUGZip shell extension."    ""    "c:\program files (x86)\tugzip\tzshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\PropertySheetHandlers"    ""    ""    ""
+ "VersionsPageShellExt Class"    "Versions Page"    "Acronis"    "c:\program files (x86)\acronis\trueimagehome\x64\versions_page.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"    ""    ""    ""
+ "00avast"    "avast! Shell Extension"    "AVAST Software"    "c:\program files\avast software\avast\ashsha64.dll"
+ "Acronis True Image Shell Extensions"    "Acronis True Image Shell Extensions"    "Acronis"    "c:\program files (x86)\acronis\trueimagehome\tishell64.dll"
+ "Acronis True Image Shell Extensions"    "Acronis True Image Shell Extensions"    "Acronis"    "c:\program files (x86)\acronis\trueimagehome\tishell64.dll"
+ "Acronis True Image Shell Extensions"    "Acronis True Image Shell Extensions"    "Acronis"    "c:\program files (x86)\acronis\trueimagehome\tishell64.dll"
+ "DropboxExt1"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\users\quad\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
+ "DropboxExt2"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\users\quad\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
+ "DropboxExt3"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\users\quad\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
+ "DropboxExt4"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\users\quad\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
+ "GDriveBlacklistedOverlay"    "Google Drive shell extension"    "Google"    "c:\program files (x86)\google\drive\googledrivesync64.dll"
+ "GDriveSharedOverlay"    "Google Drive shell extension"    "Google"    "c:\program files (x86)\google\drive\googledrivesync64.dll"
+ "GDriveSyncedOverlay"    "Google Drive shell extension"    "Google"    "c:\program files (x86)\google\drive\googledrivesync64.dll"
+ "GDriveSyncingOverlay"    "Google Drive shell extension"    "Google"    "c:\program files (x86)\google\drive\googledrivesync64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"    ""    ""    ""
+ "DropboxExt1"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\users\quad\appdata\roaming\dropbox\bin\dropboxext.17.dll"
+ "DropboxExt2"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\users\quad\appdata\roaming\dropbox\bin\dropboxext.17.dll"
+ "DropboxExt3"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\users\quad\appdata\roaming\dropbox\bin\dropboxext.17.dll"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""
+ "avast! WebRep"    "avast! WebRep Plugin"    "AVAST Software"    "c:\program files\avast software\avast\aswwebrepie64.dll"
+ "RoboForm Toolbar Helper"    "RoboForm Main Module"    "Siber Systems Inc."    "c:\program files (x86)\siber systems\ai roboform\roboform-x64.dll"
+ "Windows Live ID Sign-in Helper"    "Microsoft® Windows Live ID Login Helper"    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""
+ "Adobe PDF Link Helper"    "Adobe PDF Helper for Internet Explorer"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "avast! WebRep"    "avast! WebRep Plugin"    "AVAST Software"    "c:\program files\avast software\avast\aswwebrepie.dll"
+ "Dashlane BHO"    "Dashlane Dll"    "Dashlane"    "c:\users\quad\appdata\roaming\dashlane\bin\dashlanei.dll"
+ "Groove GFS Browser Helper"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Java™ Plug-In 2 SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "Microsoft Live Search Toolbar Helper"    "MSN® Shell Extender"    "Microsoft Corp."    "c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll"
+ "RealNetworks Download and Record Plugin for Internet Explorer"    "RealPlayer Download and Record Plugin"    "RealDownloader"    "c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll"
+ "RoboForm Toolbar Helper"    "RoboForm Main Module"    "Siber Systems Inc."    "c:\program files (x86)\siber systems\ai roboform\roboform.dll"
+ "Windows Live ID Sign-in Helper"    "Microsoft® Windows Live ID Login Helper"    "Microsoft Corp."    "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
+ "Windows Live Messenger Companion Helper"    "Windows Live Messenger Companion Core"    "Microsoft Corporation"    "c:\program files (x86)\windows live\companion\companioncore.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar"    ""    ""    ""
+ "&RoboForm Toolbar"    "RoboForm Main Module"    "Siber Systems Inc."    "c:\program files (x86)\siber systems\ai roboform\roboform-x64.dll"
+ "avast! WebRep"    "avast! WebRep Plugin"    "AVAST Software"    "c:\program files\avast software\avast\aswwebrepie64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar"    ""    ""    ""
+ "&RoboForm Toolbar"    "RoboForm Main Module"    "Siber Systems Inc."    "c:\program files (x86)\siber systems\ai roboform\roboform.dll"
+ "avast! WebRep"    "avast! WebRep Plugin"    "AVAST Software"    "c:\program files\avast software\avast\aswwebrepie.dll"
+ "Dashlane Toolbar"    "Dashlane Toolbar"    "Dashlane"    "c:\users\quad\appdata\roaming\dashlane\bin\kwiebar.dll"
+ "Microsoft Live Search Toolbar"    "MSN® Shell Extender"    "Microsoft Corp."    "c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions"    ""    ""    ""
