Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant get rid of Fast Browser Search, BHO.dll, Causing slow PC


  • Please log in to reply
13 replies to this topic

#1 C.Ack

C.Ack

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 12 March 2013 - 10:17 PM

Mod edit ..Moved to Am I Infected ~~ boopme

 

 

Hi, my wife has been experiencing a very slow computer, slow web browsing, and just generally slow response

times with almost anything on the computer. I cleaned out several gigs of unneeded junk, uninstalled several

programs, disabled several browser add-ons, and then decided to run a full system virus scan with Avast!.

When finished, there were two threats:

 

C:\Program Files\SGPSA\BHO.dll
and
C:\Program Files\Fast Browser Search\IE\BHO.dll

 

I tried to move them to the chest, but there was an error for each: "Error: Access is denied (5)"
I dont know how to proceed from here. I have done nothing since the virus scan (except research.)
I did uninstall something called Search Guard Plus (My Web tattoo), and disabled a few browser search add-

ons while cleaning out her system. While in Internet Explorer, every time I open a new tab, it goes to Fast

Browser Search website.

Thank you for any help.


Edited by boopme, 12 March 2013 - 10:31 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:55 PM

Posted 12 March 2013 - 10:19 PM

    

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg

  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    aswMBR1.png
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    aswMBR2.png
  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

    esetsmartinstaller_enu.png

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results


 



#3 C.Ack

C.Ack
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 13 March 2013 - 09:10 PM

Thank you for the reply, here are the results:

 

TDSSKiller

I actually found 2 logs for TDSS, the first one- "TDSSKiller.2.8.16.0_13.03.2013_16.25.53_log"

 

16:25:53.0404 5488  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:25:55.0416 5488  ============================================================
16:25:55.0416 5488  Current date / time: 2013/03/13 16:25:55.0416
16:25:55.0416 5488  SystemInfo:
16:25:55.0416 5488 
16:25:55.0416 5488  OS Version: 6.0.6001 ServicePack: 1.0
16:25:55.0416 5488  Product type: Workstation
16:25:55.0416 5488  ComputerName: HEATHER-PC
16:25:55.0416 5488  UserName: admin
16:25:55.0416 5488  Windows directory: C:\Windows
16:25:55.0416 5488  System windows directory: C:\Windows
16:25:55.0416 5488  Processor architecture: Intel x86
16:25:55.0416 5488  Number of processors: 1
16:25:55.0416 5488  Page size: 0x1000
16:25:55.0416 5488  Boot type: Normal boot
16:25:55.0416 5488  ============================================================
16:26:05.0525 5488  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:26:08.0037 5488  ============================================================
16:26:08.0037 5488  \Device\Harddisk0\DR0:
16:26:08.0302 5488  MBR partitions:
16:26:08.0302 5488  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0xDF21800
16:26:08.0302 5488  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF2AA000, BlocksNum 0xDF1B000
16:26:08.0302 5488  ============================================================
16:26:08.0692 5488  C: <-> \Device\Harddisk0\DR0\Partition1
16:26:10.0704 5488  D: <-> \Device\Harddisk0\DR0\Partition2
16:26:10.0704 5488  ============================================================
16:26:10.0704 5488  Initialize success
16:26:10.0704 5488  ============================================================
16:28:22.0198 5220  Deinitialize success
 

The second one, "TDSSKiller.2.8.16.0_13.03.2013_16.35.11_log" was empty.

 

aswMBR:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-13 16:51:52
-----------------------------
16:51:52.888    OS Version: Windows 6.0.6001 Service Pack 1
16:51:52.888    Number of processors: 1 586 0xF0D
16:51:52.890    ComputerName: HEATHER-PC  UserName: admin
16:52:14.620    Initialize success
16:52:15.536    AVAST engine defs: 13031301
16:54:55.829    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:54:55.832    Disk 0 Vendor: Hitachi_HTS543225L9A300 FBEOC40C Size: 238475MB BusType: 3
16:54:55.854    Disk 0 MBR read successfully
16:54:55.857    Disk 0 MBR scan
16:54:55.861    Disk 0 unknown MBR code
16:54:55.868    Disk 0 Partition 1 00     27 Hidden NTFS WinRE MSDOS5.0    10000 MB offset 2048
16:54:55.889    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       114243 MB offset 20482048
16:54:55.932    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       114230 MB offset 254451712
16:54:55.941    Disk 0 scanning sectors +488394752
16:54:56.018    Disk 0 scanning C:\Windows\system32\drivers
16:55:09.837    Service scanning
16:55:47.698    Modules scanning
16:56:00.380    Disk 0 trace - called modules:
16:56:00.409    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys afd.sys dxgkrnl.sys igdkmd32.sys
16:56:00.414    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x848f3128]
16:56:00.420    3 CLASSPNP.SYS[805de745] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83de1ba0]
16:56:01.077    AVAST engine scan C:\Windows
16:56:05.355    AVAST engine scan C:\Windows\system32
16:58:40.068    AVAST engine scan C:\Windows\system32\drivers
16:58:53.823    AVAST engine scan C:\Users\admin
16:59:57.179    AVAST engine scan C:\ProgramData
17:02:01.855    Scan finished successfully
17:02:47.304    Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
17:02:47.310    The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-13 16:51:52
-----------------------------
16:51:52.888    OS Version: Windows 6.0.6001 Service Pack 1
16:51:52.888    Number of processors: 1 586 0xF0D
16:51:52.890    ComputerName: HEATHER-PC  UserName: admin
16:52:14.620    Initialize success
16:52:15.536    AVAST engine defs: 13031301
16:54:55.829    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:54:55.832    Disk 0 Vendor: Hitachi_HTS543225L9A300 FBEOC40C Size: 238475MB BusType: 3
16:54:55.854    Disk 0 MBR read successfully
16:54:55.857    Disk 0 MBR scan
16:54:55.861    Disk 0 unknown MBR code
16:54:55.868    Disk 0 Partition 1 00     27 Hidden NTFS WinRE MSDOS5.0    10000 MB offset 2048
16:54:55.889    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       114243 MB offset 20482048
16:54:55.932    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       114230 MB offset 254451712
16:54:55.941    Disk 0 scanning sectors +488394752
16:54:56.018    Disk 0 scanning C:\Windows\system32\drivers
16:55:09.837    Service scanning
16:55:47.698    Modules scanning
16:56:00.380    Disk 0 trace - called modules:
16:56:00.409    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys afd.sys dxgkrnl.sys igdkmd32.sys
16:56:00.414    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x848f3128]
16:56:00.420    3 CLASSPNP.SYS[805de745] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83de1ba0]
16:56:01.077    AVAST engine scan C:\Windows
16:56:05.355    AVAST engine scan C:\Windows\system32
16:58:40.068    AVAST engine scan C:\Windows\system32\drivers
16:58:53.823    AVAST engine scan C:\Users\admin
16:59:57.179    AVAST engine scan C:\ProgramData
17:02:01.855    Scan finished successfully
17:02:47.304    Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
17:02:47.310    The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"
17:08:37.137    Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
17:08:37.147    The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"


ESET Online Scanner:

C:\Program Files\CouponAlert_2p\bar\1.bin\2pdatact.dll a variant of Win32/Toolbar.MyWebSearch.A application cleaned by deleting - quarantined
C:\Program Files\CouponAlert_2p\bar\1.bin\2phtml.dll probably a variant of Win32/Toolbar.MyWebSearch.F application cleaned by deleting - quarantined
C:\Program Files\CouponAlert_2p\bar\1.bin\2phtmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined
C:\Program Files\CouponAlert_2p\bar\1.bin\2pieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\CouponAlert_2p\bar\1.bin\2pPlugin.dll a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\CouponAlert_2p\bar\1.bin\2pskin.dll a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
C:\Users\admin\AppData\LocalLow\CouponAlert_2pEI\Installr\Cache\3E8348EA.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
C:\Users\Heather\AppData\Local\Temp\Bandoo.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3058c092-50a5236a multiple threats cleaned by deleting - quarantined
 



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:55 PM

Posted 13 March 2013 - 09:30 PM

Did TDSSkiller scan come out clean

 

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Make sure you are connected to the Internet and double-click on the it to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log



#5 C.Ack

C.Ack
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 13 March 2013 - 10:45 PM

Ok, I follow you until AdwCleaner. When I click on the program, I get a prompt to enter the user account password, then it goes straight to the program. Once in the program, the first action is to click on "Delete?" or "Search?" Thanks.


