Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Network Sharing Center Probelms


  • Please log in to reply
7 replies to this topic

#1 thekitin

thekitin

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 01 April 2013 - 10:41 PM

Running Windows Vista Home. Recently, my son got a new laptop, and while trying to set my printer to share so he can print on
our home network from his laptop, I keep receiving and error message-The specified service does not exist as an installed service.
......Clicking around, I noticed it does it for printer sharing, file sharing, network discovery and so on..I have checked Microsoft forums to no avail and checked that ICS service and WLAN services are running and set to automatic..
I ran a sfc/scan fix in command promptand was given a log that is HUGE and I cannot interpret, but it did say some problems would be fixed when system is restarted, and others cannot be fixed. I am at a loss here. This USED to work. I had it on his older laptop before.
I have made no changes to my computer or reset any of these settings since the last
time I had it set up.  I also got new internet provider last week, and while setting up our new home network, keep getting the same error messages in Network sharing center...Any ideas??

Thanks in Advance,

 

Mary


Edited by hamluis, 04 April 2013 - 08:22 AM.
Moved from Vista to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:20 AM

Posted 02 April 2013 - 03:38 AM

  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another.) and save it to your desktop:
  • Link 1
  • Link 2
  • Link 3
  • Link 4

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.



#3 thekitin

thekitin
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 03 April 2013 - 01:25 PM

Thanks. Here is the copy of log.

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/03/2013 01:21:27 PM in x86 mode.
Windows Version: Windows Vista ™ Home Basic

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
  * HKCU\SOFTWARE\Classes\exefile has been deleted!


Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * BFE [Missing Service]
 * iphlpsvc [Missing Service]
 * MpsSvc [Missing Service]
 * WinDefend [Missing Service]
 * wscsvc [Missing Service]

 * SharedAccess [Missing ImagePath]

 * msiserver => %systemroot%\system32\msiexec.exe /V [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 04/03/2013 01:22:02 PM
Execution time: 0 hours(s), 0 minute(s), and 34 seconds(s)
 



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:20 AM

Posted 03 April 2013 - 09:33 PM

It seems you were infected

 

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run
  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg
  • Click Reboot computer
  • Please post the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply
  • Due to forum upgrade you may face issues posting the TDSSkiller log.Just last few lines of log is sufficient

===================================================

RKILL
  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another.) and save it to your desktop:
  • Link 1
  • Link 2

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

===================================================

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    esetsmartinstaller_enu.png

    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button

===================================================

Junkware Removal Tool by thisisu
  • Please download Junkware Removal Tool
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply.

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • TDSSKiller log
  • RKILL log
  • ESET log
  • Junkware removal tool log



#5 thekitin

thekitin
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 04 April 2013 - 09:25 PM

Okay--Thanks--Here they are---TDSKiller Said no threats found-Here is last few lines or so of log .

 



