Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow computer, IE closes unexpectedly, no viruses found with scans performed


  • Please log in to reply
26 replies to this topic

#1 Sunshine8

Sunshine8

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 04 March 2013 - 03:47 PM

Hello,

I have been having difficulty for awhile (months). My computer started running slow and I was getting pop up ads. About 5 months ago the pop ups stopped (a friend deleted some program he found) but other symptoms persisted. I will note some details on my system, what is happening and what I have tried doing. Let me preface this by saying I am essentially a novice. I use my computer daily but have little understanding of the inner workings of such things which is why I selected Bleeping Computer to come to for help because all of the forum posts I read were so helpful. I have searched through many of the forums for symptoms similar to mine but none seem to match quite right.

I have a Lenovo computer, AMD Athlon Processor 1640B  2.70GHz, 2.00 GB RAM, 32-bit operating system, running Windows Vista Home Premium Copyright 2007.

 

Symptoms: Overall slow operations. Both online and even within my own programs like opening a file or searching documents. I do run a few things simultaneously but I didn't think it was a lot. I will typically have 2 or 3 internet explorer tabs open, one or two with email and a third for searching online with google etc. I may also have one or two word or excel documents open. I don't play games or use photoshop type of programs, just basic websites and simple files. Often when I click to open a Microsoft Word (or Excel)document Word will open but I will get an error message and the document itself won't open. This is easily remedied by clicking on the file again, but it doesn't seem normal. This does not happen every time and I apologize but I didn't write down the exact error message last time and I can't get it to happen right now. I will make note of it next time it happens. Recently, any and all internet explorer tabs that are open will freeze up and/or close unexpectedly. I can open again but disrupts work and causes delays. CPU usage varies greatly and may spike from 25% to 80's or 90's or even 100%, this can happen when I don't even have anything running except a single ie tab and task manager itself.

I have tried running Norton spyware and virus scans (multiple times, never any results). I have panned through the processes running on task manager as well as going through entire list of programs to see if I could find anything 'odd' but with my beginner knowledge I don't know what I am looking for.

 

I am thinking perhaps I have some sort of virus, though if I do it doesn't seem agressive just irksome. I also thought perhaps I just need more memory (but I couldn't figure out how this would relate to the Word doc error or shutting down of explorer.)

I don't really know what this information means but I will include info from my task manager performance tab should my issue be memory related:

Physical memory (MB) Total: 2046, Cached: 841, Free: 21 (this last number fluctuates)

Kernel Memory (MB) Total: 345, Paged: 280, Nonpaged: 64

System: Handles: 53478, Threads: 1336, Processes: 127, Up Time: 106:30:10, Page File: 3048M/4331M

Processes: 127, CPU usage: spiking from 7% to 100% during the time I am typing this, Physical Memory: 72%

 

I know this is wordy but I am trying to include all information that might be useful.

Thank you to anyone who took the time to read through this and I'll look forward to hearing from anyone who may have some helpful information.

Cheers!

 



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:30 AM

Posted 04 March 2013 - 09:36 PM

    

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters




  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now




  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue




  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.



  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.



  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results

 



#3 Sunshine8

Sunshine8
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 06 March 2013 - 01:39 PM

Hello narenxp. First, thank you for your time.
 
 
I have done the three things you directed me to do. I tried to copy the TDSSKiller log file (there were actually 2 in the file) but it was so long the post was rejected. Instead I just included the last few lines which seemed to indicate all was well. The aswMBR file is also copied in here but I could not open the MBR.dat file and when I tried to use an online download to open it I ended up with a bunch of things that kept rerouting my default search engine... it was called FreFileViewer... and I uninstalled it right away. I will try to find a way to open and post this info to you. Finally, there is the ESET log at the end. It detected 46 threats (after 14 hours of scanning), all related to the Win32/Toolbar/MyWebSearch application which I discovered was malicious upon researching it and seems to be in line with what my problems are.
 
I know this is only part of the information you requested. I will try to post the TDSSKiller log in a subsequent post (s).
However, since the ESET one is the one that showed the threats was that part successful? Did ESET remove those threats? My computer is still slow and the problem with opening Microsoft files is still occuring.
 
Thank you
Sunshine8
 
TDSSKiller log, last 7 lines09:55:51.0334 4828  C:\Windows\System32\wsqmcons.exe - ok
09:55:51.0350 4828  ============================================================
09:55:51.0350 4828  Scan finished
09:55:51.0350 4828  ============================================================
09:55:51.0365 3828  Detected object count: 0
09:55:51.0365 3828  Actual detected object count: 0
09:57:09.0521 5064  Deinitialize success

 
aswMBR file
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-05 10:05:48
-----------------------------
10:05:48.456 OS Version: Windows 6.0.6002 Service Pack 2
10:05:48.456 Number of processors: 1 586 0x7F02
10:05:48.456 ComputerName: PARKER1 UserName: groom
10:06:46.645 Initialize success
10:09:35.703 AVAST engine defs: 13030500
10:09:41.023 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:09:41.038 Disk 0 Vendor: ST3250310AS 4.CCB Size: 238475MB BusType: 3
10:09:41.069 Disk 0 MBR read successfully
10:09:41.085 Disk 0 MBR scan
10:09:41.101 Disk 0 unknown MBR code
10:09:41.101 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048
10:09:41.225 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 226972 MB offset 3074048
10:09:41.303 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 467914752
10:09:41.366 Disk 0 scanning sectors +488394752
10:09:41.584 Disk 0 scanning C:\Windows\system32\drivers
10:10:40.786 Service scanning
10:11:34.045 Service MpKsl2b138405 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F75F0FF0-D48A-4477-BC5A-B1251174E0AE}\MpKsl2b138405.sys **LOCKED** 32
10:13:02.451 Modules scanning
10:13:19.954 Disk 0 trace - called modules:
10:13:20.001 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS amdide.sys PCIIDEX.SYS atapi.sys
10:13:20.016 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85df7ac8]
10:13:20.048 3 CLASSPNP.SYS[889ab8b3] -> nt!IofCallDriver -> [0x8568a918]
10:13:20.063 5 acpi.sys[806236bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85676030]
10:13:20.937 AVAST engine scan C:\Windows
10:13:39.205 AVAST engine scan C:\Windows\system32
10:25:45.471 AVAST engine scan C:\Windows\system32\drivers
10:27:00.626 AVAST engine scan C:\Users\groom
10:38:48.193 Disk 0 MBR has been saved successfully to "C:\Users\groom\Documents\MBR.dat"
10:38:48.271 The log file has been saved successfully to "C:\Users\groom\Documents\aswMBR.txt"
 
ESET log
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL a variant of Win32/FunWeb.AA application cleaned by deleting - quarantined
C:\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\F3CJPEG.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\F3DTACTL.DLL Win32/FunWeb application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\F3HISTSW.DLL Win32/FunWeb application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\F3HKSTUB.DLL Win32/Toolbar.MyWebSearch.G application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\F3HTTPCT.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\F3IMSTUB.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL Win32/FunWeb application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\F3PSSAVR.SCR Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\F3REGHK.DLL Win32/Toolbar.MyWebSearch.G application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL Win32/Toolbar.MyWebSearch.D application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\F3RESTUB.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\F3SCHMON.EXE Win32/FunWeb application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\F3SCRCTR.DLL Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL Win32/FunWeb application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\M3AUXSTB.DLL Win32/Toolbar.MyWebSearch.H application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\M3DLGHK.DLL a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\M3HTML.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\M3IDLE.DLL Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\M3IMPIPE.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\M3MSG.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\M3OUTLCN.DLL Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\M3SKIN.DLL Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\M3SKPLAY.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\M3SLSRCH.EXE Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\M3TPINST.DLL a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL a variant of Win32/Toolbar.MyWebSearch.K application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\MWSMLBTN.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\MWSSVC.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\MWSUABTN.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\14EIPlug.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\14EZSETP.dll Win32/Toolbar.MyWebSearch.Q application cleaned by deleting - quarantined
C:\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISb.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Users\groom\AppData\LocalLow\MyWebSearch\bar\setups\mwsautSp.exe a variant of Win32/Toolbar.MyWebSearch.K application cleaned by deleting - quarantined
C:\Windows\Installer\149699be.msi a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
C:\Windows\System32\f3PSSavr.scr Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined


#4 Sunshine8

Sunshine8
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 06 March 2013 - 03:14 PM

Hello again,

More issues have just recently occured.

The first is that everytime I try to click on a link from an email or open up multiple email folders (which I could do with my gmail) I get the following error  "The instruction at 0x76a1fc16 references memory at 0x00000000. The memory could not be read. Click OK to terminate the program."  This happens almost every time I try to open internet explorer. It may be happening because of something I did when I uninstalled that FreeFileViewer noted in previous post. They had also put "Yahoo" as my default browser and I deleted it... but maybe I deleted something else too.

 

I also just got a threat warning from my Norton security system that if found "W32.Qakbot" in my email. It deleted it. Is this linked to the "Win32"  virus family I have on my computer? If so it seems very coincidental to the fact that I just ran these scans that detected it.

 

Thanks

Sunshine8



#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:30 AM

Posted 06 March 2013 - 08:07 PM

Malwarebytes

--------------------

Please download and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.  You can also right click on the link and select Save Link As

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this .
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download [url="http://download.sysinternals.com/files/Autoruns.zip"%5D%5Bb%5D%5Bcolor="#0000FF"]AutoRuns[/color][/b][/url] and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log


 



#6 Sunshine8

Sunshine8
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 07 March 2013 - 03:36 PM

Here are the logs you requested. I should tell you that after I ran the AdwCleaner scan my computer asked me to restart. I did and the log came up. But as soon as I tried to copy the log text and place it in a doc file to save everything locked up. The 'thinking' icon just kept going on and on. I restarted manually, same thing. After a few restarts (and long waits to make sure I wasn't just being impatient) my computer asked me to Launch Startup Repair, which I did. Still there were lock ups. Then next time I restarted in Safe mode. so Junkware, Rkill and Autoruns were all run while computer in safe mode. I don't know if this matters or not (knowing my luck it probably does).

Thanks

And cheers!

Sunshine*

 

Malwarebytes log – run 3-7-2013

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

 

Database version: v2013.03.07.10

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

groom :: PARKER1 [administrator]

 

Protection: Enabled

 

3/7/2013 9:12:31 AM

mbam-log-2013-03-07 (09-12-31).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 230718

Time elapsed: 29 minute(s), 43 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 10

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.

HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.

HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.

 

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000344&p=RGxdm006YYUS&si=&a=pWaLzvFCmjUrK7qTdwAodg&n=2010042117 -> Quarantined and deleted successfully.

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

MiniToolBox log – run 3-7-2013

MiniToolBox by Farbar  Version:05-03-2013

Ran by groom (administrator) on 07-03-2013 at 09:58:16

Running from "C:\Users\groom\Downloads"

Windows Vista ™ Home Premium Service Pack 2 (X86)

Boot Mode: Normal

***************************************************************************

 

========================= Flush DNS: ===================================

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========================= IE Proxy Settings: ==============================

 

Proxy is not enabled.

No Proxy Server is set.

 

"Reset IE Proxy Settings": IE Proxy Settings were reset.