Edited by C.Ack, 13 March 2013 - 10:46 PM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:55 PM

Posted 13 March 2013 - 11:16 PM

Read my instructions again

  • Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe, select OK, then Run

  • Click on DELETE

  • A logfile will automatically open after the scan has finished

  • Copy and paste the contents in your reply

  • You can find the logfile at C:\AdwCleaner[R1].txt as well


Edited by narenxp, 13 March 2013 - 11:16 PM.


#7 C.Ack

C.Ack
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 13 March 2013 - 11:28 PM

With all due respect, I have the instructions right in front of me on a tablet right alongside the computer. I asked for those instructions to be a little more clear. I do not wish to do anything wrong. The instructions sound to me like the first thing I should do once inside the program is click "Delete." This does not make sense to me because how would the program know what to delete untill doing a search.



#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:55 PM

Posted 13 March 2013 - 11:45 PM

Search option is not used by the tool to search for entries.Click on search button and you will get a log with registry entries  that will be deleted when you hit the DELETE key.This is kind of warning for users to know that no legitimate or critical registry entries are being removed by the tool.Search key is used by us to verify the entries and then hit the DELETE button.Please post the all the logs now.


Edited by narenxp, 13 March 2013 - 11:47 PM.


#9 C.Ack

C.Ack
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 14 March 2013 - 05:08 PM

Sorry I got short with you last night, here are the results:

 

Malwarebytes

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.14.01

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
admin :: HEATHER-PC [administrator]

3/13/2013 9:49:38 PM
mbam-log-2013-03-13 (21-49-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245962
Time elapsed: 16 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

MiniToolBox

MiniToolBox by Farbar  Version:05-03-2013
Ran by Heather (ATTENTION: The logged in user is not administrator) on 13-03-2013 at 22:27:00
Running from "C:\Users\Heather\Desktop"
Windows Vista ™ Home Basic Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
The requested operation requires elevation.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1             localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

Ralink 802.11n Wireless LAN Card = Wireless Network Connection (Connected)
Generic Marvell Yukon 88E8071 based Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Heather-pc
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : eau.wi.charter.com

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : eau.wi.charter.com
   Description . . . . . . . . . . . : Ralink 802.11n Wireless LAN Card
   Physical Address. . . . . . . . . : 00-24-2B-25-D7-45
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8c0a:e615:6153:45f3%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.115(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, March 13, 2013 4:29:51 PM
   Lease Expires . . . . . . . . . . : Thursday, March 14, 2013 4:29:49 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 24.196.64.53
                                       68.113.206.10
                                       24.178.162.3
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : eau.wi.charter.com
   Description . . . . . . . . . . . : Generic Marvell Yukon 88E8071 based Ethernet Controller
   Physical Address. . . . . . . . . : 00-1D-72-ED-1D-EE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{6EB5181C-B38D-47B3-A55F-7AF2AB38F316}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{6EB5181C-B38D-47B3-A55F-7AF2AB38F316}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:c2d:6d5:3f57:fe8c(Preferred)
   Link-local IPv6 Address . . . . . : fe80::c2d:6d5:3f57:fe8c%12(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : eau.wi.charter.com
   Description . . . . . . . . . . . : isatap.eau.wi.charter.com
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{6EB5181C-B38D-47B3-A55F-7AF2AB38F316}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  vip01ftbgwi.ftbg.wi.charter.com
Address:  24.196.64.53

Name:    google.com
Addresses:  2001:4860:400a:800::1009
   74.125.225.5
   74.125.225.8
   74.125.225.9
   74.125.225.1
   74.125.225.7
   74.125.225.2
   74.125.225.14
   74.125.225.6
   74.125.225.3
   74.125.225.4
   74.125.225.0

 

Pinging google.com [74.125.225.131] with 32 bytes of data:

Reply from 74.125.225.131: bytes=32 time=30ms TTL=50

Reply from 74.125.225.131: bytes=32 time=63ms TTL=50

 

Ping statistics for 74.125.225.131:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 30ms, Maximum = 63ms, Average = 46ms

Server:  vip01ftbgwi.ftbg.wi.charter.com
Address:  24.196.64.53

Name:    yahoo.com
Addresses:  98.139.183.24
   98.138.253.109
   206.190.36.45

 

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=198ms TTL=47

Reply from 98.138.253.109: bytes=32 time=272ms TTL=47

 

Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 198ms, Maximum = 272ms, Average = 235ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 11 ...00 24 2b 25 d7 45 ...... Ralink 802.11n Wireless LAN Card
 10 ...00 1d 72 ed 1d ee ...... Generic Marvell Yukon 88E8071 based Ethernet Controller
  1 ........................... Software Loopback Interface 1
 13 ...00 00 00 00 00 00 00 e0  isatap.{6EB5181C-B38D-47B3-A55F-7AF2AB38F316}
 16 ...00 00 00 00 00 00 00 e0  isatap.{6EB5181C-B38D-47B3-A55F-7AF2AB38F316}
 12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 15 ...00 00 00 00 00 00 00 e0  isatap.eau.wi.charter.com
 14 ...00 00 00 00 00 00 00 e0  isatap.{6EB5181C-B38D-47B3-A55F-7AF2AB38F316}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.115     30
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.115    286
    192.168.1.115  255.255.255.255         On-link     192.168.1.115    286
    192.168.1.255  255.255.255.255         On-link     192.168.1.115    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.115    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.115    286
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     18 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     18 2001::/32                On-link
 12    266 2001:0:9d38:6ab8:c2d:6d5:3f57:fe8c/128
                                    On-link
 11    286 fe80::/64                On-link
 12    266 fe80::/64                On-link
 12    266 fe80::c2d:6d5:3f57:fe8c/128
                                    On-link
 11    286 fe80::8c0a:e615:6153:45f3/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    266 ff00::/8                 On-link
 11    286 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/13/2013 09:46:41 PM) (Source: profsvc) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The specified path is invalid.

Error: (03/13/2013 09:46:40 PM) (Source: profsvc) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The specified path is invalid.

Error: (03/13/2013 09:01:25 PM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(Officejet\0326500\032E710n-z\032[7FD0A9]._scanner._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (03/13/2013 09:01:25 PM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(Officejet\0326500\032E710n-z\032[7FD0A9]._pdl-datastream._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (03/13/2013 08:42:34 PM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(Officejet\0326500\032E710n-z\032[7FD0A9]._scanner._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (03/13/2013 08:42:34 PM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(Officejet\0326500\032E710n-z\032[7FD0A9]._pdl-datastream._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (03/13/2013 07:30:05 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program MobileDeviceService because of this error.

Program: MobileDeviceService
File: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (03/13/2013 07:30:05 PM) (Source: Application Error) (User: )
Description: Faulting application AppleMobileDeviceService.exe, version 17.88.0.8, time stamp 0x4e66ceff, faulting module AppleMobileDeviceService_main.dll, version 17.88.0.8, time stamp 0x4ea62600, exception code 0xc0000006, fault offset 0x00016122,
process id 0x82c, application start time 0xAppleMobileDeviceService.exe0.

Error: (03/13/2013 07:30:05 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program ActiveAccess because of this error.

Program: ActiveAccess
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 0

Error: (03/13/2013 07:30:04 PM) (Source: Application Error) (User: )
Description: Faulting application TrueWeather.exe, version 2.0.0.34, time stamp 0x4868e5e5, faulting module TrueWeather.exe, version 2.0.0.34, time stamp 0x4868e5e5, exception code 0xc0000006, fault offset 0x0004ae17,
process id 0x690, application start time 0xTrueWeather.exe0.