16:35:28.0858 2812  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42


16:41:03.0679 3152  [ E19C7BCE081B85F86F03AE9D82FFA77B ] C:\Windows\System32\wbem\unsecapp.exe
16:41:03.0679 3152  C:\Windows\System32\wbem\unsecapp.exe - ok
16:41:03.0694 3152  [ 6C69EA6A0C308A0FB81992CAC9F39C59 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
16:41:03.0694 3152  C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll - ok
16:41:03.0694 3152  [ CC30B8E9489F35940DE00F407F61A592 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
16:41:03.0694 3152  C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll - ok
16:41:03.0710 3152  [ 6FE3AFAC99CB6FEB1D67004642B91BFF ] C:\Windows\assembly\GAC\Interop.QBXMLRP2\8.0.0.249__31d8aec643e18259\Interop.QBXMLRP2.dll
16:41:03.0710 3152  C:\Windows\assembly\GAC\Interop.QBXMLRP2\8.0.0.249__31d8aec643e18259\Interop.QBXMLRP2.dll - ok
16:41:03.0710 3152  [ 468859D8FB80A3B8EF1A1470B704411A ] C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBMsgRequestMgr.dll
16:41:03.0710 3152  C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBMsgRequestMgr.dll - ok
16:41:03.0726 3152  [ CC7FB36994D153A7C978F75D1963AFE2 ] C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBMsgMgr.exe
16:41:03.0726 3152  C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBMsgMgr.exe - ok
16:41:03.0726 3152  [ FCAE7BD3F64384E1EE435D6DD064B861 ] C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBMsgMgrps.dll
16:41:03.0726 3152  C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBMsgMgrps.dll - ok
16:41:03.0741 3152  [ 6BEE1814470DC12FA20C53DFC3C97EBB ] C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
16:41:03.0741 3152  C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe - ok
16:41:03.0741 3152  [ D2EA82EA48E894CCF65C9C14AF7ECB6C ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e6001d416f7c468334934a2c6a41c631\System.Configuration.ni.dll
16:41:03.0741 3152  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e6001d416f7c468334934a2c6a41c631\System.Configuration.ni.dll - ok
16:41:03.0757 3152  [ E5BF83C6F9D1412C8FD2CA27D9E6C335 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll
16:41:03.0757 3152  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll - ok
16:41:03.0757 3152  [ 34B3E5C4AF46DDC997F34EC398426A24 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\a0fa9d672445167efeefa37ebc1fbf23\System.Security.ni.dll
16:41:03.0757 3152  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\a0fa9d672445167efeefa37ebc1fbf23\System.Security.ni.dll - ok
16:41:03.0772 3152  ============================================================
16:41:03.0772 3152  Scan finished
16:41:03.0772 3152  ============================================================
16:41:03.0835 3148  Detected object count: 0
16:41:03.0835 3148  Actual detected object count: 0
16:42:37.0404 2784  Deinitialize success

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/04/2013 04:44:26 PM in x86 mode.
Windows Version: Windows Vista ™ Home Basic

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * BFE [Missing Service]
 * iphlpsvc [Missing Service]
 * MpsSvc [Missing Service]
 * WinDefend [Missing Service]
 * wscsvc [Missing Service]



ESET Scanner List
C:\Users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll    a variant of Win32/Adware.Yontoo.B application    
C:\$RECYCLE.BIN\S-1-5-21-2786847773-3535864445-686843180-1000\$RUYL2C4\CS5 Keygen\keygen.exe    a variant of Win32/Injector.BIL trojan    cleaned by deleting - quarantined
C:\3dsmax9Trial\max9keygen.exe    probably a variant of Win32/Keygen.BT application    cleaned by deleting - quarantined
C:\Program Files\Intuit\QuickBooks 2010\patch.exe    a variant of Win32/HackTool.Patcher.T application    cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll    a variant of Win32/Adware.Yontoo.B application    cleaned by deleting - quarantined
C:\Users\Mary\AppData\Local\{e4dab53c-22ca-36de-7ade-59db17937137}\n    Win32/Sirefef.EV trojan    cleaned by deleting - quarantined
C:\Users\Mary\DoctorWeb\Quarantine\00000008.@    Win32/Sirefef.FG trojan    cleaned by deleting - quarantined
C:\Windows\Installer\2d43e2c0.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIMG255P\index[1].htm    JS/Kryptik.FU trojan    cleaned by deleting - quarantined