+ "Fill Forms"    "RoboForm Main Module"    "Siber Systems Inc."    "c:\program files (x86)\siber systems\ai roboform\roboform-x64.dll"
+ "Password Generator"    "RoboForm Main Module"    "Siber Systems Inc."    "c:\program files (x86)\siber systems\ai roboform\roboform-x64.dll"
+ "Save Forms"    "RoboForm Main Module"    "Siber Systems Inc."    "c:\program files (x86)\siber systems\ai roboform\roboform-x64.dll"
+ "Show RoboForm Toolbar"    "RoboForm Main Module"    "Siber Systems Inc."    "c:\program files (x86)\siber systems\ai roboform\roboform-x64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions"    ""    ""    ""
+ "&Blog This in Windows Live Writer"    "Windows Live Writer Blog This Extension"    "Microsoft Corporation"    "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "Dashlane Button"    "Dashlane Dll"    "Dashlane"    "c:\users\quad\appdata\roaming\dashlane\bin\dashlanei.dll"
+ "Fill Forms"    "RoboForm Main Module"    "Siber Systems Inc."    "c:\program files (x86)\siber systems\ai roboform\roboform.dll"
+ "Messenger Companion (Ctrl+Shift+C)"    "Windows Live Messenger Companion Core"    "Microsoft Corporation"    "c:\program files (x86)\windows live\companion\companioncore.dll"
+ "Password Generator"    "RoboForm Main Module"    "Siber Systems Inc."    "c:\program files (x86)\siber systems\ai roboform\roboform.dll"
+ "S&end to OneNote"    "Microsoft Office OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\onbttnie.dll"
+ "Save Forms"    "RoboForm Main Module"    "Siber Systems Inc."    "c:\program files (x86)\siber systems\ai roboform\roboform.dll"
+ "Show RoboForm Toolbar"    "RoboForm Main Module"    "Siber Systems Inc."    "c:\program files (x86)\siber systems\ai roboform\roboform.dll"
"Task Scheduler"    ""    ""    ""
+ "\CCleanerSkipUAC"    "CCleaner"    "Piriform Ltd"    "c:\program files (x86)\ccleaner\ccleaner.exe"
X "\CLMLSvc"    "CyberLink MediaLibray Service"    "CyberLink"    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe"
X "\DVDAgent"    ""    ""    "File not found: c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
X "\ExtendedServicePlan"    "ESAdvRemIntegrator"    ""    "c:\program files (x86)\hewlett-packard\hp setup\remengine.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-1618201085-775815729-2340261751-1000Core"    "Google Installer"    "Google Inc."    "c:\users\quad\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-1618201085-775815729-2340261751-1000UA"    "Google Installer"    "Google Inc."    "c:\users\quad\appdata\local\google\update\googleupdate.exe"
+ "\HPCeeScheduleForQuad"    "HP Ceement"    "Hewlett-Packard"    "c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe"
+ "\Installation App Launcher"    ""    ""    "File not found: C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe -register"
+ "\Microsoft\Windows Defender\MP Scheduled Scan"    "Microsoft Malware Protection Command Line Utility"    "Microsoft Corporation"    "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task"    "Windows Live Social Object Extractor Engine"    "Microsoft Corporation"    "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo"    ""    ""    "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary"    "Windows Media Player Network Sharing Service Configuration Application"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnscfg.exe"
X "\PCDRScheduledMaintenance"    "Hardware Diagnostic Tools"    "PC-Doctor, Inc."    "c:\program files\pc-doctor for windows\pcdrcui.exe"
X "\PCDRScheduledMaintenance-Delay"    "Hardware Diagnostic Tools"    "PC-Doctor, Inc."    "c:\program files\pc-doctor for windows\pcdrcui.exe"
+ "\RealDownloaderDownloaderScheduledTaskS-1-5-21-1618201085-775815729-2340261751-1000"    "RealDownloader"    "RealNetworks, Inc."    "c:\program files (x86)\realnetworks\realdownloader\recordingmanager.exe"
+ "\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1618201085-775815729-2340261751-1000"    "RealUpgrade Launcher"    "RealNetworks, Inc."    "c:\program files (x86)\realnetworks\realdownloader\realupgrade.exe"
+ "\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1618201085-775815729-2340261751-1000"    "RealUpgrade Launcher"    "RealNetworks, Inc."    "c:\program files (x86)\realnetworks\realdownloader\realupgrade.exe"
+ "\RealPlayerRealUpgradeLogonTaskS-1-5-21-1618201085-775815729-2340261751-1000"    "RealUpgrade Launcher"    "RealNetworks, Inc."    "c:\program files (x86)\real\realupgrade\realupgrade.exe"
+ "\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1618201085-775815729-2340261751-1000"    "RealUpgrade Launcher"    "RealNetworks, Inc."    "c:\program files (x86)\real\realupgrade\realupgrade.exe"
X "\RealUpgradeLogonTaskS-1-5-21-1618201085-775815729-2340261751-1000"    "RealUpgrade Launcher"    "RealNetworks, Inc."    "c:\program files (x86)\real\realupgrade\realupgrade.exe"
X "\RealUpgradeScheduledTaskS-1-5-21-1618201085-775815729-2340261751-1000"    "RealUpgrade Launcher"    "RealNetworks, Inc."    "c:\program files (x86)\real\realupgrade\realupgrade.exe"
+ "\Run RoboForm Process"    "RoboForm TaskBar Icon"    "Siber Systems"    "c:\program files (x86)\siber systems\ai roboform\robotaskbaricon.exe"