System errors:
=============
Error: (06/27/2012 00:29:53 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:00:19 AM on 6/26/2012 was unexpected.

Error: (06/25/2012 09:14:24 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer CHRIS-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6EB5181C-B38D-47B3-A55F-7AF2AB38F.
The master browser is stopping or an election is being forced.

Error: (06/24/2012 09:35:34 PM) (Source: Service Control Manager) (User: )
Description: Microsoft Antimalware Service%%2147949456

Error: (06/24/2012 09:35:13 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (06/24/2012 09:35:00 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.

 Expiration Reason: %%873

 Expiration Date (UTC): ?6/?25/?2012 2:35:00 AM

 Error Code: 0x80092003

 Error Description: An error occurred while reading or writing to a file.

Error: (06/24/2012 09:34:56 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (06/24/2012 09:34:54 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: C:\Windows\system32\RAIHV.dll126

Error: (06/24/2012 09:34:51 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:12:32 PM on 6/24/2012 was unexpected.

Error: (06/23/2012 10:52:38 PM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (06/23/2012 10:51:29 PM) (Source: Service Control Manager) (User: )
Description: Microsoft Antimalware Service%%2147949456


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-03-13 21:53:28.715
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-13 21:53:28.432
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-13 21:53:28.167
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-13 21:53:27.902
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-13 21:53:27.636
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-13 21:53:27.379
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-13 21:53:25.694
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-13 21:53:25.425
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-13 21:53:25.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-13 21:53:24.867
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 2.1.5)
AC3Filter 1.63b (Version: 1.63b)
Acer Arcade Deluxe (Version: 2.0.5225)
Acer Assist
Acer Crystal Eye Webcam 2.0.9.2 (Version: 2.0.9.2)
Acer eDataSecurity Management (Version: 3.0.3062)
Acer Empowering Technology (Version: 3.0.3006)
Acer ePower Management (Version: 3.0.3012)
Acer eRecovery Management (Version: 3.0.3013)
Acer eSettings Management (Version: 3.0.3007)
Acer GameZone Console 2.0.1.1
Acer GridVista (Version: 2.72.317)
Acer Mobility Center Plug-In (Version: 3.0.3000)
Acer Registration
Acer ScreenSaver (Version: 1.11.0805)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Ad-Aware
Ad-Aware (Version: 8.0.0)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 10 Plugin (Version: 10.0.22.87)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Reader 9 (Version: 9.0.0)
Agatha Christie Death on the Nile
Agere Systems HDA Modem
aiofw (Version: 4.2.6.0)
aioprnt (Version: 5.3.1.0)
aioscnnr (Version: 4.2.6.0)
Alabama Smith in Escape from Pompeii
Alice Greenfingers
Annabel
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 8.0.1483.0)
Azada
Backspin Billiards
Best Game Hits 1-4 (Version: 2.00.10.08.27)
Big Fish Games Client (Version: 1.3.0.6)
Big Kahuna Reef
Bonjour (Version: 3.0.0.10)
Bookworm Deluxe
Bricks of Egypt
C4USelfUpdater (Version: 1.00.0000)
Cake Mania
Call of Atlantis
Can You See What I See?
center (Version: 5.0.0.0)
Chicken Invaders 3
Choice Guard (Version: 1.2.87.0)
Chuzzle
ClickArt 50,000
Cooking Quest
Coupon Alert
Coupon Printer for Windows (Version: 4.0)
Coupon Printer for Windows (Version: 5.0.0.0)
Creating Keepsakes Scrapbook Designer (Version: 1.00.0000)
Diner Dash Flo on the Go
Dream Day First Home
Dream Day Wedding
Elizabeth Find, MD - Diagnosis Mystery
ESET Online Scanner v3
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Farm Frenzy – Pizza Party!
Flip Words 2
Game Collection 500,000 (Version: 2.00.10.08.26)
Google Chrome (Version: 25.0.1364.172)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.135)
Graboid Video 1.73 (Version: 1.73)
Haunted Hotel II: Believe the Lies
Heroes Of Hellas
Hidden in Time: Mirror Mirror
Holly 2 - Magic Land
Holly: A Christmas Tale Deluxe
HPSSupply (Version: 110.0.180.000)
Insider Tales – The stolen Venus
Intel® Graphics Media Accelerator Driver
iTunes (Version: 10.5.3.3)
Java 7 Update 11 (Version: 7.0.110)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 12 (Version: 6.0.120)
Jewel Quest Solitaire
Junk Mail filter update (Version: 14.0.8064.206)
Kick N Rush
KODAK AiO Home Center (Version: 5.4.6.4)
ksDIP (Version: 3.20.0000.0001)
Launch Manager
Learning Lodge Navigator
LightScribe  1.4.142.1 (Version: 1.4.142.1)
Little Shop - Road Trip
Little Shop of Treasures
Magic Encyclopedia - Moon Light
Magic Encyclopedia. First Story
Mahjong Escape Ancient China
Mahjongg Artifacts
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Marvell Miniport Driver (Version: 10.55.3.3)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Web Publishing Wizard 1.52
Microsoft Works (Version: 08.05.0818)
MSVCRT (Version: 14.0.1468.721)
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery Case Files - Huntsville
Mystery Cookbook
Mystery Solitaire
Mystery Solitaire - Secret Island
Mystic Diary: Lost Brother
Natalie Brooks - Secrets of Treasure House
Natalie Brooks - The Treasures of the Lost Kingdom
NBC15 News Desktop Alert
NTI Backup Now 5 (Version: 5.1.2.503)
NTI Backup Now Standard (Version: 5.1.2.503)
NTI Media Maker 8 (Version: 8.0.2.6322)
PhotoNow! (Version: 1.1.4619)
PowerDirector (Version: 6.5.2713)
PreReq (Version: 6.0.5.2)
Pretty In Pink
QuickTime (Version: 7.60.92.0)
Realtek High Definition Audio Driver (Version: 6.0.1.5643)
Realtek USB 2.0 Card Reader (Version: 3.0.1.3)
Scepter of Ra
Shop for HP Supplies (Version: 11.0)
Skype™ 5.10 (Version: 5.10.116)
Sprill - The Mystery of The Bermuda Triangle
Sprill and Ritchie - Adventures In Time
Synaptics Pointing Device Driver (Version: 11.1.4.0)
The Curse Of Montezuma
The Treasures Of Mystery Island
TouchFreeze (Version: 1.0.2)
Treasure Masters, Inc.
Turbo Pizza
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
vGrabber (Version: 1.14)
Virtual Earth 3D (Beta) (Version: 3.0.808.29001)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VIVA MEDIA GAME CENTER
VLC media player 1.0.1 (Version: 1.0.1)
VTech Download Agent Library (Version: 1.00.0000)
Wedding Dash
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8064.0206)
Windows Live Essentials (Version: 14.0.8064.206)
Windows Live Mail (Version: 14.0.8064.0206)
Windows Live Photo Gallery (Version: 14.0.8064.206)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Yahoo! Messenger
Yard Sale Hidden Treasures: Sunnyville
Yard Sale Junkie
Zuma Deluxe

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 52%
Total physical RAM: 1976.13 MB
Available physical RAM: 929.84 MB
Total Pagefile: 4197.55 MB
Available Pagefile: 2617.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.51 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:111.57 GB) (Free:59.04 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:111.55 GB) (Free:95.37 GB) NTFS

========================= Users: ========================================

User accounts for \\HEATHER-PC

admin                    Administrator            ASPNET                  
Guest                    Heather                 


**** End of log ****

 

FSS

Farbar Service Scanner Version: 03-03-2013
Ran by Heather (ATTENTION: The logged in user is not administrator) on 13-03-2013 at 22:32:46
Running from "C:\Users\Heather\Desktop"
Windows Vista ™ Home Basic Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: ATTENTION!=====> Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-15 22:09] - [2011-04-21 08:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-18 19:38] - [2010-06-16 10:55] - 0902032 ____A (Microsoft Corporation) 6216A954ED7045B62880A92D6C9B9FC7