 

========================= FF Proxy Settings: ==============================

 

"network.proxy.no_proxies_on", "*.local"

"network.proxy.type", 0

 

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

 

========================= Hosts content: =================================

 

::1             localhost

 

127.0.0.1       localhost

 

========================= IP Configuration: ================================

 

Marvell Yukon 88E8070 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected)

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global icmpredirects=enabled

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : parker1

   Primary Dns Suffix  . . . . . . . :

   Node Type . . . . . . . . . . . . : Broadcast

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

 

Ethernet adapter Local Area Connection:

 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Marvell Yukon 88E8070 PCI-E Gigabit Ethernet Controller

   Physical Address. . . . . . . . . : 00-1F-D0-4B-53-0D

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2602:30b:826b:28d9:8576:b8c8:d44b:b5a3(Preferred)

   Temporary IPv6 Address. . . . . . : 2602:30b:826b:28d9:4d18:7a0:8cb1:c99a(Preferred)

   Link-local IPv6 Address . . . . . : fe80::8576:b8c8:d44b:b5a3%12(Preferred)

   IPv4 Address. . . . . . . . . . . : 192.168.1.134(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Wednesday, March 06, 2013 2:40:52 PM

   Lease Expires . . . . . . . . . . : Friday, March 08, 2013 8:07:48 AM

   Default Gateway . . . . . . . . . : fe80::22e5:2aff:fe84:eeee%12

                                       192.168.1.254

   DHCP Server . . . . . . . . . . . : 192.168.1.254

   DHCPv6 IAID . . . . . . . . . . . : 251666384

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-37-78-FC-00-1F-D0-4B-53-0D

   DNS Servers . . . . . . . . . . . : 192.168.1.254

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Tunnel adapter Local Area Connection* 6:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 02-00-54-55-4E-01

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 7:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : 6TO4 Adapter

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 11:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : isatap.{71A400D6-4E1D-4AEC-92CF-818D67F6DFA3}

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

Server:  dslrouter

Address:  192.168.1.254

 

Name:    google.com

Addresses:  2607:f8b0:4002:c01::65

                          74.125.137.100

                          74.125.137.101

                          74.125.137.102

                          74.125.137.113

                          74.125.137.138

                          74.125.137.139

 

 

 

Pinging google.com [2607:f8b0:4002:c01::65] from 2602:30b:826b:28d9:4d18:7a0:8cb1:c99a with 32 bytes of data:

 

Reply from 2607:f8b0:4002:c01::65: time=24ms

 

Reply from 2607:f8b0:4002:c01::65: time=23ms

 

 

 

Ping statistics for 2607:f8b0:4002:c01::65:

 

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

 

Approximate round trip times in milli-seconds:

 

    Minimum = 23ms, Maximum = 24ms, Average = 23ms

 

Server:  dslrouter

Address:  192.168.1.254

 

Name:    yahoo.com

Addresses:  98.139.183.24

                          206.190.36.45

                          98.138.253.109

 

 

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

 

Reply from 206.190.36.45: bytes=32 time=176ms TTL=47

 

Reply from 206.190.36.45: bytes=32 time=160ms TTL=47

 

 

 

Ping statistics for 206.190.36.45:

 

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

 

Approximate round trip times in milli-seconds:

 

    Minimum = 160ms, Maximum = 176ms, Average = 168ms

 

 

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time=75ms TTL=128

 

Reply from 127.0.0.1: bytes=32 time=16ms TTL=128

 

 

 

Ping statistics for 127.0.0.1:

 

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

 

Approximate round trip times in milli-seconds:

 

    Minimum = 16ms, Maximum = 75ms, Average = 45ms

 

===========================================================================

Interface List

 12 ...00 1f d0 4b 53 0d ...... Marvell Yukon 88E8070 PCI-E Gigabit Ethernet Controller

  1 ........................... Software Loopback Interface 1

 11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface

 10 ...00 00 00 00 00 00 00 e0  6TO4 Adapter

 13 ...00 00 00 00 00 00 00 e0  isatap.{71A400D6-4E1D-4AEC-92CF-818D67F6DFA3}

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.134     20

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

      192.168.1.0    255.255.255.0         On-link     192.168.1.134    276

    192.168.1.134  255.255.255.255         On-link     192.168.1.134    276

    192.168.1.255  255.255.255.255         On-link     192.168.1.134    276

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link     192.168.1.134    276

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link     192.168.1.134    276

===========================================================================

Persistent Routes:

  None

 

IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

 12    276 ::/0                     fe80::22e5:2aff:fe84:eeee

  1    306 ::1/128                  On-link

 12     28 2602:30b:826b:28d9::/64  On-link

 12    276 2602:30b:826b:28d9:4d18:7a0:8cb1:c99a/128

                                    On-link

 12    276 2602:30b:826b:28d9:8576:b8c8:d44b:b5a3/128

                                    On-link

 12    276 fe80::/64                On-link

 12    276 fe80::8576:b8c8:d44b:b5a3/128

                                    On-link

  1    306 ff00::/8                 On-link

 12    276 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

========================= Winsock entries =====================================

 

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)

Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)

Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)

Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)

Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)

Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)

Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (03/06/2013 02:41:47 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/06/2013 09:13:22 AM) (Source: Microsoft-Windows-CAPI2) (User: )

Description:

Details:

AddCoreCsiFiles : GetNextFileMapContent() failed.

 

System Error:

Arithmetic result exceeded 32 bits.

 

Error: (03/06/2013 09:13:19 AM) (Source: Microsoft-Windows-CAPI2) (User: )

Description:

Details:

AddCoreCsiFiles : GetNextFileMapContent() failed.

 

System Error:

Arithmetic result exceeded 32 bits.

 

Error: (03/05/2013 10:53:32 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/05/2013 09:45:36 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/05/2013 06:01:06 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 16240

 

Error: (03/05/2013 06:01:06 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 16240

 

Error: (03/05/2013 06:01:06 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (03/05/2013 06:01:05 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 15054

 

Error: (03/05/2013 06:01:05 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 15054

 

 

System errors:

=============

Error: (03/07/2013 09:40:28 AM) (Source: disk) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (03/07/2013 09:40:24 AM) (Source: disk) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (03/07/2013 09:40:19 AM) (Source: disk) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (03/07/2013 09:40:15 AM) (Source: disk) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (03/07/2013 09:40:07 AM) (Source: disk) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (03/07/2013 09:40:02 AM) (Source: disk) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (03/07/2013 09:39:58 AM) (Source: disk) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (03/07/2013 09:39:53 AM) (Source: disk) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (03/07/2013 09:39:49 AM) (Source: disk) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (03/07/2013 09:39:44 AM) (Source: disk) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

 

Microsoft Office Sessions:

=========================

Error: (12/12/2012 03:34:58 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 74301 seconds with 2100 seconds of active time.  This session ended with a crash.

 

Error: (08/21/2012 06:36:52 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (08/09/2012 07:31:26 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (07/30/2012 04:03:30 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (07/25/2012 00:36:14 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 18 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (06/25/2012 04:08:53 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 895 seconds with 420 seconds of active time.  This session ended with a crash.

 

Error: (05/21/2012 10:56:00 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6654 seconds with 3060 seconds of active time.  This session ended with a crash.

 

Error: (11/03/2011 03:52:23 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1197 seconds with 720 seconds of active time.  This session ended with a crash.

 

Error: (06/24/2010 02:17:52 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30480 seconds with 0 seconds of active time.  This session ended with a crash.

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-03-07 09:29:17.689

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-03-07 09:29:16.160

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-03-07 09:29:14.541

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-03-07 09:29:12.804

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-03-07 09:29:11.283

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-03-07 09:29:09.778

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-03-07 09:29:03.617

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-03-07 09:29:01.954

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-03-07 09:29:00.120

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-03-07 09:28:58.416

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

 

=========================== Installed Programs ============================

 

 Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office system (Version: 12.0.6612.1000)

32 Bit HP CIO Components Installer (Version: 7.1.8)

7500_7600_7700_Help (Version: 1.00.0000)

8500A909_eDocs (Version: 1.00.0000)

8500A909_Help (Version: 1.00.0000)

8500A909g (Version: 50.0.165.000)

Access Help (Version: 2.00)

Acrobat.com (Version: 2.0.0)

Acrobat.com (Version: 2.0.0.0)

Adobe AIR (Version: 2.7.0.19480)

Adobe Flash Player 10 Plugin (Version: 10.0.12.36)

Adobe Flash Player 11 ActiveX (Version: 11.6.602.171)

Adobe Reader X (10.1.4) (Version: 10.1.4)

AnswerWorks 5.0 English Runtime (Version: 5.0.7)

Apple Application Support (Version: 2.3.3)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (Version: 2.1.3.127)

ArcSoft Magic-i Visual Effects 2 (Version: 2.0.11.80)

ArcSoft WebCam Companion 3 (Version: 3.0.8.265)

AT&T Internet Security Wizard 1.5.11 (Version: 1.5.11)

AT&T Self Support Tool

AT&T Toolbar

ATI Catalyst Install Manager (Version: 3.0.699.0)

Avery Template (Version: 2.0.0.0)

Bonjour (Version: 3.0.0.10)

BPD_DSWizards (Version: 1.00.0000)

BPD_HPSU (Version: 1.00.0000)

bpd_scan (Version: 3.00.0000)

BPD_Scan (Version: 3.00.0000)

BPDSoftware (Version: 50.0.165.000)

BPDSoftware (Version: 82.0.173.000)

BPDSoftware_Ini (Version: 1.00.0000)

BufferChm (Version: 120.0.194.000)

Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)

Cartwheel Shopping (Version: 1.2.0.1667)

CCleaner (Version: 3.27)

Client Security - Password Manager (Version: 8.20.0023.00)

CustomerResearchQFolder (Version: 1.00.0000)

D3DX10 (Version: 15.4.2368.0902)

Destinations (Version: 82.0.173.000)

DeviceManagementQFolder (Version: 1.00.0000)

DirectXInstallService (Version: 9.0.2)

DocMgr (Version: 120.0.000.000)

DocProc (Version: 12.0.0.0)

DocProcQFolder (Version: 1.00.0000)

Drag-to-Disc (Version: 9.05)

ESET Online Scanner v3

eSupportQFolder (Version: 1.00.0000)

e-tax 2008

e-tax 2009 (Version: 1.0.0.0)

e-tax 2010 (Version: 1.0.682)

Fast Free Converter (Version: 3.0)

Fax (Version: 82.0.188.000)

File Type Assistant (Version: 2012.11.29)

Free_online_games Toolbar (Version: 6.8.6.0)

GetSavin (Version: 1.1362577818)

Google Chrome (Version: 25.0.1364.152)

Google Earth (Version: 6.1.0.5001)

Google Toolbar for Internet Explorer (Version: 1.0.0)

Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)

Google Update Helper (Version: 1.3.21.135)

Google Updater (Version: 2.4.1591.6512)

Help Center (Version: 2.00h)

HP Button Manager (Version: 3.2)

HP Customer Participation Program 8.0 (Version: 8.0)

HP Document Manager 2.0 (Version: 2.0)

HP Imaging Device Functions 8.0 (Version: 8.0)

HP OCR Software 8.0 (Version: 8.0)

HP Officejet Pro All-In-One Series (Version: 1.0)

HP Photosmart Essential (Version: 1.12.0.46)

HP Product Assistant (Version: 100.000.001.000)

HP Smart Web Printing (Version: 4.05)

HP Solution Center 8.0 (Version: 8.0)

HP Update (Version: 5.003.001.001)

HP Webcam User's Guide

HPDiagnosticAlert (Version: 1.00.0000)

HPProductAssistant (Version: 82.0.173.000)

HPSSupply (Version: 2.1.3.0000)

iCloud (Version: 2.1.1.3)