+ "\Run RoboForm TaskBar Icon"    "RoboForm TaskBar Icon"    "Siber Systems"    "c:\program files (x86)\siber systems\ai roboform\robotaskbaricon.exe"
X "\ServicePlan"    "ESAdvRemIntegrator"    ""    "c:\program files (x86)\hewlett-packard\hp setup\remengine.exe"
+ "\SidebarExecute"    "Windows Desktop Gadgets"    "Microsoft Corporation"    "c:\program files\windows sidebar\sidebar.exe"
X "\{029F0DA7-ED3A-4FD7-B157-A1E3C4E7B39C}"    ""    ""    "File not found: C:\Users\Quad\Desktop\Lotus\INSTALL.EXE"
X "\{110392C6-7816-4536-A755-4091CB14A6F0}"    ""    ""    "File not found: E:\INSTALL.EXE"
X "\{1B770371-3368-46BD-A10C-BDF0AA8A8789}"    ""    ""    "File not found: C:\Users\Quad\Desktop\Lotus\INSTALL.EXE"
X "\{2C44206E-BE40-493F-A569-569E308DDB90}"    ""    ""    "File not found: C:\Users\Quad\Desktop\20070813082717640_Samsung_USB_Driver_Installer.exe"
X "\{33CEC5E9-0C93-461B-B4FA-6D0F8EC2EF5F}"    ""    ""    "File not found: C:\Users\Quad\Desktop\20070813082717640_Samsung_USB_Driver_Installer.exe"
X "\{69EE712F-40B4-48A7-95FE-7F6A62CFECC1}"    ""    ""    "File not found: C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe"
X "\{7AB6F7AE-5CCE-432B-A820-D69A0D8F512E}"    ""    ""    "File not found: C:\Users\Quad\Desktop\Lotus\INSTALL.EXE"
+ "\{81B7BABB-E2EC-4D82-A034-6588A9BF6400}"    ""    ""    "File not found: C:\Users\Quad\Desktop\zpwinconsole108\SETUP.EXE"
X "\{9AAD470A-595F-4E92-B601-5D674754B535}"    ""    ""    "File not found: C:\Users\Quad\Desktop\Lotus\INSTALL.EXE"
+ "\{A1A471B1-3C47-4C24-B9B3-DE78AD623BC3}"    ""    ""    "File not found: E:\INSTALL.EXE"
X "\{C0CE9F1D-9820-49FB-A479-A8B94CE8CA1A}"    ""    ""    "File not found: E:\INSTALL.EXE"
X "\{F29BCB35-4D5D-4FAD-87E0-493582006916}"    ""    ""    "File not found: E:\INSTALL.EXE"
X "\{F3A704B1-AB3B-4F07-A27D-A247896668CE}"    ""    ""    "File not found: C:\Users\Quad\Desktop\Lotus\INSTALL.EXE"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "AcrSch2Svc"    "Provides scheduling for Acronis components' tasks."    "Acronis"    "c:\program files (x86)\common files\acronis\schedule2\schedul2.exe"
+ "AdobeARMservice"    "Adobe Acrobat Updater keeps your Adobe software up to date."    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc"    "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes."    "Adobe Systems Incorporated"    "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "afcdpsrv"    "Provides nonstop backup for partitions of the computer."    "Acronis"    "c:\program files (x86)\common files\acronis\cdp\afcdpsrv.exe"
+ "avast! Antivirus"    "Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler."    "AVAST Software"    "c:\program files\avast software\avast\avastsvc.exe"
+ "EaseUS Agent"    "Provides service to backup files and image disks."    "CHENGDU YIWO Tech Development Co., Ltd"    "c:\program files (x86)\easeus\todo backup\bin\agent.exe"
+ "fsssvc"    "This service enables Family Safety on the computer. If this service is not running, Family Safety will not work."    "Microsoft Corporation"    "c:\program files (x86)\windows live\family safety\fsssvc.exe"
+ "Guard Agent"    "Monitor EaseUS Todo Backup agent."    "CHENGDU YIWO Tech Development Co., Ltd"    "c:\program files (x86)\easeus\todo backup\bin\guardagent.exe"
+ "Kodak AiO Network Discovery Service"    "Kodak mDNS Network Discovery Service"    "Eastman Kodak Company"    "c:\program files (x86)\kodak\aio\center\ekaiohostservice.exe"
+ "Kodak AiO Status Monitor Service"    "Kodak Status Monitor SDK Service"    "Eastman Kodak Company"    "c:\program files (x86)\kodak\aio\statusmonitor\ekprintersdk.exe"
+ "KSS"    "Scans computer for viruses and vulnerabilities."    "Kaspersky Lab ZAO"    "c:\program files (x86)\kaspersky lab\kaspersky security scan 2.0\kss.exe"
+ "MemeoBackgroundService"    "Manages background tasks for Memeo applications."    "Memeo"    "c:\program files (x86)\memeo\autobackup\memeobackgroundservice.exe"
+ "Microsoft Office Groove Audit Service"    "Groove Audit Service"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveauditservice.exe"
+ "MozillaMaintenance"    "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled."    "Mozilla Foundation"    "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "odserv"    "Run portions of Microsoft Office Diagnostics."    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose"    "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "RealNetworks Downloader Resolver Service"    "Manage different Downloader versions in RealNetworks' products."    ""    "c:\program files (x86)\realnetworks\realdownloader\rndlresolversvc.exe"
+ "SBSDWSCService"    "Spybot-S&D Security Center integration"    "Safer Networking Ltd."    "c:\program files (x86)\spybot - search & destroy\sdwinsec.exe"
+ "SeagateDashboardService"    "Dashboard for Memeo applications"    "Memeo"    "c:\program files (x86)\seagate\seagate dashboard\seagatedashboardservice.exe"
+ "Secunia PSI Agent"    "Performs routine software inspections of the system, the results of which can be seen in your Secunia PSI"    "Secunia"    "c:\program files (x86)\secunia\psi\psia.exe"