C:\Windows\system32\dnsrslvr.dll
[2011-04-14 23:13] - [2011-03-02 09:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\mpssvc.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2010-08-18 19:38] - [2010-06-16 10:09] - 0328704 ____A (Microsoft Corporation) D3E6D78285529962349A7F1617035938

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-20 21:33] - [2008-01-20 21:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-01-20 21:33] - [2008-01-20 21:33] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2008-12-23 08:49] - [2008-12-23 08:49] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll
[2010-04-13 17:59] - [2010-02-18 09:11] - 0190464 ____A (Microsoft Corporation) 6A35D233693EDC29A12742049BC5E37F

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-04-15 19:23] - [2009-03-02 23:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830

 

**** End of log ****

 

AdwCleaner

# AdwCleaner v2.114 - Logfile created 03/13/2013 at 22:54:29
# Updated 05/03/2013 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 1 (32 bits)
# User : admin - HEATHER-PC
# Boot Mode : Normal
# Running from : C:\Users\Heather\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\admin\Desktop\vGrabber.lnk
Folder Found : C:\Program Files\CouponAlert_2p
Folder Found : C:\Program Files\Fast Browser Search
Folder Found : C:\Program Files\FunWebProducts
Folder Found : C:\Program Files\Search Guard Plus
Folder Found : C:\Program Files\Search Guard PlusU
Folder Found : C:\Program Files\SGPSA
Folder Found : C:\Program Files\v-Grabber
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Users\admin\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\admin\AppData\LocalLow\FunWebProducts
Folder Found : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber
Folder Found : C:\Users\Heather\AppData\LocalLow\CouponAlert_2p
Folder Found : C:\Users\Heather\AppData\LocalLow\FunWebProducts
Folder Found : C:\Users\Heather\AppData\LocalLow\Inbox Toolbar
Folder Found : C:\Users\Heather\AppData\LocalLow\MyWebSearch

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\CouponAlert_2p
Key Found : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Guard Plus
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Guard Plus Updater
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0626A63-410B-45E2-99A1-3F2475B2D695}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0626A63-410B-45E2-99A1-3F2475B2D695}
Key Found : HKLM\Software\Bandoo
Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1948934A-1C68-4B2B-9A1F-D12E2A062A1A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1F0A2185-DA7E-4614-91C0-DD5F4A76CB1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{23B0AE65-17D2-4491-98E5-B1AA6228DDA2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{23B38049-323F-443D-9732-F454E5B15B72}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2D205ADF-C992-4EDA-99C3-096E13F38AB4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3462C343-BE19-4143-AF70-CEFB56F46FC6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{411B1946-3277-4A7F-9F60-745266360613}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{457A4CB8-0391-409D-98B4-C4CCB2849670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4D8EACBC-E293-4462-B91E-42EA5B54B743}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{60E91567-EF8A-4520-BCE2-83ABA5256799}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7717F4B3-397F-4CE5-9192-6EFFDE3AC999}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{84576F6E-0660-4B4F-8918-BC6C975044D4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{86D02BCF-0E0E-444F-8A8D-2D5C4A9E6578}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8867AC9B-4426-44A2-A693-C95850D3405C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DEF07ACD-BCEA-4269-933A-4087D20842BB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBBC4E43-292A-40DF-88E3-3262B7521460}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.DynamicBarButton
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.DynamicBarButton.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.FeedManager
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.FeedManager.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLMenu
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLMenu.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLPanel
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLPanel.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.MultipleButton
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.MultipleButton.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.PseudoTransparentPlugin
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.PseudoTransparentPlugin.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.Radio
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.Radio.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.RadioSettings
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.RadioSettings.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.ScriptButton
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.ScriptButton.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.SettingsPlugin
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.SettingsPlugin.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.ThirdPartyInstaller
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.ThirdPartyInstaller.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.ToolbarPlugin
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.ToolbarPlugin.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.UrlAlertButton
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.UrlAlertButton.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.XMLSessionPlugin
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.XMLSessionPlugin.1
Key Found : HKLM\SOFTWARE\Classes\CShared.TB4Client
Key Found : HKLM\SOFTWARE\Classes\CShared.TB4Script
Key Found : HKLM\SOFTWARE\Classes\CShared.TB4Server
Key Found : HKLM\SOFTWARE\Classes\FunWebProductsInstaller.Start
Key Found : HKLM\SOFTWARE\Classes\FunWebProductsInstaller.Start.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Found : HKLM\SOFTWARE\Classes\TBSB07183.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\TBSB07183.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\TBSB07183.TBSB07183
Key Found : HKLM\SOFTWARE\Classes\TBSB07183.TBSB07183.3
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.XBTBPos00
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.XBTBPos00.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D4DB7D0-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{20BCCE5A-C687-46FF-8DD2-AD8235F5F2B4}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3276E8A8-A233-449B-A7EB-FCEE21246018}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{53CA18E7-5223-4358-9FD9-97C62C66C5BD}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{60FC9013-4A5A-4306-9695-FCE0A6617F22}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{7924FD2B-877C-4395-A063-A88AB887EA6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{79583DE9-D0C2-44EF-AE0D-CBFA16C2A785}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8542E415-0E53-4261-8BE4-0D1598229D90}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A4116F8C-A634-4536-B9EF-6B9EBCC5BAE1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C7E7FB02-C4FD-446E-8F5B-463A049935BF}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7CE22AF-CCB3-423F-84D5-4D77152181F3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EBAF2B4F-510A-47C7-86BA-E7D94D1162F6}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\CouponAlert_2p
Key Found : HKLM\Software\FunWebProducts
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Found : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60E91567-EF8A-4520-BCE2-83ABA5256799}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23B38049-323F-443D-9732-F454E5B15B72}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponAlert_2pbar Uninstall
Key Found : HKLM\SOFTWARE\MozillaPlugins\@CouponAlert_2p.com/Plugin
Key Found : HKU\S-1-5-21-2860995476-1793448324-1931068449-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Found : HKU\S-1-5-21-2860995476-1793448324-1931068449-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKU\S-1-5-21-2860995476-1793448324-1931068449-1001\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Found : HKU\S-1-5-21-2860995476-1793448324-1931068449-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7B9F8C21-46EC-4C0B-8683-E755EF84577A}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3462C343-BE19-4143-AF70-CEFB56F46FC6}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [CouponAlert_2p Browser Plugin Loader]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [2pffxtbr@CouponAlert_2p.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.fastbrowsersearch.com/new-tab/?v=13&tid={1D69F07E-816F-492a-A1CD-BAD791A4387F}

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [19768 octets] - [13/03/2013 22:54:29]
AdwCleaner[S1].txt - [372 octets] - [13/03/2013 22:35:47]

########## EOF - \AdwCleaner[R1].txt - [19888 octets] ##########

 

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows Vista ™ Home Basic x86
Ran by admin on Wed 03/13/2013 at 23:59:03.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{a531d99c-5a22-449b-83da-872725c6d0ed}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\admin\appdata\locallow\couponalert_2pei"
Successfully deleted: [Folder] "C:\Program Files\couponalert_2p"
Successfully deleted: [Folder] "C:\Program Files\couponalert_2pei"
Successfully deleted: [Folder] "C:\Program Files\coupons"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/14/2013 at  0:03:27.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Rkill

[Did not run. repeatedly insisted that AppData did not exist, terminated. Link 1 was a bad link, links 2,3,4 downoaded, run, same results.]