Image Transfer

InterVideo Register Manager (Version: 1.0.4.0)

InterVideo WinDVD (Version: 5.0-B11.1268)

Intuit SiteBuilder

iTunes (Version: 11.0.2.26)

Java 7 Update 15 (Version: 7.0.150)

Java Auto Updater (Version: 2.1.9.0)

Java™ 6 Update 11 (Version: 6.0.110)

Java™ 6 Update 7 (Version: 1.6.0.70)

JavaFX 2.1.1 (Version: 2.1.1)

Junk Mail filter update (Version: 15.4.3502.0922)

L7500 (Version: 50.0.165.000)

Lenovo Registration

Lenovo System Toolbox (Version: 5.1.5032.29)

Lenovo Welcome v1.0.24.3

Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)

MarketResearch (Version: 82.0.174.000)

McAfee Security Scan Plus (Version: 2.1.121.2)

Message Center (Version: 2.01d)

Message Center Plus (Version: 2.0.0012.00)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Easy Assist v2 (Version: 8.1.6416.0)

Microsoft Office 2003 Web Components (Version: 11.0.8173.0)

Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)

Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)

Microsoft Office Suite Activation Assistant (Version: 2.9)

Microsoft Office Ultimate 2007 (Version: 12.0.6612.1000)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Search Enhancement Pack (Version: 3.0.133.0)

Microsoft Security Client (Version: 4.2.0223.1)

Microsoft Security Essentials (Version: 4.2.223.1)

Microsoft Silverlight (Version: 4.1.10329.0)

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)

Microsoft SQL Server Native Client (Version: 9.00.5000.00)

Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)

Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual J# 2.0 Redistributable Package

Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727)

MicroStaff WINASPI

Mouse Suite

MPM (Version: 1.00.0000)

MSVCRT (Version: 15.4.2862.0708)

MSVCSetup (Version: 1.00.0000)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

My Web Search

Network (Version: 120.0.194.000)

Norton Bootable Recovery Tool Wizard (Version: 5.0.0.90)

Norton Internet Security (Version: 19.9.1.14)

NVIDIA Drivers

Officejet Pro 8500 A909 Series (Version: 12.0)

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)

Personal Ancestral File 5

Product Recovery Disc Burning Utility (Version: 1.0.0028.00)

ProductContext (Version: 50.0.165.000)

Productivity Center Supplement for ThinkCentre (Version: 2.11b)

Quicken 2010 (Version: 19.1.3.19)

QuickTime (Version: 7.73.80.64)

Qwiklinx (Version: 1.4.0.1560)

Realtek High Definition Audio Driver

Registry patch to improve USB device detection on resume from sleep for Windows Vista (Version: 1.01.0000)

Rescue and Recovery (Version: 4.21.0014.00)

ROBLOX Player for groom

Roxio Activation Module (Version: 1.0)

Roxio Central Audio (Version: 3.7.0)

Roxio Central Copy (Version: 3.7.0)

Roxio Central Core (Version: 3.7.0)

Roxio Central Data (Version: 3.7.0)

Roxio Central Tools (Version: 3.7.0)

Roxio Creator Business Edition (Version: 10.1)

Roxio Creator Business Edition (Version: 10.1.177)

Roxio Express Labeler 3 (Version: 3.2.1)

Safari (Version: 5.34.57.2)

Scan (Version: 12.0.0.0)

Segoe UI (Version: 15.4.2271.0615)

Skype Click to Call (Version: 5.9.9216)

Skype™ 5.10 (Version: 5.10.116)

SmartWebPrinting (Version: 120.0.194.000)

SolutionCenter (Version: 82.0.188.000)

Sonic CinePlayer Decoder Pack (Version: 4.3.0)

Sonic Icons for Lenovo (Version: 2.0.0)

Splashtop Streamer (Version: 2.0.0.4)

Spyware Doctor 6.0 (Version: 6.0)

Status (Version: 82.0.173.000)

System Update (Version: 3.14.0020)

ThinkVantage Power Manager (Version: 2.31)

ThinkVantage Productivity Center (Version: 2.21)

ThinkVantage Status Gadget (Version: 1.1.0028)

ThinkVantage Technologies Welcome Message (Version: 1.20)

Toolbox (Version: 120.0.194.000)

Toolbox (Version: 82.0.173.000)

TrayApp (Version: 82.0.188.000)

Tumblebugs (Version: 32.0.0.0)

UnloadSupport (Version: 11.0.0)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Wallpapers

WebEx

WebReg (Version: 120.0.194.000)

Windows Driver Package - Marvell (yukonwlh) Net  (04/29/2008 10.60.6.3) (Version: 04/29/2008 10.60.6.3)

Windows Driver Package - NVIDIA (nvlddmkm) Display  (04/03/2008 7.15.11.7490) (Version: 04/03/2008 7.15.11.7490)

Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/27/2008 6.0.1.5653) (Version: 06/27/2008 6.0.1.5653)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3555.0308)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Messenger (Version: 15.4.3538.0513)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live Sync (Version: 14.0.8064.206)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

Yahoo! Software Update

Yahoo! Toolbar

 

========================= Devices: ================================

 

Name: Microsoft PS/2 Mouse

Description: Microsoft PS/2 Mouse

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: i8042prt

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

 

========================= Memory info: ===================================

 

Percentage of memory in use: 65%

Total physical RAM: 2046.45 MB

Available physical RAM: 707.93 MB

Total Pagefile: 4331.4 MB

Available Pagefile: 2164.03 MB

Total Virtual: 2047.88 MB

Available Virtual: 1957.28 MB

 

========================= Partitions: =====================================

 

1 Drive c: (SW_Preload) (Fixed) (Total:221.65 GB) (Free:18.73 GB) NTFS

4 Drive q: (Lenovo) (Fixed) (Total:9.77 GB) (Free:2.86 GB) NTFS

5 Drive s: (SERVICEV003) (Fixed) (Total:1.46 GB) (Free:0.39 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\PARKER1

 

Administrator            groom                    Guest                   

 

 

**** End of log ****

 

FSS Scan log – run 3-7-2013

Farbar Service Scanner Version: 03-03-2013

Ran by groom (administrator) on 07-03-2013 at 10:13:01

Running from "C:\Users\groom\Downloads"

Windows Vista ™ Home Premium Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Attempt to access Yahoo.com returned error: Yahoo.com is offline

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Security Center:

============

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy:

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is OK.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

 

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys

[2013-02-13 08:13] - [2013-01-04 05:28] - 0914792 ____A (Microsoft Corporation) 3535CD93F944C00F098E73E12EE7FEB6

 

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\ipnathlp.dll => MD5 is legit

C:\Windows\system32\iphlpsvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

 

AdwCleaner Log

# AdwCleaner v2.114 - Logfile created 03/07/2013 at 10:22:43

# Updated 05/03/2013 by Xplode

# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)

# User : groom - PARKER1

# Boot Mode : Normal

# Running from : C:\Users\groom\Downloads\AdwCleaner.exe

# Option [Delete]

 

 

***** [Services] *****

 

Stopped & Deleted : MyWebSearchService

 

***** [Files / Folders] *****

 

File Deleted : C:\END

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\Free_online_games

Folder Deleted : C:\Program Files\FunWebProducts

Folder Deleted : C:\Program Files\MyWebSearch

Folder Deleted : C:\Program Files\Qwiklinx

Folder Deleted : C:\Program Files\TotalRecipeSearch_14EI

Folder Deleted : C:\ProgramData\APN

Folder Deleted : C:\Users\groom\AppData\Local\Conduit

Folder Deleted : C:\Users\groom\AppData\Local\getsavin

Folder Deleted : C:\Users\groom\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\groom\AppData\LocalLow\Free_online_games

Folder Deleted : C:\Users\groom\AppData\LocalLow\FunWebProducts

Folder Deleted : C:\Users\groom\AppData\LocalLow\MyWebSearch

Folder Deleted : C:\Users\groom\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\groom\AppData\Roaming\Qwiklinx

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Free_online_games

Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products

Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts

Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\FunWebProducts

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Free_online_games Toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{397BBE0F-DC3D-4CCD-8C4A-C6456399D7DF}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{397BBE0F-DC3D-4CCD-8C4A-C6456399D7DF}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{715B5350-D04A-4227-AE47-6F005B931482}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}

Key Deleted : HKCU\Software\MyWebSearch

Key Deleted : HKCU\Software\Qwiklinx

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{397BBE0F-DC3D-4CCD-8C4A-C6456399D7DF}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67FA02C4-AB30-4E77-A640-78EE8EC8673B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{715B5350-D04A-4227-AE47-6F005B931482}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9571378-68A1-443D-B082-284F960C6D17}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}

Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl

Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl.1

Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler

Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1

Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar

Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar.1

Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu

Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.1

Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.2

Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager

Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager.1

Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager

Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager.1

Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton

Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1

Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl

Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}

Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin

Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin.1

Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel

Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel.1

Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton

Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton.1

Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin

Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1

Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin

Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin.1

Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller

Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller.1

Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton

Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton.1

Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin

Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1

Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin

Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin.1

Key Deleted : HKLM\SOFTWARE\Classes\QwiklinxBHO

Key Deleted : HKLM\SOFTWARE\Classes\QwiklinxBHO.1

Key Deleted : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller

Key Deleted : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3020840

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3177532

Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.Start

Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.Start.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{204C0025-C26A-43E2-853C-D8A8EB1BCE51}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E5B29C2-BC6E-40BE-B881-AEE35B1F4035}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\FocusInteractive

Key Deleted : HKLM\Software\Free_online_games

Key Deleted : HKLM\Software\Fun Web Products

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63A407B5-B7D2-4076-B1A4-C07071D61615}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F30E8E41-9763-40B0-B6A0-6555A1B0C68B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll

Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss

Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin

Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{397BBE0F-DC3D-4CCD-8C4A-C6456399D7DF}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{715B5350-D04A-4227-AE47-6F005B931482}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2E497885-E60B-420A-832D-0148B392E058}_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free_online_games Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mywebsearch bar uninstall

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin

Key Deleted : HKLM\Software\MyWebSearch

Key Deleted : HKLM\Software\TotalRecipeSearch_14EI

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{397BBE0F-DC3D-4CCD-8C4A-C6456399D7DF}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00A6FAF6-072E-44CF-8957-5838F569A31D}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{397BBE0F-DC3D-4CCD-8C4A-C6456399D7DF}]

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [MyWebSearch Email Plugin]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{397BBE0F-DC3D-4CCD-8C4A-C6456399D7DF}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{397BBE0F-DC3D-4CCD-8C4A-C6456399D7DF}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [My Web Search Bar Search Scope Monitor]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MyWebSearch Email Plugin]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Users\groom\AppData\Roaming\Mozilla\Firefox\Profiles\j7udptiu.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.152

File : C:\Users\groom\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

AdwCleaner[S1].txt - [20106 octets] - [07/03/2013 10:22:43]

########## EOF - C:\AdwCleaner[S1].txt - [20167 octets] ##########

 

Junkware Removal Tool log- run 3-7-2013

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.6.9 (03.06.2013:1)

OS: Windows Vista ™ Home Premium x86

Ran by groom on Thu 03/07/2013 at 13:58:57.51

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{2d922b81-34c7-4aab-9c5d-433e79fc9445}

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{2d922b81-34c7-4aab-9c5d-433e79fc9445}

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin

Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin.1

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3e7c8b5a-96ab-438f-bf9b-782400655440}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{3e7c8b5a-96ab-438f-bf9b-782400655440}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\drivercure"

Successfully deleted: [Folder] "C:\Users\groom\AppData\Roaming\drivercure"

Successfully deleted: [Folder] "C:\Users\groom\appdata\locallow\fast free converter"

Successfully deleted: [Folder] "C:\Users\groom\appdata\locallow\trustloke"

Successfully deleted: [Folder] "C:\Program Files\fast free converter"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 03/07/2013 at 14:01:30.19

End of JRT log

 

Rkill Log – run 3-7-2013

Rkill 2.4.7 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

 http://www.bleepingcomputer.com/forums/topic308364.html

 

Program started at: 03/07/2013 02:16:15 PM in x86 mode.