+ "Secunia Update Agent"    "Performs routine updates of selected software on the system, the results of which can be seen in your Secunia PSI"    "Secunia"    "c:\program files (x86)\secunia\psi\sua.exe"
+ "SkypeUpdate"    "Enables the detection, download and installation of updates for Skype."    "Skype Technologies"    "c:\program files (x86)\skype\updater\updater.exe"
+ "syncagentsrv"    "Acronis Sync Agent Service"    "Acronis"    "c:\program files (x86)\common files\acronis\syncagent\syncagentsrv.exe"
+ "TeamViewer7"    "TeamViewer Remote Software"    "TeamViewer GmbH"    "c:\program files (x86)\teamviewer\version7\teamviewer_service.exe"
+ "WinDefend"    "Protection against spyware and potentially unwanted software"    "Microsoft Corporation"    "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc"    "Enables Windows Live ID authentication."    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc"    "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "adp94xx"    "Adaptec Windows SAS/SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci"    "Adaptec Windows SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320"    "Adaptec StorPort Ultra320 SCSI Driver (X64)"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpu320.sys"
+ "afcdp"    "Acronis File Level CDP Helper"    "Acronis"    "c:\windows\system32\drivers\afcdp.sys"
+ "aliide"    "ALi mini IDE Driver"    "Acer Laboratories Inc."    "c:\windows\system32\drivers\aliide.sys"
+ "amdsata"    "AHCI 1.2 Device Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs"    "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform"    "AMD Technologies Inc."    "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata"    "Storage Filter Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdxata.sys"
+ "andnetadb"    "ADB Interface"    "Google Inc"    "c:\windows\system32\drivers\lgandnetadb.sys"
+ "AndNetDiag"    "LGE AndroidNet USB Serial Port"    "LG Electronics Inc."    "c:\windows\system32\drivers\lgandnetdiag64.sys"
+ "ANDNetModem"    "LGE AndroidNet Mobile Support"    "LG Electronics Inc."    "c:\windows\system32\drivers\lgandnetmodem64.sys"
+ "andnetndis"    "LGE AndroidNet USB NDIS Miniport Driver"    "LG Electronics Inc."    "c:\windows\system32\drivers\lgandnetndis64.sys"
+ "androidusb"    "ADB Interface"    "Google Inc"    "c:\windows\system32\drivers\ssadadb.sys"
+ "arc"    "Adaptec RAID Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arc.sys"
+ "arcsas"    "Adaptec SAS RAID WS03 Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arcsas.sys"
+ "aswFsBlk"    "avast! mini-filter driver (aswFsBlk)"    "AVAST Software"    "c:\windows\system32\drivers\aswfsblk.sys"
+ "aswMonFlt"    "avast! mini-filter driver (aswMonFlt)"    "AVAST Software"    "c:\windows\system32\drivers\aswmonflt.sys"
+ "aswRdr"    "avast! WFP Redirect driver"    "AVAST Software"    "c:\windows\system32\drivers\aswrdr2.sys"
+ "aswRvrt"    "avast! Revert"    ""    "c:\windows\system32\drivers\aswrvrt.sys"
+ "aswSnx"    "avast! virtualization driver (aswSnx)"    "AVAST Software"    "c:\windows\system32\drivers\aswsnx.sys"
+ "aswSP"    "avast! Self Protection"    "AVAST Software"    "c:\windows\system32\drivers\aswsp.sys"
+ "aswTdi"    "avast! Network Shield TDI driver"    "AVAST Software"    "c:\windows\system32\drivers\aswtdi.sys"
+ "aswVmm"    "avast! VM Monitor"    ""    "c:\windows\system32\drivers\aswvmm.sys"
+ "b06bdrv"    "Broadcom NetXtreme II GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a"    "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver."    "Broadcom Corporation"    "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo"    "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp"    "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid"    "Brotehr Serial I/F Driver (WDM)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm"    "Brother Serial driver (WDM version)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm"    "Brother USB MDM Driver "    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer"    "Brother USB Serial Driver"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide"    "CMD PCI IDE Bus Driver"    "CMD Technology, Inc."    "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv"    "Broadcom NetXtreme II 10 GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\evbda.sys"
+ "elxstor"    "Storport Miniport Driver for LightPulse HBAs"    "Emulex"    "c:\windows\system32\drivers\elxstor.sys"
+ "EUBAKUP"    "Disk Backup Driver"    "CHENGDU YIWO Tech Development Co., Ltd"    "c:\windows\system32\drivers\eubakup.sys"
+ "EUBKMON"    ""    ""    "c:\windows\system32\drivers\eubkmon.sys"
+ "EUDSKACS"    "Disk Access Driver"    "CHENGDU YIWO Tech Development Co., Ltd"    "c:\windows\system32\drivers\eudskacs.sys"
+ "EUFDDISK"    "Disk Backup Image Preview Driver"    "CHENGDU YIWO Tech Development Co., Ltd"    "c:\windows\system32\drivers\eufddisk.sys"
+ "fltsrv"    "Acronis Storage Filter Management Driver"    "Acronis"    "c:\windows\system32\drivers\fltsrv.sys"