 

Autoruns

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Acer Assist Launcher" "Acer Assist Launcher" "Acer Inc." "c:\program files\acer\acer assist\launcher.exe"
+ "Acer Product Registration" "Acer Product Registration" "Leader Technologies" "c:\program files\acer\acer registration\ace1.exe"
+ "Ad-Watch" "Ad-Aware Tray Application" "Lavasoft" "c:\program files\lavasoft\ad-aware\aawtray.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\reader 9.0\reader\reader_sl.exe"
+ "AgentMonitor" "AgentMon Application" "" "c:\program files\vtech\downloadmanager\system\agentmonitor.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "ArcadeDeluxeAgent" "Acer Arcade Deluxe Resident Program" "CyberLink Corp." "c:\program files\acer arcade deluxe\acer arcade deluxe\arcadedeluxeagent.exe"
+ "avast" "avast! Antivirus" "AVAST Software" "c:\program files\avast software\avast\avastui.exe"
+ "BkupTray" "NTI Backup Now 5 Tray Module" "" "c:\program files\newtech infosystems\nti backup now 5\bkuptray.exe"
+ "CLMLServer" "Acer Arcade Deluxe MediaLibrary Service" "CyberLink" "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\clmlsvc.exe"
+ "Coupon Alert Search Scope Monitor" "" "" "File not found: C:\PROGRA~1\COUPON~2\bar\1.bin\2psrchmn.exe"
+ "eDataSecurity Loader" "Acer eDataSecurity Management Loader" "Egis Incorporated" "c:\program files\acer\empowering technology\edatasecurity\x86\edsloader.exe"
+ "EKIJ5000StatusMonitor" "Status Monitor for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build)" "Eastman Kodak Company" "c:\windows\system32\spool\drivers\w32x86\3\ekij5000mui.exe"
+ "ePower_DMC" "Acer ePower Management - DMC" "Acer Inc." "c:\program files\acer\empowering technology\epower\epower_dmc.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "LManager" "Acer Launch Manager Keyboard Application" "Dritek System Inc." "c:\program files\launch manager\lmanager.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "PlayMovie" "Acer Arcade Deluxe PlayMovie Resident Program" "Acer Corp." "c:\program files\acer arcade deluxe\playmovie\pmvservice.exe"
+ "PLFSetI" "DefaultSettingEXE MFC Application" "" "c:\windows\plfseti.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "RtHDVCpl" "HD Audio Control Panel" "Realtek Semiconductor" "c:\windows\rthdvcpl.exe"
+ "Skytel" "Realtek Voice  Manager" "Realtek Semiconductor Corp." "c:\windows\skytel.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics, Inc." "c:\program files\synaptics\syntp\syntpenh.exe"
+ "Windows Defender" "Windows Defender User Interface" "Microsoft Corporation" "c:\program files\windows defender\msascui.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\001" "" "" ""
+ "1" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
+ "D7FDEEA3-8190-4154-AB4F-4823B7508603" "" "" "File not found: C:\Users\admin\AppData\Local\Temp"
+ "DeleteDir[CD8] Search Guard Plus" "" "" "File not found: RD"
+ "DeleteDir[CD8] Search Guard Plus Updater" "" "" "File not found: RD"
+ "DeleteDir[CD8] SGPSA" "" "" "File not found: RD"
+ "Malwarebytes Anti-Malware" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamgui.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Creating Keepsakes Scrapbook Designer Event Reminder.lnk" "Application Support File" "Broderbund Properties LLC" "c:\program files\scrapbook designer\scrapremind.exe"
+ "NBC15 News Desktop Alert.lnk" "" "BIA Information Network" "c:\program files\common files\nbc15 news desktop alert\trueweather.exe"
"C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "OneNote 2007 Screen Clipper and Launcher.lnk" "Microsoft Office OneNote Quick Launcher" "Microsoft Corporation" "c:\program files\microsoft office\office12\onenotem.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Google Chrome" "Google Chrome" "Google Inc." "c:\program files\google\chrome\application\25.0.1364.172\installer\chrmstp.exe"
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "CSmileys" "" "" "File not found: C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe"
+ "Facebook Update" "Facebook Installer" "Facebook Inc." "c:\users\heather\appdata\local\facebook\update\facebookupdate.exe"
+ "TouchFreeze" "TouchFreeze Application" "" "c:\program files\touchfreeze\touchfreeze.exe"
+ "WMPNSCFG" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "YSearchProtection" "" "" "File not found: C:\Program Files\Yahoo!\Search Protection\YspService.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
+ "AutoLaunch" "" "" "c:\program files\lavasoft\ad-aware\autolaunch.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\common files\skype\skype4com.dll"
+ "wlmailhtml" "Windows Live Mail" "Microsoft Corporation" "c:\program files\windows live\mail\mailcomm.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "EDSshellExt" "Acer eDataSecurity Management Explorer Shell Extension" "Egis Incorporated." "c:\program files\acer\empowering technology\edatasecurity\x86\edsshellext.dll"
+ "LavasoftShellExt" "Shell Extension" "" "c:\program files\lavasoft\ad-aware\shellext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EDSshellExt" "Acer eDataSecurity Management Explorer Shell Extension" "Egis Incorporated." "c:\program files\acer\empowering technology\edatasecurity\x86\edsshellext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "LavasoftShellExt" "Shell Extension" "" "c:\program files\lavasoft\ad-aware\shellext.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "egisPSDP" "Egis Inc. PSD DragDrop Protection" "Egis Inc." "c:\program files\acer\empowering technology\edatasecurity\x86\psdprotect.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
+ "ShowBarObj Class" "ActiveToolBand Module" "Egis" "c:\program files\acer\empowering technology\edatasecurity\x86\activetoolband.dll"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" ""
+ "2pSrcAs.dll" "" "" "File not found: C:\Program Files\CouponAlert_2p\bar\1.bin\2pSrcAs.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Acer eDataSecurity Management" "Acer eDataSecurity Management Explorer Toolbar" "Egis Incorporated." "c:\program files\acer\empowering technology\edatasecurity\x86\edstoolbar.dll"
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "\FacebookUpdateTaskUserS-1-5-21-2860995476-1793448324-1931068449-1001Core" "Facebook Installer" "Facebook Inc." "c:\users\heather\appdata\local\facebook\update\facebookupdate.exe"
+ "\FacebookUpdateTaskUserS-1-5-21-2860995476-1793448324-1931068449-1001UA" "Facebook Installer" "Facebook Inc." "c:\users\heather\appdata\local\facebook\update\facebookupdate.exe"
+ "\Microsoft\Microsoft Antimalware\MP Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\antimalware\mpcmdrun.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Windows Defender Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs"
+ "\{0EC0718F-BE03-4499-9BD6-4DCB318BEC07}" "Google Chrome" "Google Inc." "c:\program files\google\chrome\application\chrome.exe"
+ "\{280FCE8F-61D6-4474-BA45-A29DB6FE41FD}" "Google Chrome" "Google Inc." "c:\program files\google\chrome\application\chrome.exe"
+ "\{384778F0-52DA-4386-B04E-95BB489066FF}" "Google Chrome" "Google Inc." "c:\program files\google\chrome\application\chrome.exe"
+ "\{49B30CE2-C2D3-4BA9-BB30-B615D3FB3586}" "Google Chrome" "Google Inc." "c:\program files\google\chrome\application\chrome.exe"
+ "\{8C96CE30-023A-4954-8C07-89AB8B9D4409}" "Google Chrome" "Google Inc." "c:\program files\google\chrome\application\chrome.exe"
+ "\{8F5945F0-9EE7-4F35-8F67-FDEDB1DEF2B9}" "Google Chrome" "Google Inc." "c:\program files\google\chrome\application\chrome.exe"
+ "\{BF9A2F83-476C-423C-BE26-23FEB0B3EAB4}" "Google Chrome" "Google Inc." "c:\program files\google\chrome\application\chrome.exe"
+ "\{C09E9BC9-4856-485B-9DA2-D9EB84C8B61C}" "Google Chrome" "Google Inc." "c:\program files\google\chrome\application\chrome.exe"
+ "\{D2B98170-8151-4DD2-87E2-65C822F8C30E}" "Google Chrome" "Google Inc." "c:\program files\google\chrome\application\chrome.exe"
+ "\{E6D3BF26-4948-4F47-8CD0-E7CDB9ECDB62}" "Google Chrome" "Google Inc." "c:\program files\google\chrome\application\chrome.exe"
+ "\{E9E1F4BF-6D7A-4E42-ABE5-C9C5BFCD6312}" "Google Chrome" "Google Inc." "c:\program files\google\chrome\application\chrome.exe"
+ "\{FD6B98A8-424D-49DD-8023-A80F29D0BE12}" "Google Chrome" "Google Inc." "c:\program files\google\chrome\application\chrome.exe"
+ "\{FF1FBFD8-AF74-427C-8AA8-C86D0AAB5707}" "Google Chrome" "Google Inc." "c:\program files\google\chrome\application\chrome.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AgereModemAudio" "Agere Soft Modem Call Progress Service" "Agere Systems" "c:\windows\system32\agrsmsvc.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "avast! Antivirus" "Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler." "AVAST Software" "c:\program files\avast software\avast\avastsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "BUNAgentSvc" "NTI Backup Now 5 Agent Service" "NewTech Infosystems, Inc." "c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe"
+ "CLHNService" "CLHNService" "" "c:\program files\acer arcade deluxe\homemedia\kernel\dmp\clhnservice.exe"
+ "eDataSecurity Service" "eDataSecurity Service" "Egis Incorporated" "c:\program files\acer\empowering technology\edatasecurity\x86\edsservice.exe"
+ "ETService" "Acer Empowering Technology Service" "" "c:\program files\acer\empowering technology\service\etservice.exe"
+ "gupdate1c99ebd6b332010" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "Kodak AiO Network Discovery Service" "EKDiscovery Module for Kodak AiO Printers" "Eastman Kodak Company" "c:\program files\kodak\aio\center\ekdiscovery.exe"
+ "Lavasoft Ad-Aware Service" "Ad-Aware Service" "Lavasoft" "c:\program files\lavasoft\ad-aware\aawservice.exe"
+ "LightScribeService" "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work." "Hewlett-Packard Company" "c:\program files\common files\lightscribe\lssrvc.exe"