Windows Version: Windows Vista ™ Home Premium Service Pack 2

 

Checking for Windows services to stop:

 

 * No malware services found to stop.

 

Checking for processes to terminate:

 

 * No malware processes found to kill.

 

Checking Registry for malware related settings:

 

 * No issues found in the Registry.

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

Performing miscellaneous checks:

 

 * Windows Firewall Disabled

 

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

   "EnableFirewall" = dword:00000000

 

Checking Windows Service Integrity:

 

 * COM+ Event System (EventSystem) is not Running.

   Startup Type set to: Automatic

 

 * Security Center (wscsvc) is not Running.

   Startup Type set to: Automatic (Delayed Start)

 

 * Windows Update (wuauserv) is not Running.

   Startup Type set to: Automatic (Delayed Start)

 

Searching for Missing Digital Signatures:

 

 * No issues found.

 

Checking HOSTS File:

 

 * HOSTS file entries found:

 

  127.0.0.1       localhost

  ::1             localhost

 

Program finished at: 03/07/2013 02:16:30 PM

Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)

 

Autoruns log – run 3-7-2013

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms"             ""             ""             ""

+ "rdpclip"             ""             ""             "File not found: rdpclip"

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" ""             ""             ""

+ "Adobe ARM"    "Adobe Reader and Acrobat Manager"           "Adobe Systems Incorporated"         "c:\program files\common files\adobe\arm\1.0\adobearm.exe"

+ "APSDaemon"   "Apple Push"        "Apple Inc."           "c:\program files\common files\apple\apple application support\apsdaemon.exe"

+ "ArcSoft Connection Service"        "ArcSoft Connect Daemon"               "ArcSoft Inc."        "c:\program files\common files\arcsoft\connection service\bin\acdaemon.exe"

+ "ATT-SST_McciTrayApp" "mcci+McciTrayApp"          "Alcatel-Lucent"   "c:\program files\att-sst\mccitrayapp.exe"

+ "BLOG"               ""             ""             "c:\program files\thinkpad\utilities\btvlogex.dll"

+ "cssauth"            "CSS Authentication Provider"          "Lenovo Group Limited"     "c:\program files\lenovo\client security solution\cssauth.exe"

+ "GrooveMonitor"             "GrooveMonitor Utility"     "Microsoft Corporation"     "c:\program files\microsoft office\office12\groovemonitor.exe"

+ "HP Software Update"     "Hewlett-Packard Product Assistant"               "Hewlett-Packard Co."        "c:\program files\hp\hp software update\hpwuschd2.exe"

+ "ISTray"               "PC Tools Tray Application"                "PC Tools"              "c:\program files\spyware doctor\pctstray.exe"

+ "ISW.exe"           "AT&T Internet Security Wizard"      "AT&T"   "c:\program files\at&t\internet security wizard\isw.exe"

+ "iTunesHelper" "iTunesHelper"     "Apple Inc."           "c:\program files\itunes\ituneshelper.exe"

+ "LPMailChecker"              "ThinkVantage Productivity Center MailChecker"         "Lenovo Group Limited"     "c:\program files\thinkvantage\prdctr\lpmlchk.exe"

+ "LPManager"     "ThinkVantage Productivity Center Manager"                "Lenovo Group Limited"     "c:\program files\thinkvantage\prdctr\lpmgr.exe"

+ "Mouse Suite 98 Daemon"             "Mouse Suite 98 Daemon" "Primax Electronics Ltd."    "c:\windows\system32\ico.exe"

+ "MSC" "Microsoft Security Client User Interface"      "Microsoft Corporation"     "c:\program files\microsoft security client\msseces.exe"

+ "NvCplDaemon"                "NVIDIA Display Properties Extension"            "NVIDIA Corporation"          "c:\windows\system32\nvcpl.dll"

+ "NvMediaCenter"             "NVIDIA Media Center Library"         "NVIDIA Corporation"          "c:\windows\system32\nvmctray.dll"

+ "PWMTRV"         "ThinkPad Power Manager Background Monitor and Tray Battery Gauge"              "Lenovo Group Limited"     "c:\program files\thinkpad\utilities\pwmtr32v.dll"

+ "PWRAGD"         ""             ""             "c:\program files\thinkpad\utilities\dpmhost.exe"

+ "QuickTime Task"              "QuickTime Task" "Apple Inc."           "c:\program files\quicktime\qttask.exe"

+ "RoxioDragToDisc"           "Drag To Disc Application" "Roxio"   "c:\program files\lenovo\drag-to-disc\drgtodsc.exe"

+ "RtHDVCpl"        "HD Audio Control Panel"  "Realtek Semiconductor"   "c:\windows\rthdvcpl.exe"

+ "SunJavaUpdateSched"   "Java™ Update Scheduler"            "Sun Microsystems, Inc."    "c:\program files\common files\java\java update\jusched.exe"

+ "TVT Scheduler Proxy"    "scheduler_proxy Application"         "Lenovo Group Limited"     "c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe"

+ "Windows Defender"      "Windows Defender User Interface"               "Microsoft Corporation"     "c:\program files\windows defender\msascui.exe"

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"    ""             ""             ""

+ "HP Button Manager.lnk"                "HP Button Manager MFC Application"           ""             "c:\program files\hp\button manager\bm.exe"

+ "HP Digital Imaging Monitor.lnk"    "HP Digital Imaging Monitor"             "Hewlett-Packard Co."        "c:\program files\hp\digital imaging\bin\hpqtra08.exe"

+ "Image Transfer.lnk"        ""             ""             "c:\program files\sony corporation\image transfer\sonytray.exe"

+ "McAfee Security Scan Plus.lnk"   "McAfee Security Scanner Scheduler"            "McAfee, Inc."      "c:\program files\mcafee security scan\2.1.121\ssscheduler.exe"

"C:\Users\groom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"  ""             ""             ""

+ "OneNote 2007 Screen Clipper and Launcher.lnk"   "Microsoft Office OneNote Quick Launcher" "Microsoft Corporation"     "c:\program files\microsoft office\office12\onenotem.exe"

"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"         ""             ""             ""

+ "Google Chrome"             "Google Chrome" "Google Inc."         "c:\program files\google\chrome\application\25.0.1364.152\installer\chrmstp.exe"

+ "Microsoft Windows Mail 7"          "Windows Mail"   "Microsoft Corporation"     "c:\program files\windows mail\winmail.exe"

"HKCU\Software\Microsoft\Windows\CurrentVersion\Run"      ""             ""             ""

+ "ApplePhotoStreams"      "ApplePhotoStreams.exe" "Apple Inc."           "c:\program files\common files\apple\internet services\applephotostreams.exe"

+ "com.apple.dav.bookmarks.daemon"           "BookmarkDAV_client.exe"               "Apple Inc."           "c:\program files\common files\apple\internet services\bookmarkdav_client.exe"

+ "iCloudServices"               "iCloud" "Apple Inc."           "c:\program files\common files\apple\internet services\icloudservices.exe"

+ "MobileDocuments"        ""             ""             "File not found: C:\Program Files\Common Files\Apple\Internet Services\ubd.exe"

+ "msnmsgr"         "Windows Live Messenger"               "Microsoft Corporation"     "c:\program files\windows live\messenger\msnmsgr.exe"

+ "Sidebar"            "Windows Sidebar"             "Microsoft Corporation"     "c:\program files\windows sidebar\sidebar.exe"

+ "Skype"               "Skype " "Skype Technologies S.A."  "c:\program files\skype\phone\skype.exe"

+ "swg"   "GoogleToolbarNotifier"     "Google Inc."         "c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe"

+ "WMPNSCFG"    "Windows Media Player Network Sharing Service Configuration Application"        "Microsoft Corporation"     "c:\program files\windows media player\wmpnscfg.exe"

"HKLM\SOFTWARE\Classes\Protocols\Filter"                ""             ""             ""

+ "text/xml"          "Microsoft Office XML MIME Filter" "Microsoft Corporation"     "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"

"HKLM\SOFTWARE\Classes\Protocols\Handler"           ""             ""             ""

+ "grooveLocalGWS"           "GrooveSystemServices Module"     "Microsoft Corporation"     "c:\program files\microsoft office\office12\groovesystemservices.dll"

+ "livecall"             "Windows Live Messenger Protocol Handler Module"                "Microsoft Corporation"     "c:\program files\windows live\messenger\msgrapp.dll"

+ "ms-help"           "Microsoft® Help Data Services Module"        "Microsoft Corporation"     "c:\program files\common files\microsoft shared\help\hxds.dll"

+ "msnim"              "Windows Live Messenger Protocol Handler Module"                "Microsoft Corporation"     "c:\program files\windows live\messenger\msgrapp.dll"

+ "mso-offdap11"                "Microsoft Office Web Components 2003"    "Microsoft Corporation"     "c:\program files\common files\microsoft shared\web components\11\owc11.dll"

+ "skype-ie-addon-data"     "Skype Click to Call for Internet Explorer"      "Skype Technologies S.A."  "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"

+ "skype4com"     "Skype for COM API"           "Skype Technologies"         "c:\program files\common files\skype\skype4com.dll"

+ "wlmailhtml"      "Windows Live Mail"           "Microsoft Corporation"     "c:\program files\windows live\mail\mailcomm.dll"

+ "wlpg" "Windows Live Album Download Protocol Handler"    "Microsoft Corporation"     "c:\program files\windows live\photo gallery\albumdownloadprotocolhandler.dll"

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks"         ""             ""             ""

+ "Groove GFS Stub Execution Hook"              "GrooveShellExtensions Module"     "Microsoft Corporation"     "c:\program files\microsoft office\office12\grooveshellextensions.dll"

"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"     ""             ""             ""

+ "EPP"   "Microsoft Security Client Shell Extension"    "Microsoft Corporation"     "c:\program files\microsoft security client\shellext.dll"

+ "PhotoStreamsExt"           "ShellStreams.dll"                "Apple Inc."           "c:\program files\common files\apple\internet services\shellstreams.dll"

+ "RXDCExtSvr"     "Roxio Creator Shell Extension"        "Sonic Solutions"  "c:\program files\roxio\virtual drive 10\dc_shellext.dll"

+ "Symantec.Norton.Antivirus.IEContextMenu"             "Symantec Shared Component Shell Extension Module"             "Symantec Corporation"         "c:\program files\norton internet security\engine\19.9.1.14\navshext.dll"

+ "XXX Groove GFS Context Menu Handler XXX"          "GrooveShellExtensions Module"     "Microsoft Corporation"     "c:\program files\microsoft office\office12\grooveshellextensions.dll"

"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"  ""             ""             ""

+ "MBAMShlExt"  "Malwarebytes Anti-Malware"          "Malwarebytes Corporation"             "c:\program files\malwarebytes' anti-malware\mbamext.dll"