Junkware removal log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.2 (04.04.2013:1)
OS: Windows Vista ™ Home Basic x86
Ran by Mary on Thu 04/04/2013 at 20:44:57.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2786847773-3535864445-686843180-1000\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2786847773-3535864445-686843180-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\cr_installer
Successfully deleted: [Registry Key] hkey_local_machine\software\freeze.com
Successfully deleted: [Registry Key] hkey_current_user\software\igearsettings
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\tarma installer
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\mywebsearch
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\imside1egate.application.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2790392
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3220468
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{3bd44f0e-0596-4008-aee0-45d47e3a8f0e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0cfe535c35f99574e8340bfa75bf92c2"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\120dfadeb50841f408f04d2a278f9509"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef"
Failed to delete: [Registry Key] "hkey_local_machine\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\scheduled update for ask toolbar"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\basicscan"
Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"
Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\viewpoint"
Successfully deleted: [Folder] "C:\Users\Mary\AppData\Roaming\iwin"
Successfully deleted: [Folder] "C:\Users\Mary\AppData\Roaming\pc cleaners"
Successfully deleted: [Folder] "C:\Users\Mary\AppData\Roaming\pcpro"
Successfully deleted: [Folder] "C:\Users\Mary\appdata\local\blekkotb_031"
Successfully deleted: [Folder] "C:\Users\Mary\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Mary\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files\basicscan"
Successfully deleted: [Folder] "C:\Program Files\blekkotb_031"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Empty Folder] C:\Users\Mary\appdata\local\{e4dab53c-22ca-36de-7ade-59db17937137}
Successfully deleted: [Folder] "C:\Users\Mary\appdata\locallow\asktoolbar"
Failed to delete: [Folder] "C:\Program Files\ask.com"
Failed to delete: [Folder] "C:\Program Files\ask.com\updater"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\search.xml"
Successfully deleted: [File] C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\2d8cmtbl.default\user.js
Successfully deleted: [File] C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\2d8cmtbl.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\2d8cmtbl.default\searchplugins\conduit.xml
Successfully deleted: [Folder] C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\2d8cmtbl.default\conduitcommon
Successfully deleted: [Folder] C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\2okchnq1.default-1342800996893\smartbar
Successfully deleted: [Folder] C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\2okchnq1.default-1342800996893\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Successfully deleted: [Folder] C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\2d8cmtbl.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
Successfully deleted the following from C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\2d8cmtbl.default\prefs.js