+ "MobilityService" "app" "" "c:\acer\mobility center\mobilityservice.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\antimalware\msmpeng.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\antimalware\nissrv.exe"
+ "NTIBackupSvc" "NTI Backup Now 5 Backup service for backup(restore).  " "NewTech InfoSystems, Inc." "c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe"
+ "NTISchedulerSvc" "NTI Backup Now 5 Manage BackupNow backup jobs and  etc..." "" "c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "RichVideo" "RichVideo Module" "" "c:\program files\cyberlink\shared files\richvideo.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files\skype\updater\updater.exe"
+ "WinDefend" "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions." "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AgereSoftModem" "SoftModem Device Driver" "Agere Systems" "c:\windows\system32\drivers\agrsm.sys"
+ "aswFsBlk" "avast! mini-filter driver (aswFsBlk)" "AVAST Software" "c:\windows\system32\drivers\aswfsblk.sys"
+ "aswMonFlt" "avast! mini-filter driver (aswMonFlt)" "AVAST Software" "c:\windows\system32\drivers\aswmonflt.sys"
+ "AswRdr" "avast! TDI Redirect driver" "AVAST Software" "c:\windows\system32\drivers\aswrdr.sys"
+ "aswRvrt" "avast! Revert" "" "c:\windows\system32\drivers\aswrvrt.sys"
+ "aswSnx" "avast! virtualization driver (aswSnx)" "AVAST Software" "c:\windows\system32\drivers\aswsnx.sys"
+ "aswSP" "avast! Self Protection" "AVAST Software" "c:\windows\system32\drivers\aswsp.sys"
+ "aswTdi" "avast! Network Shield TDI driver" "AVAST Software" "c:\windows\system32\drivers\aswtdi.sys"
+ "aswVmm" "avast! VM Monitor" "" "c:\windows\system32\drivers\aswvmm.sys"
+ "b57nd60x" "Broadcom NetXtreme Gigabit Ethernet NDIS6.0 Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60x.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "DKbFltr" "Dritek PS2 Keyboard Filter Driver" "Dritek System Inc." "c:\windows\system32\drivers\dkbfltr.sys"
+ "E1G60" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g60i32.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv3.sys"
+ "HSFHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl3.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd32.sys"
+ "int15" "Acer int15 service" "Acer, Inc." "c:\windows\system32\drivers\int15.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhda.sys"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys"
+ "Lbd" "Ad-Aware mini-filter driver" "Lavasoft AB" "c:\windows\system32\drivers\lbd.sys"
+ "netr28" "Ralink 802.11 Wireless Adapter Driver" "Ralink Technology, Corp." "c:\windows\system32\drivers\netr28.sys"
+ "NSCIRDA" "NSC Fast Infrared Driver." "National Semiconductor Corporation" "c:\windows\system32\drivers\nscirda.sys"
+ "NTIDrvr" "NTI CD-ROM Filter Driver" "NewTech Infosystems, Inc." "c:\windows\system32\drivers\ntidrvr.sys"
+ "NTIPPKernel" "NTIPPKernel Driver" "Cyberlink Corp." "c:\program files\acer arcade deluxe\homemedia\kernel\dmp\ntippkernel.sys"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "PSDFilter" "PSDFilter Filter Driver" "Egis Incorporated" "c:\windows\system32\drivers\psdfilter.sys"
+ "PSDNServ" "PSDNServ Driver" "Egis Incorporated" "c:\windows\system32\drivers\psdnserv.sys"
+ "psdvdisk" "PSDVdisk Driver" "Egis Incorporated" "c:\windows\system32\drivers\psdvdisk.sys"
+ "RTSTOR" "Realtek USB Mass Storage Driver for Vista" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtstor.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics, Inc." "c:\windows\system32\drivers\syntp.sys"
+ "UBHelper" "NTI CDROM Filter Driver" "NewTech Infosystems Corporation" "c:\windows\system32\drivers\ubhelper.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt3.sys"
+ "WinDriver6" "WinDriver Device Driver 10.10" "Jungo" "c:\windows\system32\drivers\windrvr6.sys"
+ "WSVD" "WIN32" "Wasay" "c:\windows\system32\drivers\wsvd.sys"
+ "yukonwlh" "Miniport Driver for Marvell Yukon Ethernet Controller." "Marvell" "c:\windows\system32\drivers\yk60x86.sys"
+ "{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" "FCL Driver" "Cyberlink Corp." "c:\program files\acer arcade deluxe\playmovie\000.fcl"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.ac3filter" "" "" "c:\windows\system32\ac3filter.acm"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "AC3Filter" "ac3filter" "" "c:\program files\ac3filter\ac3filter.ax"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files\google\google earth\client\wavdest.ax"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "BRCM HD Decoder (PLAYMV)" "bcmDFilter Dynamic Link Library" "Broadcom Corporation" "c:\program files\acer arcade deluxe\playmovie\videofilter\bcmdfilter.dll"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "CL_EVRWindow" "CLEvr" "CyberLink Corp." "c:\program files\acer arcade deluxe\homemedia\kernel\dmp\clevr.dll"
+ "CyberLink AudAna Filter" "CLAudAna" "CyberLink" "c:\program files\cyberlink\powerdirector\pdaudana.dll"
+ "CyberLink Audio Commercial Cut Analyzer" "CLAudCM" "Cyberlink Corp." "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\video\claudcm.ax"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\claud.ax"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\acer arcade deluxe\homemedia\kernel\dmp\claud61.ax"
+ "CyberLink Audio Decoder (PCM45)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\video\claud.ax"
+ "CyberLink Audio Decoder (PLAYMV)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\acer arcade deluxe\playmovie\audiofilter\claud.ax"
+ "CyberLink Audio Effect (PCM45)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\video\claudfx.ax"
+ "CyberLink Audio Effect (PLAYMV)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\acer arcade deluxe\playmovie\audiofilter\claudfx.ax"
+ "CyberLink Audio Noise Reduction" "CLAuNR" "CyberLink Corp." "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\claunrwrapper.ax"
+ "CyberLink Audio Resampler" "CLAuRsmpl.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdirector\pdaursmpl.ax"
+ "CyberLink Audio Resampler" "CLAuRsmpl.ax" "CyberLink Corp." "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\claursmpl.ax"
+ "CyberLink Audio Spectrum Analyzer" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\video\claudspa.ax"
+ "CyberLink Audio Spectrum Analyzer (HomeNetwork)" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\acer arcade deluxe\homemedia\kernel\dmp\claudspa.ax"
+ "CyberLink Audio Wizard (PCM45)" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\video\claudwizard.ax"
+ "CyberLink Audio Wizard (PMV)" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files\acer arcade deluxe\playmovie\audiofilter\claudwizard.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\video\claudiocd.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdirector\pdaudiocd.ax"
+ "Cyberlink Byte Counter Filter" "Cyberlink Byte Counter Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdirector\pdbytecounter.ax"
+ "CyberLink DDR" "CyberLink DDR" "CyberLink Corp." "c:\program files\cyberlink\powerdirector\pdrender.ax"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\cldemuxer.ax"
+ "CyberLink Demultiplexer (PCM45)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\video\cldemuxer.ax"
+ "CyberLink Demultiplexer(Scramble)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\acer arcade deluxe\homemedia\kernel\dmp\cldemuxer.ax"
+ "CyberLink Double Pin Tee" "Cyberlink Double Tee Filter" "CtberLink Corporation" "c:\program files\cyberlink\powerdirector\pddoubletee.ax"
+ "CyberLink DV Buffer" "CLDVBuffer Filter" "CyberLink" "c:\program files\cyberlink\powerdirector\pddvbuffer.ax"
+ "CyberLink DV Dump Filter" "DV dump Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdirector\pddvdump.ax"
+ "CyberLink DV Filter" "DVTCR" "CyberLink" "c:\program files\cyberlink\powerdirector\pddvtcr.ax"
+ "CyberLink DV Reader Filter" "DVMultReader Filter" "CyberLink" "c:\program files\cyberlink\powerdirector\pddvmrd.ax"
+ "Cyberlink DV Scene Detect Filter" "CLDVScnDt" "CyberLink" "c:\program files\cyberlink\powerdirector\pddvscndt.ax"
+ "CyberLink DVD Navigator (PCM45)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\video\clnavx.ax"
+ "CyberLink DVD Navigator (PLAYMV)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\acer arcade deluxe\playmovie\navfilter\clnavx.ax"
+ "CyberLink Editing Service 4.0 (Source)" "CES Kernel (LT15)" "CyberLink Corp." "c:\program files\cyberlink\powerdirector\cledtkrn.dll"
+ "Cyberlink Gate Filter" "CLGate" "CyberLink" "c:\program files\cyberlink\powerdirector\pdgate.ax"
+ "CyberLink HDV Source Filter" "CLImage" "CyberLink" "c:\program files\cyberlink\powerdirector\pdhdvsrc.ax"
+ "CyberLink Line21 Decoder (PLAYMV)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\acer arcade deluxe\playmovie\videofilter\clline21.ax"
+ "CyberLink Line21 Decoder Filter (PCM45)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\video\clline21.ax"
+ "CyberLink Load Image Filter" "CLImage" "CyberLink" "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\climage.ax"
+ "CyberLink MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\video\clsplter.ax"
+ "CyberLink MPEG Splitter(Scramble)" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files\acer arcade deluxe\homemedia\kernel\dmp\clsplter.ax"
+ "CyberLink MPEGV Analyzer" "CLMPEGAnalysis" "CyberLink" "c:\program files\cyberlink\powerdirector\pdh264frameparser.ax"
+ "CyberLink Push-Mode CLStream" "CLStream" "CyberLink" "c:\program files\acer arcade deluxe\homemedia\kernel\dmp\clstream(pushmode).ax"
+ "CyberLink Push-Mode CLStream (cURL)" "CLStream" "CyberLink" "c:\program files\acer arcade deluxe\homemedia\kernel\dmp\clstream(multilib).ax"
+ "CyberLink SAC Video Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\acer arcade deluxe\homemedia\kernel\dmp\clvsd.ax"
+ "Cyberlink Scene Detect Filter" "CLScnDt" "CyberLink" "c:\program files\cyberlink\powerdirector\pdscndt.ax"