+ "hcw85cir"    "Hauppauge WinTV 885 Consumer IR Driver for eHome"    "Hauppauge Computer Works, Inc."    "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD"    "Smart Array SAS/SATA Controller Media Driver"    "Hewlett-Packard Company"    "c:\windows\system32\drivers\hpsamd.sys"
+ "HWiNFO32"    "HWiNFO AMD64 Kernel Driver"    "REALiX™"    "c:\windows\system32\drivers\hwinfo64a.sys"
+ "iaStorV"    "Intel Matrix Storage Manager driver - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp"    "Intel/ICP Raid Storport Driver"    "Intel Corp./ICP vortex GmbH"    "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService"    "Realtek® High Definition Audio Function Driver"    "Realtek Semiconductor Corp."    "c:\windows\system32\drivers\rtkvhd64.sys"
+ "LSI_FC"    "LSI Fusion-MPT FC Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS"    "LSI Fusion-MPT SAS Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2"    "LSI SAS Gen2 Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI"    "LSI Fusion-MPT SCSI Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas"    "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64"    "LSI Corporation"    "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR"    "LSI MegaRAID Software RAID Driver"    "LSI Corporation, Inc."    "c:\windows\system32\drivers\megasr.sys"
+ "nfrd960"    "IBM ServeRAID Controller Driver"    "IBM Corporation"    "c:\windows\system32\drivers\nfrd960.sys"
+ "nvlddmkm"    "NVIDIA Windows Kernel Mode Driver, Version 186.40 "    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvlddmkm.sys"
+ "NVNET"    "NVIDIA MCP Networking Function Driver."    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvmf6264.sys"
+ "nvraid"    "NVIDIA® nForce™ RAID Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvraid.sys"
+ "nvsmu"    "NVIDIA nForce™ SMU Microcontroller Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvsmu.sys"
+ "nvstor"    "NVIDIA® nForce™ Sata Performance Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvstor.sys"
+ "nvstor64"    "NVIDIA® nForce™ Sata Performance Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvstor64.sys"
+ "PAEAFLT.sys"    "Filter Driver"    "PixArt Imaging Incorporation"    "c:\windows\system32\drivers\paeaflt.sys"
+ "pccsmcfd"    ""    ""    "File not found: system32\DRIVERS\pccsmcfdx64.sys"
+ "PSI"    "PSI mini-filter driver"    "Secunia"    "c:\windows\system32\drivers\psi_mf.sys"
+ "PSSDK42"    "PSSDK Driver Protocol v4.2 64bit"    "microOLAP Technologies LTD"    "c:\windows\system32\drivers\pssdk42.sys"
+ "ql2300"    "QLogic Fibre Channel Stor Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx"    "QLogic iSCSI Storport Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql40xx.sys"
+ "secdrv"    "Macrovision SECURITY Driver"    "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."    "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2"    "SiS RAID Stor Miniport Driver"    "Silicon Integrated Systems Corp."    "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4"    "SiS AHCI Stor-Miniport Driver"    "Silicon Integrated Systems"    "c:\windows\system32\drivers\sisraid4.sys"
+ "smhwdev"    "USB Modem/Serial Device Driver"    "Huawei Technologies Co., Ltd."    "c:\windows\system32\drivers\smhwdev.sys"
+ "smhwser"    "USB Modem/Serial Device Driver"    "QUALCOMM Incorporated"    "c:\windows\system32\drivers\smhwser.sys"
+ "snapman"    "Acronis Snapshot API"    "Acronis"    "c:\windows\system32\drivers\snapman.sys"
+ "SPC230NC"    "SPC230NC"    "PixArt Imaging Inc."    "c:\windows\system32\drivers\spc230nc.sys"
+ "ss_bus"    "SAMSUNG Mobile USB Device 1.0 Driver"    "MCCI Corporation"    "c:\windows\system32\drivers\ss_bus.sys"
+ "ss_mdfl"    "SAMSUNG Mobile USB Modem 1.0 Filter"    "MCCI Corporation"    "c:\windows\system32\drivers\ss_mdfl.sys"
+ "ss_mdm"    "SAMSUNG Mobile USB Modem 1.0 Drivers"    "MCCI Corporation"    "c:\windows\system32\drivers\ss_mdm.sys"
+ "ssadbus"    "SAMSUNG Android USB Composite Device Driver"    "MCCI Corporation"    "c:\windows\system32\drivers\ssadbus.sys"
+ "ssadmdfl"    "SAMSUNG Android USB Modem (Filter)"    "MCCI Corporation"    "c:\windows\system32\drivers\ssadmdfl.sys"
+ "ssadmdm"    "SAMSUNG Android USB Modem Drivers"    "MCCI Corporation"    "c:\windows\system32\drivers\ssadmdm.sys"
+ "ssadserd"    "SAMSUNG Android USB Diagnostic Serial Port (WDM)"    "MCCI Corporation"    "c:\windows\system32\drivers\ssadserd.sys"
+ "sscdbus"    "SAMSUNG USB Composite Device Driver"    "MCCI Corporation"    "c:\windows\system32\drivers\sscdbus.sys"
+ "sscdmdfl"    "SAMSUNG Mobile Modem Filter"    "MCCI Corporation"    "c:\windows\system32\drivers\sscdmdfl.sys"
+ "sscdmdm"    "SAMSUNG Mobile Modem Drivers"    "MCCI Corporation"    "c:\windows\system32\drivers\sscdmdm.sys"
+ "StarOpen"    ""    ""    "File not found: C:\Windows\System32\Drivers\StarOpen.sys"
+ "stexstor"    "Promise  SuperTrak EX Series Driver for Windows "    "Promise Technology"    "c:\windows\system32\drivers\stexstor.sys"
+ "Synth3dVsc"    ""    ""    "File not found: System32\drivers\synth3dvsc.sys"
+ "tdrpman"    "Acronis Try&Decide Volume Filter Driver"    "Acronis"    "c:\windows\system32\drivers\tdrpman.sys"
+ "TFsExDisk"    "TFsExDisk"    "Teruten Inc"    "c:\windows\system32\drivers\tfsexdisk.sys"