+ "XXX Groove GFS Context Menu Handler XXX"          "GrooveShellExtensions Module"     "Microsoft Corporation"     "c:\program files\microsoft office\office12\grooveshellextensions.dll"

"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers"       ""             ""             ""

+ "EPP"   "Microsoft Security Client Shell Extension"    "Microsoft Corporation"     "c:\program files\microsoft security client\shellext.dll"

+ "XXX Groove GFS Context Menu Handler XXX"          "GrooveShellExtensions Module"     "Microsoft Corporation"     "c:\program files\microsoft office\office12\grooveshellextensions.dll"

"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers"              ""             ""             ""

+ "Roxio DragToDisc Shell Extension"              "DirectCD Shell Extention DLL"         "Roxio"   "c:\program files\lenovo\drag-to-disc\shellex.dll"

"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers"             ""             ""             ""

+ "Roxio DragToDisc Shell Extension"              "DirectCD Shell Extention DLL"         "Roxio"   "c:\program files\lenovo\drag-to-disc\shellex.dll"

"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"                ""             ""             ""

+ "NvCplDesktopContext"  "NVIDIA Display Properties Extension"            "NVIDIA Corporation"          "c:\windows\system32\nvcpl.dll"

+ "XXX Groove GFS Context Menu Handler XXX"          "GrooveShellExtensions Module"     "Microsoft Corporation"     "c:\program files\microsoft office\office12\grooveshellextensions.dll"

"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers"       ""             ""             ""

+ "PDF Shell Extension"      "PDF Shell Extension"          "Adobe Systems, Inc."         "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"

"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"            ""             ""             ""

+ "MBAMShlExt"  "Malwarebytes Anti-Malware"          "Malwarebytes Corporation"             "c:\program files\malwarebytes' anti-malware\mbamext.dll"

+ "RXDCExtSvr"     "Roxio Creator Shell Extension"        "Sonic Solutions"  "c:\program files\roxio\virtual drive 10\dc_shellext.dll"

+ "Symantec.Norton.Antivirus.IEContextMenu"             "Symantec Shared Component Shell Extension Module"             "Symantec Corporation"         "c:\program files\norton internet security\engine\19.9.1.14\navshext.dll"

+ "XXX Groove GFS Context Menu Handler XXX"          "GrooveShellExtensions Module"     "Microsoft Corporation"     "c:\program files\microsoft office\office12\grooveshellextensions.dll"

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"          ""             ""             ""

+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"               "GrooveShellExtensions Module"     "Microsoft Corporation"     "c:\program files\microsoft office\office12\grooveshellextensions.dll"

+ "Groove Explorer Icon Overlay 2 (GFS Stub)"             "GrooveShellExtensions Module"     "Microsoft Corporation"     "c:\program files\microsoft office\office12\grooveshellextensions.dll"

+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"        "GrooveShellExtensions Module"     "Microsoft Corporation"     "c:\program files\microsoft office\office12\grooveshellextensions.dll"

+ "Groove Explorer Icon Overlay 3 (GFS Folder)"          "GrooveShellExtensions Module"     "Microsoft Corporation"     "c:\program files\microsoft office\office12\grooveshellextensions.dll"

+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"              "GrooveShellExtensions Module"     "Microsoft Corporation"     "c:\program files\microsoft office\office12\grooveshellextensions.dll"

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"                ""             ""             ""

+ "Adobe PDF Link Helper"                "Adobe PDF Helper for Internet Explorer"     "Adobe Systems Incorporated"         "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"

+ "AT&&T Toolbar"              "Toolbar Component"         "AT&T"   "c:\program files\atttoolbar\atttoolbar.dll"

+ "Cartwheel"       "Cartwheel Shopping"         "Cartwheel, Inc."  "c:\users\groom\appdata\roaming\cartwheel\cartwheel.dll"

+ "Fast Free Converter 3.0"               ""             ""             "File not found: C:\PROGRA~1\FASTFR~1\FASTFR~1\FASTFR~1.DLL"

+ "Google Toolbar Helper" "Google Toolbar" "Google Inc."         "c:\program files\google\google toolbar\googletoolbar_32.dll"

+ "Groove GFS Browser Helper"       "GrooveShellExtensions Module"     "Microsoft Corporation"     "c:\program files\microsoft office\office12\grooveshellextensions.dll"

+ "HP Smart BHO Class"      "HP Smart Web Printing add-on for Internet Explorer"                "Hewlett-Packard Co."        "c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll"

+ "IePasswordManagerHelper Class"               "Password Manager IE BHO"              "Lenovo Group Limited"     "c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll"

+ "Java™ Plug-In 2 SSV Helper"     "Java™ Platform SE binary"           "Oracle Corporation"          "c:\program files\java\jre7\bin\jp2ssv.dll"

+ "Java™ Plug-In SSV Helper"         "Java™ Platform SE binary"           "Oracle Corporation"          "c:\program files\java\jre7\bin\ssv.dll"

+ "Norton Identity Protection"          "coIEPlugIn"          "Symantec Corporation"     "c:\program files\norton internet security\engine\19.9.1.14\coieplg.dll"

+ "Norton Vulnerability Protection" "IPS Browser Helper DLL"  "Symantec Corporation"     "c:\program files\norton internet security\engine\19.9.1.14\ips\ipsbho.dll"

+ "Search Helper"                "Search Helper for Internet Explorer"             "Microsoft Corporation"     "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"

+ "Skype Browser Helper" "Skype Click to Call for Internet Explorer"      "Skype Technologies S.A."  "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"

+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper"  "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"

"HKLM\Software\Microsoft\Internet Explorer\Toolbar"             ""             ""             ""

+ "[1]"       "Toolbar Component"         "AT&T"   "c:\program files\atttoolbar\atttoolbar.dll"

+ "Google Toolbar"              "Google Toolbar" "Google Inc."         "c:\program files\google\google toolbar\googletoolbar_32.dll"

+ "Norton Toolbar"              "coIEPlugIn"          "Symantec Corporation"     "c:\program files\norton internet security\engine\19.9.1.14\coieplg.dll"

"HKLM\Software\Microsoft\Internet Explorer\Extensions"        ""             ""             ""

+ "HP Smart Select"             "HP Smart Web Printing add-on for Internet Explorer"                "Hewlett-Packard Co."        "c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll"

+ "Lenovo Password Manager..."      "Password Manager IE BHO"              "Lenovo Group Limited"     "c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll"

+ "S&end to OneNote"       "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation"     "c:\program files\microsoft office\office12\onbttnie.dll"

+ "Skype Click to Call"         "Skype Click to Call for Internet Explorer"      "Skype Technologies S.A."  "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"

"HKLM\System\CurrentControlSet\Services"                ""             ""             ""

+ "ACDaemon"     "ArcSoft Connect Service" "ArcSoft Inc."        "c:\program files\common files\arcsoft\connection service\bin\acservice.exe"

+ "AdobeARMservice"        "Adobe Acrobat Updater keeps your Adobe software up to date."           "Adobe Systems Incorporated"                "c:\program files\common files\adobe\arm\1.0\armsvc.exe"

+ "AdobeFlashPlayerUpdateSvc"      "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes."      "Adobe Systems Incorporated"         "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"

+ "Apple Mobile Device"    "Provides the interface to Apple mobile devices."       "Apple Inc."           "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"

+ "BcmSqlStartupSvc"         "Controls the start of the Business Contact Manager SQL Server instance (MSSMLBIZ)."      "Microsoft Corporation"         "c:\program files\microsoft small business\business contact manager\bcmsqlstartupsvc.exe"

+ "Bonjour Service"             "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc."           "c:\program files\bonjour\mdnsresponder.exe"

+ "FastFreeConverterUpdt"               ""             ""             "File not found: C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe"

+ "gupdate1c9d68ad6b561e0"        "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."         "Google Inc."         "c:\program files\google\update\googleupdate.exe"

+ "gupdatem"       "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."             "Google Inc."         "c:\program files\google\update\googleupdate.exe"

+ "gusvc"               "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work."                "Google"                "c:\program files\google\common\google updater\googleupdaterservice.exe"

+ "hpqcxs08"        "HP CUE Context Manager Objects" "Hewlett-Packard Co."        "c:\program files\hp\digital imaging\bin\hpqcxs08.dll"

+ "hpqddsvc"        "This service detects and monitors CUE devices on the system."               "Hewlett-Packard Co."        "c:\program files\hp\digital imaging\bin\hpqddsvc.dll"

+ "HPSLPSVC"       "Discovers and monitors the state and the configuration of the HP devices attached to your network. If the service is stopped, and your network devices change IP addresses, they might become unavailable"                "Hewlett-Packard Co."        "c:\program files\hp\digital imaging\bin\hpslpsvc32.dll"

+ "IDriverT"           "Provides support for the Running Object Table for InstallShield Drivers"               "Macrovision Corporation"                "c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe"

+ "iPod Service"   "iPod hardware management services"          "Apple Inc."           "c:\program files\ipod\bin\ipodservice.exe"

+ "IviRegMgr"       "RegMgr Module"                "InterVideo"          "c:\program files\common files\intervideo\regmgr\iviregmgr.exe"

+ "MBAMScheduler"           "Malwarebytes Anti-Malware scheduler"       "Malwarebytes Corporation"             "c:\program files\malwarebytes' anti-malware\mbamscheduler.exe"

+ "MBAMService"                "Malwarebytes Anti-Malware service"            "Malwarebytes Corporation"             "c:\program files\malwarebytes' anti-malware\mbamservice.exe"

+ "McciCMService"             "mcci+McciCMService"      "Alcatel-Lucent"   "c:\program files\common files\motive\mccicmservice.exe"

+ "McComponentHostService"         "McAfee Security Scan Component Host Service"        "McAfee, Inc."      "c:\program files\mcafee security scan\2.1.121\mcchsvc.exe"

+ "Microsoft Office Groove Audit Service"     "Groove Audit Service"      "Microsoft Corporation"     "c:\program files\microsoft office\office12\grooveauditservice.exe"

+ "MsMpSvc"        "Helps protect users from malware and other potentially unwanted software"     "Microsoft Corporation"     "c:\program files\microsoft security client\msmpeng.exe"

+ "MSSQL$MSSMLBIZ"        "Provides storage, processing and controlled access of data and rapid transaction processing."        "Microsoft Corporation"         "c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe"

+ "Net Driver HPZ12"          "Dot4Net Module"               "Hewlett-Packard"               "c:\windows\system32\hpzinw12.dll"

+ "NIS"    "Norton Internet Security" "Symantec Corporation"     "c:\program files\norton internet security\engine\19.9.1.14\ccsvchst.exe"

+ "NisSrv"              "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols"                "Microsoft Corporation"     "c:\program files\microsoft security client\nissrv.exe"

+ "nvsvc"               "Provides system and desktop level support to the NVIDIA display driver"              "NVIDIA Corporation"                "c:\windows\system32\nvvsvc.exe"

+ "odserv"             "Run portions of Microsoft Office Diagnostics."             "Microsoft Corporation"     "c:\program files\common files\microsoft shared\office12\odserv.exe"

+ "ose"   "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."                "Microsoft Corporation"     "c:\program files\common files\microsoft shared\source engine\ose.exe"

+ "Pml Driver HPZ12"          "PmlDrv Module" "Hewlett-Packard"               "c:\windows\system32\hpzipm12.dll"

+ "Power Manager DBC Service"      "Power Manager Dynamic Brightness Control Service"               "Lenovo"               "c:\program files\thinkpad\utilities\pwmdbsvc.exe"