+ "CyberLink Scene Detect Filter 2" "CLScnDt2" "訊連科技" "c:\program files\cyberlink\powerdirector\pdscndt2.dll"
+ "CyberLink Scene Detect Filter 2" "CLScnDt2" "訊連科技" "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\clscndt2.dll"
+ "CyberLink SnapShot Filter" "CLSnapShot Filter" "CyberLink" "c:\program files\cyberlink\powerdirector\pdsnapshot.ax"
+ "CyberLink Stamp Effect" "" "CyberLink corporate" "c:\program files\cyberlink\powerdirector\pdstampeffect.ax"
+ "Cyberlink Streamming Filter" "Cyberlink Streaming Source Filter(Scramble)" "CyberLink Corp." "c:\program files\acer arcade deluxe\homemedia\kernel\dmp\clstream.ax"
+ "Cyberlink Sub-Picture Filter" "Cyberlink Sub-Picture Filter" "Cyberlink" "c:\program files\cyberlink\powerdirector\pdsubpic.ax"
+ "Cyberlink SubTitle (PMV)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\acer arcade deluxe\playmovie\videofilter\clsubtitle.ax"
+ "Cyberlink SubTitle Importor (PCM45)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\video\clsubtitle.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\video\clauts.ax"
+ "CyberLink TimeStretch Filter (PLAYMV)" "CLAuTS.ax" "CyberLink Corp." "c:\program files\acer arcade deluxe\playmovie\audiofilter\clauts.ax"
+ "CyberLink TimeStretch Filter(HomeNetwork)" "CLAuTS.ax" "CyberLink Corp." "c:\program files\acer arcade deluxe\homemedia\kernel\dmp\clauts.ax"
+ "CyberLink TL MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\cltlmsplter.ax"
+ "CyberLink Transform Tee" "CyberLink Transform Tee" "CyberLink Corp." "c:\program files\cyberlink\powerdirector\pdtee.ax"
+ "Cyberlink TS Filter Filter" "TSFF" "Cyberlink" "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\cltsff.ax"
+ "Cyberlink TS Information" "CLTSInfo" "Cyberlink" "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\cltsinfo.ax"
+ "CyberLink Tzan Filter (PLAYMV)" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files\acer arcade deluxe\playmovie\videofilter\cltzan.ax"
+ "CyberLink VAudAna Filter" "CLVAudAna" "CyberLink" "c:\program files\cyberlink\powerdirector\pdvaudana.dll"
+ "CyberLink VidAna Filter" "CLVidAna" "CyberLink" "c:\program files\cyberlink\powerdirector\pdvidana.dll"
+ "CyberLink Video Effect (PCM45)" "CLVidFx" "CyberLink" "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\video\clvidfx.ax"
+ "CyberLink Video Effect (PLAYMV)" "CLVidFx" "CyberLink" "c:\program files\acer arcade deluxe\playmovie\videofilter\clvidfx.ax"
+ "CyberLink Video Regulator" "CLRGL" "Cyberlink" "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\clrgl.ax"
+ "Cyberlink Video Regulator" "CyberLink Video Regulator" "CyberLink" "c:\program files\cyberlink\powerdirector\pdresample.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\clvsd.ax"
+ "CyberLink Video/SP Decoder (PCM45)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\video\clvsd.ax"
+ "CyberLink Video/SP Decoder (PLAYMV)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\acer arcade deluxe\playmovie\videofilter\clvsd.ax"
+ "CyberLink Video/SP Decoder (ShEX)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\video\climagevsd.ax"
+ "CyberLink WMV/WMA Demultiplexer" "WMV/WMA Demux" "CyberLink" "c:\program files\acer arcade deluxe\homemedia\kernel\dmp\clwmfdemux.ax"
+ "CyberLink YUY2 DeInterlace" "DitlYuY2" "CyberLink" "c:\program files\cyberlink\powerdirector\pdditlyuy2.ax"
+ "CyberLink YUY2 Sub-Sampling" "SubYUY2 Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdirector\pdsubyuy2.ax"
+ "Frame Drop Filter" "TODO: <File description>" "TODO: <Company name>" "c:\program files\cyberlink\powerdirector\pdframedrop.ax"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "IDM Filter" "idmf" "Cyberlink" "c:\program files\cyberlink\powerdirector\pdidmf.ax"
+ "IDM Filter" "idmf" "Cyberlink" "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\video\idmf.ax"
+ "MainConcept MPEG Audio Encoder" "MPEG Audio Encoder" "MainConcept AG" "c:\program files\newtech infosystems\nti media maker 8\media maker\mceampeg.ax"
+ "MainConcept MPEG Encoder" "MPEG Encoder and Muxer" "MainConcept AG" "c:\program files\newtech infosystems\nti media maker 8\media maker\mcesmpeg.ax"
+ "MainConcept MPEG Multiplexer" "MPEG Multiplexer" "MainConcept AG" "c:\program files\newtech infosystems\nti media maker 8\media maker\mcmuxmpeg.ax"
+ "MainConcept MPEG Splitter" "Mpeg I/II Splitter" "MainConcept AG" "c:\program files\newtech infosystems\nti media maker 8\media maker\mcspmpeg.ax"
+ "MainConcept MPEG Video Encoder" "MPEG Video Encoder" "MainConcept AG" "c:\program files\newtech infosystems\nti media maker 8\media maker\mcevmpeg.ax"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "muvee HXImage Filter" "HXImage Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\hximagefilter.ax"
+ "muvee Music Analyser" "Music Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvmanalyse.ax"
+ "muvee Video Analyser" "Video Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvvanalyse.ax"
+ "PDR Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdirector\pdaud.ax"
+ "PDR Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdirector\pdaudfx.ax"
+ "PDR Audio Encoder" "CyberLink Audio Encoder Filter" "Cyberlink Corp." "c:\program files\cyberlink\powerdirector\pdaudenc.ax"
+ "PDR Audio Noise Reduction" "CLAuNR" "CyberLink Corp." "c:\program files\cyberlink\powerdirector\claunrwrapper.ax"
+ "PDR Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\cyberlink\powerdirector\pddemuxer.ax"
+ "PDR Dump Dispatch Filter" "Cyberlink File Dump Dispatch Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdirector\pddumpdispatch.ax"
+ "PDR Dump Filter" "Cyberlink File Dump Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdirector\pddump.ax"
+ "PDR DVSD Modifier" "Cyberlink DVSD Modifier" "Cyberlink Corp." "c:\program files\cyberlink\powerdirector\dvsdmodifier.ax"
+ "PDR File Reader (Async)" "Cyberlink MPEG File Reader" "CyberLink Corp." "c:\program files\cyberlink\powerdirector\pdreader.ax"
+ "PDR H.264/AVC Decoder" "CyberLink 264 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdirector\pd264dec.ax"
+ "PDR M2V Writer" "CLM2VWriter" "CyberLink" "c:\program files\cyberlink\powerdirector\pdm2vwriter.ax"
+ "PDR MPEG Muxer" "MpgMux" "CyberLink" "c:\program files\cyberlink\powerdirector\pdmpgmux.ax"
+ "PDR MPEG Video Encoder" "CyberLink MPEG Video Encoder                               " "CyberLink Corp.                                            " "c:\program files\cyberlink\powerdirector\pdvidenc.ax"
+ "PDR MPEG-1 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files\cyberlink\powerdirector\pdm1splter.ax"
+ "PDR MPEG-2 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files\cyberlink\powerdirector\pdm2splter.ax"
+ "PDR MPEG-4 Muxer" "PDR MPEG-4 Muxer" "CyberLink Corp." "c:\program files\cyberlink\powerdirector\pdm4muxer.ax"
+ "PDR MPEG-4 Splitter" "PDR MPEG-4 Splitter" "CyberLink Corp." "c:\program files\cyberlink\powerdirector\pdm4splt.ax"
+ "PDR MPEG1/2 Video Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdirector\pdvsd.ax"
+ "PDR SnapShotTIP Filter" "CLSShot" "CyberLink" "c:\program files\cyberlink\powerdirector\pdsshot.ax"
+ "PDR TimeStretch Filter(CES)" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdirector\clauts.ax"
+ "PDR TL MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files\cyberlink\powerdirector\pdtlmsplter.ax"
+ "PDR TS Information" "CLTSInfo" "Cyberlink" "c:\program files\cyberlink\powerdirector\pdtsinfo.ax"
+ "PDR Video Effect" "CLVidFx" "CyberLink" "c:\program files\cyberlink\powerdirector\clvidfx.ax"
+ "PDR Video Regulator" "Video Regulator" "Cyberlink" "c:\program files\cyberlink\powerdirector\clrgl.ax"
+ "PDR Video Stabilizer" "CLVideoDeShaking" "CyberLink" "c:\program files\cyberlink\powerdirector\clvideostabilizer.ax"
+ "PDR WAV Dest" "CLWavDest" "CyberLink" "c:\program files\cyberlink\powerdirector\pdwavdest.ax"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "QTSrc" "QuickTime Source Filter" "CyberLink Corp" "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\clqtsrc.ax"
+ "QTWriter" "CLQTFileWriter" "Cyberlink" "c:\program files\cyberlink\powerdirector\pdqtfilewriter.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "RMWriter" "CLRMFileWriter" "Cyberlink" "c:\program files\cyberlink\powerdirector\pdrmfilewriter.ax"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "SlideShow" "" "" "c:\program files\newtech infosystems\nti media maker 8\photo maker\slideshow.ax"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Time Regulator" "TimeRegulator" "cyberlink" "c:\program files\cyberlink\powerdirector\pdavi_audtr.ax"
+ "WAV Dest" "" "" "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\wavdest.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "lsdelete" "" "" "c:\windows\system32\lsdelete.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "⨀ӏ" "" "" "File not found: ⨀ӏ"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "KODAK EASYSHARE All-in-One Printer" "Language Monitor for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build)" "Eastman Kodak Company" "c:\windows\system32\ekij5000mon.dll"
+ "PCL Language Monitor" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpz3l692.dll"
"C:\Users\Heather\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Avast! antivirus monitor" "Avast! antivirus sidebar gadget." "AVAST Software" "C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget\Gadget.xml"
+ "Clock" "Watch the clock in your own time zone or any city in the world." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\Clock.gadget\en-US\Gadget.xml"
+ "Feed Headlines" "Track the latest news, sports, and entertainment headlines." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\RSSFeeds.Gadget\en-US\Gadget.xml"
+ "Slide Show" "Show a continuous slide show of your pictures." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\SlideShow.Gadget\en-US\Gadget.xml"
 