+ "timounter"    "Acronis Backup Archive Explorer"    "Acronis"    "c:\windows\system32\drivers\timntr.sys"
+ "tsusbhub"    "@%SystemRoot%\system32\drivers\tsusbhub.sys,-2"    ""    "File not found: system32\drivers\tsusbhub.sys"
+ "USBAAPL64"    "Apple Mobile Device USB Driver"    "Apple, Inc."    "c:\windows\system32\drivers\usbaapl64.sys"
+ "UsbFltr"    "Ortek USB Keypad Driver"    "Waytech Development, Inc."    "c:\windows\system32\drivers\usbfltr.sys"
+ "VGPU"    ""    ""    "File not found: System32\drivers\rdvgkmd.sys"
+ "viaide"    "VIA Generic PCI IDE Bus Driver"    "VIA Technologies, Inc."    "c:\windows\system32\drivers\viaide.sys"
+ "vididr"    "Virtual Disk Driver Service"    "Acronis"    "c:\windows\system32\drivers\vididr.sys"
+ "vidsflt67"    "Acronis Virtual Disk Storage Filter"    "Acronis"    "c:\windows\system32\drivers\vsflt67.sys"
+ "vsmraid"    "VIA RAID DRIVER FOR AMD-X86-64"    "VIA Technologies Inc.,Ltd"    "c:\windows\system32\drivers\vsmraid.sys"
+ "WDC_SAM"    "Manages WD external storage products."    "Western Digital Technologies"    "c:\windows\system32\drivers\wdcsam64.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\syswow64\l3codeca.acm"
+ "msacm.l3codecp"    "MPEG Audio Layer-3 Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\syswow64\l3codecp.acm"
+ "vidc.cvid"    "Cinepak® Codec"    "Radius Inc."    "c:\windows\syswow64\iccvid.dll"
+ "vidc.XVID"    ""    ""    "c:\windows\syswow64\xvidvfw.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""
+ "MS PR Source Filter"    "PlayReady DirectShow Source Filter DLL"    "Microsoft Corporation"    "c:\program files\playready\prsource.dll"
+ "PlayReady DMO Wrapper"    "PlayReady DirectShow DMO Wrapper Filter DLL"    "Microsoft Corporation"    "c:\program files\playready\prdmowrapper.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""
+ "Audio Destination"    "WAVDest Filter (Sample)"    "Microsoft Corporation"    "c:\program files (x86)\google\google earth\client\wavdest.ax"
+ "Capture File Writer"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "CL Dvb Subtitle Decoder"    "CLDvbSub"    "CyberLink_DE"    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrdvbsub.ax"
+ "CL_EVRWindow"    "CLEvr"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrevr.dll"
+ "CyberLink Audio Decoder (HP)"    "CyberLink Audio Decoder Filter"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\media\dvd\kernel\movie\claud.ax"
+ "CyberLink Audio Decoder (HP)"    "CyberLink Audio Decoder Filter"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\video\claud.ax"
+ "CyberLink Audio Effect"    "CyberLink Audio Effect Filter"    "CyberLink Corporation"    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmraudfx.ax"
+ "CyberLink Audio Effect (HP)"    "CyberLink Audio Effect Filter"    "CyberLink Corporation"    "c:\program files (x86)\hewlett-packard\media\dvd\kernel\movie\claudfx.ax"
+ "CyberLink Audio Noise Reduction"    "CLAuNR"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmraunrwrapper.ax"
+ "CyberLink Audio Noise Reduction"    "CLAuNR"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gaunrwrapper.ax"
+ "CyberLink Audio Resampler"    "CLAuRsmpl.ax"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gaursmpl.ax"
+ "CyberLink Audio Spectrum Analyzer (HP)"    "CLAudSpa.ax"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\video\claudspa.ax"
+ "CyberLink Audio VolumeBooster"    "CyberLink Audio Volume Booster Filter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gvb.ax"
+ "CyberLink AudioCD Filter"    "CyberLink AudioCD Filter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gaudiocd.ax"
+ "CyberLink AudioCD Filter (HP)"    "CyberLink AudioCD Filter"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\video\claudiocd.ax"
+ "CyberLink Demultiplexer"    "MPEG-2 Dempltiplexer"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrdemuxer.ax"
+ "CyberLink Demultiplexer (HP)"    "MPEG-2 Dempltiplexer"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\video\cldemuxer.ax"
+ "Cyberlink Dump Dispatch Filter"    "Cyberlink File Dump Dispatch Filter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gdumpdispatch.ax"
+ "Cyberlink Dump Filter"    "Cyberlink File Dump Filter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gdump.ax"
+ "CyberLink DVD Navigator (HP)"    "CyberLink DVD Navigation Filter"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\video\clnavx.ax"
+ "CyberLink DVD Navigator (HP)"    "CyberLink DVD Navigation Filter"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\media\dvd\kernel\movie\clnavx.ax"
+ "CyberLink Editing Service 3.0 (Source)"    "CES Kernel"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gedtkrn.dll"
+ "CyberLink EPG Decoder"    "EPGDec"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrepgdec.ax"
+ "CyberLink File Map Sink"    "CyberLink File Map Sink"    "Cyberlink Corporation."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrfmsnk.ax"
+ "CyberLink File Map Source"    "CyberLink File Map Source"    "CyberLink File Map Source"    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrfmsrc.ax"