+ "RoxMediaDB10"              "Roxio RoxMediaDB10 Service"        "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\sharedcom\roxmediadb10.exe"

+ "SeaPort"           "Enables the detection, download and installation of up-to-date configuration files for Microsoft Search Enhancement applications. Also provides server communication for the customer experience improvement program. If this service is disabled, search enhancement features such as search history may not work correctly." "Microsoft Corporation"     "c:\program files\microsoft\search enhancement pack\seaport\seaport.exe"

+ "SkypeUpdate"  "Enables the detection, download and installation of updates for Skype."               "Skype Technologies"         "c:\program files\skype\updater\updater.exe"

+ "SplashtopRemoteService"             "Splashtop Remote Streamer"           "Splashtop Inc."    "c:\program files\splashtop\splashtop remote\server\srservice.exe"

+ "SQLBrowser"   "Provides SQL Server connection information to client computers."        "Microsoft Corporation"     "c:\program files\microsoft sql server\90\shared\sqlbrowser.exe"

+ "SQLWriter"      "Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure."  "Microsoft Corporation"         "c:\program files\microsoft sql server\90\shared\sqlwriter.exe"

+ "SSUService"     "Splashtop software updater enables updates and enhancements to the SmartView browser extension."      "Splashtop Inc."        "c:\program files\splashtop\splashtop software updater\ssuservice.exe"

+ "stllssvr"             "SureThing Labelflash Disc Printer Service Module"    "MicroVision Development, Inc."      "c:\program files\common files\surething shared\stllssvr.exe"

+ "SUService"       "ThinkVantage System Update"         "Lenovo Group Limited"     "c:\program files\lenovo\system update\suservice.exe"

+ "ThinkVantage Registry Monitor Service"    "ThinkVantage Registry Monitor Service"       "Lenovo Group Limited"     "c:\program files\common files\lenovo\tvt_reg_monitor_svc.exe"

+ "TSSCoreService"             "tvttcsd Application"           "Lenovo"               "c:\program files\lenovo\client security solution\tvttcsd.exe"

+ "TVT Backup Protection Service"   "rrpservice Module"           ""             "c:\program files\lenovo\rescue and recovery\rrpservice.exe"

+ "TVT Backup Service"       "Rescue and Recovery Backup Service"          "Lenovo Group Limited"     "c:\program files\lenovo\rescue and recovery\rrservice.exe"

+ "TVT Scheduler"                "ThinkVantage Scheduler" "Lenovo Group Limited"     "c:\program files\common files\lenovo\scheduler\tvtsched.exe"

+ "TVT_UpdateMonitor"     "A service for monitoring operating system files changed by Windows update and copying them for TVT Rescue And Recovery Express Repair"          "Lenovo Group Limited"     "c:\program files\lenovo\rescue and recovery\updatemonitor.exe"

+ "uCamMonitor" "Monitor the status of the webcam on PC startup."      "ArcSoft, Inc."       "c:\program files\arcsoft\magic-i visual effects 2\ucammonitor.exe"

+ "WinDefend"     "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions."                "Microsoft Corporation"     "c:\program files\windows defender\mpsvc.dll"

+ "wlidsvc"            "Enables Windows Live ID authentication."    "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"

+ "WMPNetworkSvc"          "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"       "Microsoft Corporation"     "c:\program files\windows media player\wmpnetwk.exe"

+ "YahooAUService"            "Keeps your favorite Yahoo! software up-to-date with the latest features, tools, and enhancements."                "Yahoo! Inc."         "c:\program files\yahoo!\softwareupdate\yahooauservice.exe"

"HKLM\System\CurrentControlSet\Services"                ""             ""             ""

+ "amdide"            "AMD PCI SATA/IDE Bus Driver"        "Advanced Micro Devices"                "c:\windows\system32\drivers\amdide.sys"

+ "ArcSoftKsUFilter"            ""             "ArcSoft, Inc."       "c:\windows\system32\drivers\arcsoftksufilter.sys"

+ "AtiPcie"             "ATI PCIE Driver for ATI PCIE chipset"              "ATI Technologies Inc."       "c:\windows\system32\drivers\atipcie.sys"

+ "BHDrvx86"       "SONAR Engine Driver"       "Symantec Corporation"     "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.7.1.5\definitions\bashdefs\20130301.001\bhdrvx86.sys"

+ "BrFiltLo"            "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver"               "Brother Industries, Ltd."                "c:\windows\system32\drivers\brfiltlo.sys"

+ "BrFiltUp"           "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver"               "Brother Industries, Ltd."                "c:\windows\system32\drivers\brfiltup.sys"

+ "BrUsbSer"         "Brother USB Serial Driver"               "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbser.sys"

+ "ccSet_NIS"        "Common Client Settings Driver"      "Symantec Corporation"                "c:\windows\system32\drivers\nis\1309010.00e\ccsetx86.sys"

+ "DLABMFSM"    "Drive Letter Access Component"    "Roxio"   "c:\windows\system32\dla\dlabmfsm.sys"

+ "DLABOIOM"     "Drive Letter Access Component"    "Roxio"   "c:\windows\system32\dla\dlaboiom.sys"

+ "DLACDBHM"    "Shared Driver Component"              "Roxio"   "c:\windows\system32\drivers\dlacdbhm.sys"

+ "DLADResM"     "Drive Letter Access Component"    "Roxio"   "c:\windows\system32\dla\dladresm.sys"

+ "DLAIFS_M"       "Drive Letter Access Component"    "Roxio"   "c:\windows\system32\dla\dlaifs_m.sys"

+ "DLAOPIOM"     "Drive Letter Access Component"    "Roxio"   "c:\windows\system32\dla\dlaopiom.sys"

+ "DLAPoolM"      "Drive Letter Access Component"    "Roxio"   "c:\windows\system32\dla\dlapoolm.sys"

+ "DLARTL_M"      "Shared Driver Component"              "Roxio"   "c:\windows\system32\drivers\dlartl_m.sys"

+ "DLAUDF_M"     "Drive Letter Access Component"    "Roxio"   "c:\windows\system32\dla\dlaudf_m.sys"

+ "DLAUDFAM"    "Drive Letter Access Component"    "Roxio"   "c:\windows\system32\dla\dlaudfam.sys"

+ "DRVMCDB"       "Device Driver"    "Sonic Solutions"  "c:\windows\system32\drivers\drvmcdb.sys"

+ "DRVNDDM"      "Device Driver Manager"   "Roxio"   "c:\windows\system32\drivers\drvnddm.sys"

+ "e1express"       "Intel® PRO/1000 Adapter NDIS 6 deserialized driver"             "Intel Corporation"                "c:\windows\system32\drivers\e1e6032.sys"

+ "E1G60"              "Intel® PRO/1000 Adapter NDIS 6 deserialized driver"             "Intel Corporation"                "c:\windows\system32\drivers\e1g60i32.sys"

+ "eeCtrl"              "Symantec Eraser Control Driver"    "Symantec Corporation"     "c:\program files\common files\symantec shared\eengine\eectrl.sys"

+ "EraserUtilRebootDrv"     "Symantec Eraser Utility Driver"       "Symantec Corporation"     "c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys"

+ "FlyUsb"              "FLY Fusion USB Driver"      "LeapFrog"            "c:\windows\system32\drivers\flyusb.sys"

+ "GEARAspiWDM"              "CD DVD Filter"     "GEAR Software Inc."           "c:\windows\system32\drivers\gearaspiwdm.sys"

+ "HSF_DPV"         "HSF_DP driver"   "Conexant Systems, Inc."    "c:\windows\system32\drivers\vstdpv3.sys"

+ "HSFHWAZL"     "HSF_HWAZL WDM driver"               "Conexant Systems, Inc."    "c:\windows\system32\drivers\vstazl3.sys"

+ "IDSVix86"          "Symantec Intrusion Prevention Driver"         "Symantec Corporation"     "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.7.1.5\definitions\ipsdefs\20130306.001\idsvix86.sys"

+ "IntcAzAudAddService"  "Realtek® High Definition Audio Function Driver"       "Realtek Semiconductor Corp."                "c:\windows\system32\drivers\rtkvhda.sys"

+ "IpInIp"               "IP in IP Tunnel Driver"       ""             "File not found: system32\DRIVERS\ipinip.sys"

+ "MASPINT"         "Aspi32 Driver"    "MicroStaff Co.,Ltd."            "c:\windows\system32\drivers\maspint.sys"

+ "MBAMProtector"            "Malwarebytes Anti-Malware"          "Malwarebytes Corporation"                "c:\windows\system32\drivers\mbam.sys"

+ "MpKsl04b2ec9f"             ""             ""             "c:\programdata\microsoft\microsoft antimalware\definition updates\{eb220b67-74b2-4a7c-991b-5bdd1c966968}\mpksl04b2ec9f.sys"

+ "MpKsl957ac365"            "KSLDriver"           "Microsoft Corporation"     "c:\programdata\microsoft\microsoft antimalware\definition updates\{eb220b67-74b2-4a7c-991b-5bdd1c966968}\mpksl957ac365.sys"

+ "MpKslaed48ed3"            ""             ""             "c:\programdata\microsoft\microsoft antimalware\definition updates\{eb220b67-74b2-4a7c-991b-5bdd1c966968}\mpkslaed48ed3.sys"

+ "MpKslcbe7c54a"             ""             ""             "c:\programdata\microsoft\microsoft antimalware\definition updates\{eb220b67-74b2-4a7c-991b-5bdd1c966968}\mpkslcbe7c54a.sys"

+ "MpKsld711bcbb"            ""             ""             "c:\programdata\microsoft\microsoft antimalware\definition updates\{eb220b67-74b2-4a7c-991b-5bdd1c966968}\mpksld711bcbb.sys"

+ "MREMP50"       "PCAUSA NDIS 5.0 MPR Protocol Driver"        "Printing Communications Assoc., Inc. (PCAUSA)"         "c:\program files\common files\motive\mremp50.sys"

+ "MREMP50a64"                ""             ""             "File not found: C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS"

+ "MREMPR5"       ""             ""             "File not found: C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS"

+ "MRENDIS5"       ""             ""             "File not found: C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS"

+ "MRESP50"        "PCAUSA NDIS 5.0 SPR Protocol Driver"          "Printing Communications Assoc., Inc. (PCAUSA)"         "c:\program files\common files\motive\mresp50.sys"

+ "MRESP50a64"  ""             ""             "File not found: C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS"

+ "NAVENG"          "AV Engine"           "Symantec Corporation"     "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.7.1.5\definitions\virusdefs\20130306.035\naveng.sys"

+ "NAVEX15"         "AV Engine"           "Symantec Corporation"     "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.7.1.5\definitions\virusdefs\20130306.035\navex15.sys"

+ "nvlddmkm"       "NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 174.90 "             "NVIDIA Corporation"                "c:\windows\system32\drivers\nvlddmkm.sys"

+ "NwlnkFlt"          "IPX Traffic Filter Driver"    ""             "File not found: system32\DRIVERS\nwlnkflt.sys"

+ "NwlnkFwd"       "IPX Traffic Forwarder Driver"          ""             "File not found: system32\DRIVERS\nwlnkfwd.sys"

+ "PCTCore"          "PC Tools KDS Core Driver"                "PC Tools"              "c:\windows\system32\drivers\pctcore.sys"