 

Thanks again.



#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:55 PM

Posted 14 March 2013 - 05:14 PM

Launch Adware cleaner and click on DELETE,post the new log

 

Current issues?



#11 C.Ack

C.Ack
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 14 March 2013 - 05:55 PM

I actually have 4 logs from AdeCleaner. I clicked "Search" the first time last night, and then "delete" a total of three times including just now. I have 1 file with an [R1], the one I already posted, and 3 with an [S1.] Here is the latest one:

 

AdwCleaner - AdwCleaner[S3].txt

# AdwCleaner v2.114 - Logfile created 03/14/2013 at 17:32:31
# Updated 05/03/2013 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 1 (32 bits)
# User : admin - HEATHER-PC
# Boot Mode : Normal
# Running from : C:\Users\Heather\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [19956 octets] - [13/03/2013 22:54:29]
AdwCleaner[S1].txt - [372 octets] - [13/03/2013 22:35:47]
AdwCleaner[S2].txt - [20340 octets] - [13/03/2013 23:40:03]
AdwCleaner[S3].txt - [1175 octets] - [14/03/2013 17:32:31]

########## EOF - \AdwCleaner[S3].txt - [1235 octets] ##########

 

Current condition: New tab page returned to normal, faster response



#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:55 PM

Posted 14 March 2013 - 06:10 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)
 



#13 C.Ack

C.Ack
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 14 March 2013 - 07:46 PM

Thank you very much for all your help! Would it be alright to do another scan with Avast? Just for peace of mind. Take care



#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:55 PM

Posted 14 March 2013 - 07:49 PM

Yes go ahead :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users