+ "Cyberlink File Reader (Async.)"    "Cyberlink MPEG File Reader"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2greader.ax"
+ "CyberLink Line21 Decoder Filter (HP)"    "CyberLink Line21 Decoder Filter"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\media\dvd\kernel\movie\clline21.ax"
+ "CyberLink Line21 Decoder Filter (HP)"    "CyberLink Line21 Decoder Filter"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\video\clline21.ax"
+ "CyberLink Load Image Filter"    "CLImage"    "CyberLink"    "c:\program files (x86)\cyberlink\shared files\climage.ax"
+ "CyberLink M2V Writer"    "CLM2VWriter"    "CyberLink"    "c:\program files (x86)\cyberlink\power2go\p2gm2vwriter.ax"
+ "CyberLink MP3 Wrapper-PCM"    "CyberLink MP3 Wrapper"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrmp3wrap.ax"
+ "CyberLink MP3/WAV Wrapper"    "CyberLink MP3 Wrapper"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gmp3wrap.ax"
+ "CyberLink MPEG Decoder"    "CyberLink Video/SP Filter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gmvd.ax"
+ "CyberLink MPEG Muxer"    "MpgMux"    "CyberLink"    "c:\program files (x86)\cyberlink\power2go\p2gmpgmux.ax"
+ "CyberLink MPEG Splitter"    "CyberLink MPEG Splitter"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\video\clsplter.ax"
+ "CyberLink MPEG Video Encoder"    "CyberLink MPEG Video Encoder                               "    "CyberLink Corp.                                            "    "c:\program files (x86)\cyberlink\power2go\p2gvidenc.ax"
+ "CyberLink MPEG Video Encoder"    "CyberLink MPEG Video Encoder                               "    "CyberLink Corp.                                            "    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrmpgvenc.ax"
+ "CyberLink MPEG-1 Splitter"    "CyberLink MPEG Splitter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gm1spliter.ax"
+ "CyberLink MPEG-2 Splitter"    "CyberLink MPEG Splitter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gm2spliter.ax"
+ "CyberLink MPEGV Analyzer"    "CLMPEGAnalysis"    "CyberLink"    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrmpegvanalyzer.ax"
+ "CyberLink PCM Wrapper"    "CyberLink PCM Wrapper"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gpcmenc.ax"
+ "CyberLink Pipe Switch"    "CyberLink Pipe Switch"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrpipswch.ax"
+ "CyberLink PTS Regulator"    "CyberLink PTS Regulator "    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmptsreg.ax"
+ "CyberLink SBE Filter"    "CLSBE"    "CyberLink"    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrsbe.ax"
+ "CyberLink SBE Source Filter"    "CLSBESrc"    "CyberLink"    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrsbesrc.ax"
+ "Cyberlink SubTitle Importor (HP)"    "CLSubTitle.ax"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\video\clsubtitle.ax"
+ "Cyberlink SubTitle(HP)"    "CLSubTitle.ax"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\media\dvd\kernel\movie\clsubtitle.ax"
+ "CyberLink Teletext Decoder Filter"    "Teletext Renderer Filter"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrttxdec.ax"
+ "CyberLink TimeStretch Filter"    "CLAuTS.ax"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrauts.ax"
+ "CyberLink TimeStretch Filter (CES)"    "CLAuTS.ax"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gauts.ax"
+ "CyberLink TimeStretch Filter (HP)"    "CLAuTS.ax"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\video\clauts.ax"
+ "CyberLink TL MPEG Splitter"    "CyberLink MPEG Splitter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gtlmsplter.ax"
+ "Cyberlink TS Filter Filter"    "TSFF"    "Cyberlink"    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrtsff.ax"
+ "Cyberlink TS Information"    "CLTSInfo"    "Cyberlink"    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrtsinfo.ax"
+ "CyberLink Tzan Filter (HP)"    "Cyberlink Tzan Filter"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\media\dvd\kernel\movie\cltzan.ax"
+ "CyberLink Video Effect"    "CLVidFx"    "CyberLink"    "c:\program files (x86)\cyberlink\power2go\p2gvidfx.ax"
+ "CyberLink Video Effect (HP)"    "CLVidFx"    "CyberLink"    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\video\clvidfx.ax"
+ "CyberLink Video Regulator"    "CLRGL"    "Cyberlink"    "c:\program files (x86)\cyberlink\power2go\p2grgl.ax"
+ "CyberLink Video Stabilizer"    "CLVideoDeShaking"    "CyberLink"    "c:\program files (x86)\cyberlink\power2go\p2gvideostabilizer.ax"
+ "CyberLink Video/SP Decoder (HP)"    "CyberLink Video/SP Filter"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\video\clvsd.ax"
+ "CyberLink Video/SP Decoder (HP)"    "CyberLink Video/SP Filter"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\media\dvd\kernel\movie\clvsd.ax"
+ "CyberLink Volume Meter"    "CLVolumeMeter"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\hpvolumemeter.ax"
+ "CyberLink WMV Dumper(HP)"    "CLWMVDum Dynamic Link Library"    ""    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmwmvdump.ax"
+ "MSDVD Audio Wizard (HP)"    "CyberLink Audio Wizard Filter"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\media\dvd\kernel\movie\claudwizard.ax"