+ "pelmouse"        "Mouse Suite Driver (For Windows 2000 and Whistler Only)"   "Primax Electronics Ltd."                "c:\windows\system32\drivers\pelmouse.sys"

+ "pelusblf"           "USB Mouse Low Filter Driver(Win2000 only)"             "Primax Electronics Ltd."                "c:\windows\system32\drivers\pelusblf.sys"

+ "psadd"               "SMBIOS Driver"  "Lenovo (United States) Inc."             "c:\windows\system32\drivers\psadd.sys"

+ "PxHelp20"        "Px Engine Device Driver for Windows 2000/XP"         "Sonic Solutions"  "c:\windows\system32\drivers\pxhelp20.sys"

+ "secdrv"             "Macrovision SECURITY Driver"         "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."               "c:\windows\system32\drivers\secdrv.sys"

+ "SRTSP"               "Symantec AutoProtect"    "Symantec Corporation"     "c:\windows\system32\drivers\nis\1309010.00e\srtsp.sys"

+ "SRTSPX"            "Symantec AutoProtect"    "Symantec Corporation"     "c:\windows\system32\drivers\nis\1309010.00e\srtspx.sys"

+ "SymDS"             "Symantec Data Store"        "Symantec Corporation"     "c:\windows\system32\drivers\nis\1309010.00e\symds.sys"

+ "SymEFA"           "Symantec Extended File Attributes"               "Symantec Corporation"                "c:\windows\system32\drivers\nis\1309010.00e\symefa.sys"

+ "SymEvent"        "Symantec Event Library"   "Symantec Corporation"     "c:\windows\system32\drivers\symevent.sys"

+ "SymIRON"         "Iron Driver"         "Symantec Corporation"     "c:\windows\system32\drivers\nis\1309010.00e\ironx86.sys"

+ "SYMTDIv"          "Network Dispatch Driver" "Symantec Corporation"     "c:\windows\system32\drivers\nis\1309010.00e\symtdiv.sys"

+ "TPPWRIF"         ""             ""             "c:\windows\system32\drivers\tppwr32v.sys"

+ "tvtfilter"            "tvtfilter Filter Driver"         "Lenovo"               "c:\windows\system32\drivers\tvtfilter.sys"

+ "TVTI2C"             "SMBUS Driver"    "Lenovo (United States) Inc."             "c:\windows\system32\drivers\tvti2c.sys"

+ "tvtumon"          "Windows Update Monitor Driver"  "Lenovo"               "c:\windows\system32\drivers\tvtumon.sys"

+ "USBAAPL"         "Apple Mobile Device USB Driver"   "Apple, Inc."          "c:\windows\system32\drivers\usbaapl.sys"

+ "winachsf"          "HSF_CNXT driver"              "Conexant Systems, Inc."    "c:\windows\system32\drivers\vstcnxt3.sys"

+ "yukonwlh"        "Miniport Driver for Marvell Yukon Ethernet Controller."           "Marvell"                "c:\windows\system32\drivers\yk60x86.sys"

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"     ""             ""             ""

+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM"      "Fraunhofer Institut Integrierte Schaltungen IIS"                "c:\windows\system32\l3codeca.acm"

+ "vidc.cvid"          "Cinepak® Codec"                "Radius Inc."          "c:\windows\system32\iccvid.dll"

"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" ""             ""             ""

+ "9x8Resize"       "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

+ "Allocator Fix"   "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

+ "Audio Destination"         "WAVDest Filter (Sample)" "Microsoft Corporation"     "c:\program files\google\google earth\client\wavdest.ax"

+ "Bitmap"             "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

+ "BMPCapture"   ""             ""             "File not found: C:\Program Files\PIXELA\ImageMixer\BMPCapture.ax"

+ "Capture ASF Writer"      "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

+ "Capture File Writer"       "Windows Live Video Acquisition Filters"       "Microsoft Corporation"     "c:\program files\windows live\photo gallery\wlxvafilt.dll"

+ "Frame Eater"    "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

+ "InterVideo Audio Decoder"          "IVIAUDIO LOGID.62149"   "InterVideo Inc."  "c:\program files\intervideo\common\bin\iviaudio.ax"

+ "InterVideo Audio Processor"        ""             ""             "c:\program files\intervideo\common\bin\iviaudioprocess.ax"

+ "Intervideo CDSF Filter"  "Bouncing Ball Filter (Sample)"          "Microsoft Corporation"     "c:\program files\intervideo\common\bin\ivicdsf.ax"

+ "InterVideo Navigator"    "IVINAV LOGID.62149"        "InterVideo Inc."  "c:\program files\intervideo\common\bin\ivinav.ax"

+ "InterVideo Video Decoder"          "IVIVIDEO LOGID.62149"    " InterVideo Inc." "c:\program files\intervideo\common\bin\ivivideo.ax"

+ "LVMWriter"     "LVMWriter"         "Sonic Solutions"  "c:\program files\roxio\videocore 10\lvmwriter.ax"

+ "MainConcept (Sonic) DV Video Decoder"  "DirectShow DV Video Encoder and Decoder"              "MainConcept AG (Sonic)" "c:\program files\roxio\videocore 10\sonicmcdsdv.ax"

+ "MainConcept (Sonic) DV Video Encoder"   "DirectShow DV Video Encoder and Decoder"              "MainConcept AG (Sonic)" "c:\program files\roxio\videocore 10\sonicmcdsdv.ax"

+ "Media Analyser"             "analyse Filter (Sample)"    "Sonic Solutions"  "c:\program files\roxio\videocore 10\mediaanalyser.ax"

+ "MPEG PS MULTIPLEXER PIXELA"   ""             ""             "File not found: C:\Program Files\PIXELA\ImageMixer\PSMulPlx.ax"

+ "MPEG-Encoder PiXELA" ""             ""             "File not found: C:\Program Files\PIXELA\ImageMixer\mpegEncFilter.ax"

+ "MPEG2 Splitter PIXELA" ""             ""             "File not found: C:\Program Files\PIXELA\ImageMixer\Mpg2sppx.ax"

+ "Multiple File Output"     "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

+ "PixeDump"       ""             ""             "File not found: C:\Program Files\PIXELA\ImageMixer\PixeDump.ax"

+ "Proxy Sink"       "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

+ "Proxy Source" "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

+ "PSI Parser"       "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "Record Queue"               "Windows Live Video Acquisition Filters"       "Microsoft Corporation"     "c:\program files\windows live\photo gallery\wlxvafilt.dll"

+ "Record Queue"               "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

+ "ROXIO Audio Source 3.0"              "Roxio Audio Filters"           "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxaudio.ax"

+ "Roxio Audio Source Filter"            "Roxio Audio Source Filter"               "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\sharedcom\rxdsaudiosource.ax"

+ "Roxio Audio Stream Reader Filter"              "Roxio Audio Stream Reader Filter" "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\sharedcom\rxdsaudiostreamreader.ax"

+ "Roxio Audio Stream Writer Filter"               "Roxio Audio Stream Writer Filter"  "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\sharedcom\rxdsaudiostreamwriter.ax"

+ "ROXIO Audio VCFChunker 3.0"    "Roxio Audio Filters"           "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxaudio.ax"

+ "ROXIO Audio VCFLooper 3.0"       "Roxio Audio Filters"           "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxaudio.ax"

+ "ROXIO AudioConvert 3.0"             "Roxio Audio Filters"           "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxaudio.ax"

+ "ROXIO AudioGrabber 3.0"            "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "ROXIO ColorSpace Converter 3.0"              "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "ROXIO CPU Regulator"   "CPURegulator.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\cpuregulator.ax"

+ "ROXIO CrossGraphEx Renderer 3.0"           "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "ROXIO CrossGraphEx Source 3.0"                "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "roxio DCFilters Audio Sync Filter 2 10"       "roxio DiscCopier DirectShow Filter Collection"            "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\dllshared\dcfilters10.dll"

+ "roxio DCFilters Dragons Lair 10"  "roxio DiscCopier DirectShow Filter Collection"            "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\dllshared\dcfilters10.dll"

+ "roxio DCFilters DVD Muxer 10"    "roxio DiscCopier DirectShow Filter Collection"            "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\dllshared\dcfilters10.dll"

+ "roxio DCFilters DVDStream Reader 10"      "roxio DiscCopier DirectShow Filter Collection"            "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\dllshared\dcfilters10.dll"

+ "roxio DCFilters DVDStream Splitter 10"      "roxio DiscCopier DirectShow Filter Collection"            "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\dllshared\dcfilters10.dll"

+ "roxio DCFilters Mpeg I/II Decoder 10"        "roxio DiscCopier DirectShow Filter Collection"            "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\dllshared\dcfilters10.dll"

+ "roxio DCFilters Smart Resizer 10"                "roxio DiscCopier DirectShow Filter Collection"            "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\dllshared\dcfilters10.dll"

+ "roxio DCFilters Subpicture Mixer 10"         "roxio DiscCopier DirectShow Filter Collection"            "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\dllshared\dcfilters10.dll"

+ "ROXIO Deinterlace 3.0" "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "ROXIO DV Scene Detector Tee 3.0"            "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "ROXIO DVDCrossGraphEx Renderer 3.0"   "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "ROXIO DVDCrossGraphEx Source 3.0"        "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "ROXIO Field Combiner 3.0"           "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "ROXIO Field Splitter 3.0"               "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "ROXIO Image/Colour Source 3.0"                "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "ROXIO ListImage Source 3.0"        "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "ROXIO LPCMSyncFilter" "LPCMSync Filter"                "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\mpeg\lpcmsyncfilter.dll"

+ "Roxio LVM File Source (Async.)"  "LVMAsync"          "Sonic Solutions"  "c:\program files\roxio\videocore 10\lvmasync.ax"

+ "Roxio MPEG Analyzer Filter"         "MPEG File Analyzer Dynamic Link Library"    "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\mpeg\roxiompegprop.dll"

+ "Roxio MPEG Stream Analyzer"     "Roxio MPEG Stream Splitter"           "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\mpeg\mpegstreamanalyzer.dll"

+ "Roxio MPEG1 Audio Encoder"      "ROXIO MPEG Audio Encoder"          "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\mpeg\roxioaudioenc.dll"

+ "Roxio MPEG1 Encoder" "ROXIO MPEG1 Codec"       "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\mpeg\mpeg1vidcodec.dll"

+ "Roxio MPEG1 Muxer"    "ROXIO MPEG MUXER"       "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\mpeg\mpeg1muxer.dll"

+ "Roxio MPEG2 Demuxer"                "ROXIO MPEG Demuxer"    "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\mpeg\roxiompegdemuxer.dll"

+ "Roxio MPEG2 Encoder" "ROXIO MPEG2 Codec"       "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\mpeg\mpeg2vidcodec.dll"

+ "Roxio MPEG2 Muxer"    "ROXIO MPEG MUXER"       "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\mpeg\mpeg2muxer.dll"

+ "Roxio MPEG2 Video Decoder"     "ROXIO MPEG2 Codec"       "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\mpeg\mpeg2vidcodec.dll"

+ "ROXIO Pan Zoom 3.0"    "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "ROXIO Pin Tee"               "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "Roxio Plasma CrossGraph Renderer"          "MGICGFilter.ax"  "Sonic Solutions"  "c:\program files\roxio\videocore 10\plasmacgfilter.ax"

+ "Roxio Plasma CrossGraph Source"               "MGICGFilter.ax"  "Sonic Solutions"  "c:\program files\roxio\videocore 10\plasmacgfilter.ax"