+ "P2G Audio Decoder"    "CyberLink Audio Decoder Filter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gaud.ax"
+ "P2G Audio Encoder"    "CyberLink Audio Encoder Filter"    "Cyberlink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gaudenc.ax"
+ "P2G Video Decoder"    "CyberLink Video/SP Filter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gvsd.ax"
+ "P2G Video Regulator"    "CyberLink Video Regulator"    "CyberLink"    "c:\program files (x86)\cyberlink\power2go\p2gresample.ax"
+ "PCM Audio Decoder"    "CyberLink Audio Decoder Filter"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmraud.ax"
+ "PCM Audio Encoder"    "CyberLink Audio Encoder Filter"    "Cyberlink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmraudenc.ax"
+ "PCM Audio Resampler"    "CLAuRsmpl.ax"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmraursmpl.ax"
+ "PCM Dump Filter"    "Cyberlink File Dump Filter"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrdump.ax"
+ "PCM MPEG Muxer"    "MpgMux"    "CyberLink"    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrmpgmux.ax"
+ "PCM MPEG Splitter"    "PCM MPEG Splitter"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrm2splter.ax"
+ "PCM MPEG Video Encoder"    "CyberLink MPEG Video Encoder                               "    "CyberLink Corp.                                            "    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrmpgvenc2.ax"
+ "PCM RTP Source Filter"    "RTP Source Filter"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrrtpsrc.ax"
+ "PCM SnapShotTIP Filter"    "CLSShot"    "CyberLink"    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrsshot.ax"
+ "PCM Video Effect"    "CLVidFx"    "CyberLink"    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrvidfx.ax"
+ "PCM Video Regulator"    "CyberLink Video Regulator"    "CyberLink"    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrresample.ax"
+ "PCM Video/SP Decoder"    "CyberLink Video/SP Filter"    "CyberLink Corp."    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrvsd.ax"
+ "RealPlayer Audio Filter"    "Audio Filter Plugin"    "RealNetworks, Inc."    "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "RealPlayer Mp3 Transform Filter"    "Audio Filter Plugin"    "RealNetworks, Inc."    "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "RealPlayer MPEG4 Transform Filter"    "Audio Filter Plugin"    "RealNetworks, Inc."    "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter"    "Audio Filter Plugin"    "RealNetworks, Inc."    "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter"    "Audio Filter Plugin"    "RealNetworks, Inc."    "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "Record Queue"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Time Regulator"    "TimeRegulator"    "cyberlink"    "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmravi_audtr.ax"
+ "WM VIH2 Fix"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Xvid MPEG-4 Video Decoder"    ""    ""    "c:\windows\syswow64\xvid.ax"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers"    ""    ""    ""
+ "WLIDCredentialProvider"    "Microsoft® Windows Live ID Credential Provider"    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries"    ""    ""    ""
+ "mdnsNSP"    "Bonjour Namespace Provider"    "Apple Inc."    "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corp."    "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corp."    "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64"    ""    ""    ""
+ "mdnsNSP"    "Bonjour Namespace Provider"    "Apple Inc."    "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors"    ""    ""    ""
+ "4200 Series Port"    "Printer Communication System"    " "    "c:\windows\system32\lxbmlmpm.dll"
+ "CutePDF Writer Monitor"    ""    ""    "c:\windows\system32\cpwmon64.dll"
+ "Fax Lexmark 5600-6600 Series Port"    ""    ""    "c:\windows\system32\lxdupmon.dll"
+ "KODAK EASYSHARE All-in-One Printer"    "Language Monitor for KODAK AiO Printer (64-Bit AMD Athlon™/Opteron™ Build)"    "Eastman Kodak Company"    "c:\windows\system32\ekij5000mon.dll"
+ "PCL hpz3lwn7"    "LanguageMonitor"    "Hewlett-Packard Company"    "c:\windows\system32\hpz3lwn7.dll"
+ "SUGO3 Langmon"    "Language Monitor for Status Monitor"    ""    "c:\windows\system32\sugo3l6.dll"


#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:15 AM

Posted 02 March 2013 - 07:47 PM

Restart the PC and let me know if you have any more issues



#14 DiverMike

DiverMike
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 02 March 2013 - 08:13 PM

All 3 browsers back to normal :bananas: :bananas: :bananas: :bananas: :bananas: .  Thank you very very much.  Now it's time to scan my backed up data.. and after going through all this, Time to record the programs I still use and reload this PC, hasn't been reloaded since I got it in 2010 :>).

 

Again, thank you for all your help narexp.



#15 DiverMike

DiverMike
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 02 March 2013 - 08:14 PM

My apologies, just caught that I had your name incorrect, narenxp. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users