+ "ROXIO QT Source"          "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "ROXIO QuickGrabber 3.0"             "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "ROXIO Raw Writer"        "ROXIO Raw Writer"            "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\mpeg\mgirawwriter.dll"

+ "Roxio Repack Filter"       "Repack Filter"     "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\mpeg\repackfilter.dll"

+ "ROXIO Scene Detector 3.0"          "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "ROXIO SceneRecorder 1.0"          "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "Roxio Smart Decoder"   "ROXIO MPEG2 Codec"       "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\mpeg\mpeg2vidcodec.dll"

+ "Roxio Smart Encoder"    "ROXIO MPEG2 Codec"       "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\mpeg\mpeg2vidcodec.dll"

+ "ROXIO SpyPos 3.0"         "Null-In-Place (Sample)"     "Sonic Solutions"  "c:\program files\roxio\videocore 10\mginullip.ax"

+ "ROXIO ThumbnailGrabber 3.0"    "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "Roxio Transport Stream Source"  "ListFrameSource"               "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\mpeg\tsmpegsource.dll"

+ "ROXIO VCFAlphaSplitter 3.0"        "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "ROXIO VCFAudioMixer 3.0"          "Roxio Audio Filters"           "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxaudio.ax"

+ "ROXIO VCFDvrSupport 3.0"           "DVR support filter"             "Sonic Solutions"  "c:\program files\roxio\videocore 10\dvrsupportfilt.ax"

+ "ROXIO VCFDVSceneDetect 1.0"   "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "ROXIO VCFLatency 3.0" "Roxio Audio Filters"           "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxaudio.ax"

+ "ROXIO VCFpeakmeter 3.0"            "Roxio Audio Filters"           "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxaudio.ax"

+ "ROXIO VCFStationLogo 1.0"          "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "ROXIO VCFVideoCutList 3.0"         "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "ROXIO VCFWaveform 1.0"            "Roxio Audio Filters"           "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxaudio.ax"

+ "ROXIO Video Effect 3.0"                "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "ROXIO Video Resampler 3.0"        "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "ROXIO Video VCFLooper 3.0"       "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "ROXIO VideoCombine 3.0"            "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "Roxio VOB Formatter"    "VOBFormatter"   "Sonic Solutions"  "c:\program files\roxio\videocore 10\vobformatter.ax"

+ "Roxio Vob Loader"          "VOBLoader"        "Sonic Solutions"  "c:\program files\roxio\videocore 10\vobloader.ax"

+ "Sewer"              "MVWcDSutil"      "Sonic Solutions"  "c:\program files\roxio\videocore 10\mvwcdsutil.dll"

+ "ShotDetect"     "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

+ "Sonic Cinemaster® Audio Decoder 4.3 (No Dolby)" "SonicHDAudio"   "Sonic Solutions"  "c:\program files\common files\sonic shared\cinemasteraudiond.dll"

+ "Sonic Cinemaster® VideoDecoder 4.3"      "CinemasterVideo"              "Sonic Solutions"  "c:\program files\common files\sonic shared\cinemastervideo.dll"

+ "Sonic HD Demuxer"        "Sonic HD Demuxer"           ""             "c:\program files\roxio\sonichddemuxer.dll"

+ "Sonic HD Nav"  "SonicHDNav"       ""             "c:\program files\common files\sonic shared\sonichdnav.dll"

+ "Sonic MPEG-2 Video Decoder"    "MPEG-2 Video Decoder"  "Sonic Solutions Inc."          "c:\program files\common files\sonic shared\sonicmc02\sonic7m2vd.ax"

+ "Stetch"              "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

+ "SubPicture Encoder"      "ROXIO SubPicture Encoder"            "Sonic Solutions"  "c:\program files\common files\roxio shared\10.0\mpeg\subpictenc.dll"

+ "VCG Null Renderer 3.0" "VideoCompositing Module"             "Sonic Solutions"  "c:\program files\roxio\videocore 10\videocompositing.ax"

+ "VCG Video Mixer 3.0"    "VideoCompositing Module"             "Sonic Solutions"  "c:\program files\roxio\videocore 10\videocompositing.ax"

+ "VCGImageSource"           "VideoCompositing Module"             "Sonic Solutions"  "c:\program files\roxio\videocore 10\videocompositing.ax"

+ "VMR9 Wrapper 3.0"       "VideoCompositing Module"             "Sonic Solutions"  "c:\program files\roxio\videocore 10\videocompositing.ax"

+ "VW Input Selector"         "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "VW Video Transition"     "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "VW Video Transition"     "CrossGraphEx.ax"               "Sonic Solutions"  "c:\program files\roxio\videocore 10\roxvideo.ax"

+ "WM VIH2 Fix"  "Windows Live Video Acquisition Filters"       "Microsoft Corporation"     "c:\program files\windows live\photo gallery\wlxvafilt.dll"

+ "WM VIH2 Fix"  "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

+ "WMT Audio Analyzer"   "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

+ "WMT Black Frame Generator"     "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

+ "WMT DV Extract Filter"  "Windows Live Video Acquisition Filters"       "Microsoft Corporation"     "c:\program files\windows live\photo gallery\wlxvafilt.dll"

+ "WMT DV Extract Filter"  "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

+ "WMT FormatConversion"              "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

+ "WMT Import Filter"        "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

+ "WMT Interlacer"             "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

+ "WMT Log Filter"              "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

+ "WMT MuxDeMux Filter"               "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

+ "WMT Sample Info Filter"               "Windows Live Video Acquisition Filters"       "Microsoft Corporation"     "c:\program files\windows live\photo gallery\wlxvafilt.dll"

+ "WMT Sample Info Filter"               "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

+ "WMT Switch Filter"         "Windows Live Video Acquisition Filters"       "Microsoft Corporation"     "c:\program files\windows live\photo gallery\wlxvafilt.dll"

+ "WMT Switch Filter"         "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters"       "Microsoft Corporation"     "c:\program files\windows live\photo gallery\wlxvafilt.dll"

+ "WMT Virtual Renderer" "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

+ "WMT Virtual Source"     "Windows Live Video Acquisition Filters"       "Microsoft Corporation"     "c:\program files\windows live\photo gallery\wlxvafilt.dll"

+ "WMT Virtual Source"     "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

+ "WMT Volume" "Windows Movie Maker Filters"       "Microsoft Corporation"     "c:\program files\movie maker\wmm2filt.dll"

"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" ""             ""             ""

+ "mdnsNSP"         "Bonjour Namespace Provider"        "Apple Inc."           "c:\program files\bonjour\mdnsnsp.dll"

"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors"     ""             ""             ""

+ "PCL hpf3l082" "LanguageMonitor"             "Hewlett-Packard Company"             "c:\windows\system32\hpf3l082.dll"

+ "PCL hpz3l4x6" "LanguageMonitor"             "Hewlett-Packard Company"             "c:\windows\system32\hpz3l4x6.dll"

"C:\Users\groom\AppData\Local\Microsoft\Windows Sidebar\Settings.ini"           ""             ""             ""

+ ""         ""             ""             "C:\Program Files\windows sidebar\shared gadgets\News-Shop.gadget"

+ "Calendar"         "Browse the days of the calendar."  "Microsoft Corporation"     "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\Gadget.xml"

+ "Calendar"         "Browse the days of the calendar."  "Microsoft Corporation"     "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\Gadget.xml"

+ "Calendar"         "Browse the days of the calendar."  "Microsoft Corporation"     "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\Gadget.xml"

+ "Clock"                "Watch the clock in your own time zone or any city in the world."           "Microsoft Corporation"     "C:\Program Files\windows sidebar\gadgets\Clock.gadget\en-US\Gadget.xml"

+ "Feed Headlines"              "Track the latest news, sports, and entertainment headlines."   "Microsoft Corporation"     "C:\Program Files\windows sidebar\gadgets\RSSFeeds.Gadget\en-US\Gadget.xml"

+ "Slide Show"      "Show a continuous slide show of your pictures."         "Microsoft Corporation"     "C:\Program Files\windows sidebar\gadgets\SlideShow.Gadget\en-US\Gadget.xml"

+ "ThinkVantage Status"      "Provides the TVT Application and status information."               "Lenovo Corporation"         "C:\Program Files\windows sidebar\shared gadgets\Tvtstatus.Gadget\Gadget.xml"



#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:30 AM

Posted 07 March 2013 - 04:45 PM

Run malwarebytes,junkware removal tool in normal mode once again and post the clean log



#8 Sunshine8

Sunshine8
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 07 March 2013 - 08:05 PM

Okay,

Here are the new logs.

 

Thanks

Sunshine8

 

Malwarebytes log – 3-7-13

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

 

Database version: v2013.03.07.14

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

groom :: PARKER1 [administrator]

 

Protection: Disabled

 

3/7/2013 4:49:12 PM

mbam-log-2013-03-07 (16-49-12).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 230307

Time elapsed: 42 minute(s), 33 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

Junkware scan

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.6.9 (03.06.2013:1)

OS: Windows Vista ™ Home Premium x86

Ran by groom on Thu 03/07/2013 at 17:38:44.12

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 03/07/2013 at 17:57:47.21

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:30 AM

Posted 07 March 2013 - 08:10 PM

Current issues?



#10 Sunshine8

Sunshine8
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 08 March 2013 - 10:28 AM

So far, so good, but I haven't used it much yet. I'll make notes if/when things come up that seem odd.

Also, I would like to know your opinion if you think I need more RAM. I have 2GB now and I basically use the computer just for work (documents, spread sheets, occational Power points) and for casual home use such as web browsing and photo saving. Would getting more RAM change much for me? If so, what would you recommend based on my computer details (noted in first post).

 

And thank you again for all of your help. I was at my wits end and with just a few days of correspondence and direction things seem to be running well.

 

Cheers!

Sunshine8



#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:30 AM

Posted 08 March 2013 - 10:33 AM

For the work you do,2 GB RAM is sufficient but if you still want to upgrade your RAM

 

Download

 

http://www.crucial.com/systemscanner/

 

This scanner should give you the details of RAM that is best for an upgrade.

 

good luck



#12 Sunshine8

Sunshine8
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 08 March 2013 - 04:11 PM

Thanks for the advice on the RAM.

I do have one error that keeps coming up. It appears whenever I try to click on a link in a webpage or when I try to open up multiple gmail accounts simultaneously. The error is

" Internet Explorer application error. The instruction at 0x77156e5f references memory 0x00000000. The memory could not be read. Click OK to terminate program."

 

So far that is the only thing that still seems to be happening after you helped me clean my system. This may not be virus related though.

 

Cheers.

Sunshine*



#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:30 AM

Posted 08 March 2013 - 04:30 PM

Reset IE using this guide

 

http://support.microsoft.com/kb/923737

 

Any changes?



#14 Sunshine8

Sunshine8
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 08 March 2013 - 05:27 PM

Thanks, that seems to have done it.

Okay, now just one more thing... but you don't have to answer since I've taken so much of your time already.

My CPU usage still seems really high with spikes (and often times locking up) at 100%.

At the moment it shows two processes identically named "APSDaemon.exe" and described as Apple Push and both seem to use a lot of CPU, though not really all that much memory. I am not sure what this is. I do use some Apple stuff like Itunes and I plug my iphone and iPods in to charge and sync but none of those things are plugged in or running right now.

 

Again... thanks.s

Sunsine8



#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:30 AM

Posted 08 March 2013 - 05:32 PM

Disable apple entries from startup and reboot.Any changes?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users