user_pref("CT2438727..clientLogIsEnabled", false);
user_pref("CT2438727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2438727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2438727.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2438727.AppTrackingLastCheckTime", "Mon Apr 16 2012 01:30:15 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.BrowserCompStateIsOpen_1000515", true);
user_pref("CT2438727.CT2438727", "CT2438727");
user_pref("CT2438727.CurrentServerDate", "20-7-2012");
user_pref("CT2438727.DSInstall", false);
user_pref("CT2438727.DialogsAlignMode", "LTR");
user_pref("CT2438727.DialogsGetterLastCheckTime", "Thu Jul 19 2012 16:03:37 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"BannerCulture\":\"\",\"DownloadTime\":\"4/5/2012 5:52:08 AM\",\"SourceId\":0,\"
user_pref("CT2438727.EnableClickToSearchBox", false);
user_pref("CT2438727.EnableSearchHistory", false);
user_pref("CT2438727.EnableSearchSuggest", false);
user_pref("CT2438727.FirstServerDate", "5-4-2012");
user_pref("CT2438727.FirstTime", true);
user_pref("CT2438727.FirstTimeFF3", true);
user_pref("CT2438727.FixPageNotFoundErrors", false);
user_pref("CT2438727.GroupingServerCheckInterval", 1440);
user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2438727.HPInstall", false);
user_pref("CT2438727.HasUserGlobalKeys", true);
user_pref("CT2438727.HomePageProtectorEnabled", false);
user_pref("CT2438727.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
user_pref("CT2438727.Initialize", true);
user_pref("CT2438727.InitializeCommonPrefs", true);
user_pref("CT2438727.InstallationAndCookieDataSentCount", 3);
user_pref("CT2438727.InstallationType", "DirectDownload");
user_pref("CT2438727.InstalledDate", "Wed Apr 04 2012 21:51:14 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.IsAlertDBUpdated", true);
user_pref("CT2438727.IsGrouping", false);
user_pref("CT2438727.IsInitSetupIni", true);
user_pref("CT2438727.IsMulticommunity", false);
user_pref("CT2438727.IsOpenThankYouPage", true);
user_pref("CT2438727.IsOpenUninstallPage", true);
user_pref("CT2438727.IsProtectorsInit", true);
user_pref("CT2438727.LanguagePackLastCheckTime", "Fri Jul 20 2012 11:13:36 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2438727.LastLogin_3.10.0.1", "Mon Apr 16 2012 01:29:34 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.LastLogin_3.12.0.7", "Mon Apr 30 2012 19:14:08 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.LastLogin_3.12.2.3", "Fri Jun 01 2012 04:23:28 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.LastLogin_3.13.0.6", "Tue Jul 17 2012 23:39:17 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.LastLogin_3.14.1.0", "Fri Jul 20 2012 11:13:57 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.LatestVersion", "3.14.1.0");
user_pref("CT2438727.Locale", "en");
user_pref("CT2438727.MCDetectTooltipHeight", "83");
user_pref("CT2438727.MCDetectTooltipShow", false);
user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2438727.MCDetectTooltipWidth", "295");
user_pref("CT2438727.MyStuffEnabledAtInstallation", true);
user_pref("CT2438727.OriginalFirstVersion", "3.10.0.1");
user_pref("CT2438727.SearchBackToDefaultEngine", false);
user_pref("CT2438727.SearchCaption", "Zynga Customized Web Search");
user_pref("CT2438727.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
user_pref("CT2438727.SearchFromAddressBarIsInit", true);
user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&SearchSource=2&q=");
user_pref("CT2438727.SearchInNewTabEnabled", true);
user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
user_pref("CT2438727.SearchInNewTabLastCheckTime", "Fri Jul 20 2012 11:13:35 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2438727.SearchInNewTabUserEnabled", false);
user_pref("CT2438727.SearchProtectorEnabled", false);
user_pref("CT2438727.SearchProtectorToolbarDisabled", false);
user_pref("CT2438727.SendProtectorDataViaLogin", true);
user_pref("CT2438727.ServiceMapLastCheckTime", "Fri Jul 20 2012 11:13:35 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.SettingsLastCheckTime", "Fri Jul 20 2012 10:18:18 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.SettingsLastUpdate", "1342352416");
user_pref("CT2438727.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2438727&SearchSource=13");
user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Wed Apr 04 2012 21:51:10 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1312887586");
user_pref("CT2438727.ToolbarShrinkedFromSetup", false);
user_pref("CT2438727.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2438727");
user_pref("CT2438727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2438727.UserID", "UN40803883910175035");
user_pref("CT2438727.ValidationData_Search", 2);
user_pref("CT2438727.ValidationData_Toolbar", 2);
user_pref("CT2438727.alertChannelId", "832836");
user_pref("CT2438727.approveUntrustedApps", true);
user_pref("CT2438727.components.1000515", true);
user_pref("CT2438727.components.129509324767711885", false);
user_pref("CT2438727.components.129665740530401877", false);
user_pref("CT2438727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2438727.globalFirstTimeInfoLastCheckTime", "Mon Apr 16 2012 01:30:10 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.homepageProtectorEnableByLogin", true);
user_pref("CT2438727.initDone", true);
user_pref("CT2438727.isAppTrackingManagerOn", true);
user_pref("CT2438727.isSearchProtectorNotifyChanges", false);
user_pref("CT2438727.myStuffEnabled", true);
user_pref("CT2438727.myStuffPublihserMinWidth", 400);
user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2438727.navigateToUrlOnSearch", false);
user_pref("CT2438727.oldAppsList", "129017707048431316,129017707048587567,111,129509324767711885,129023982676944454,129665740530401877,1000034,1000080,1000082,1000234,1000515,
user_pref("CT2438727.revertSettingsEnabled", false);
user_pref("CT2438727.searchProtectorDialogDelayInSec", 10);
user_pref("CT2438727.searchProtectorEnableByLogin", true);
user_pref("CT2438727.testingCtid", "");
user_pref("CT2438727.toolbarAppMetaDataLastCheckTime", "Fri Jul 20 2012 11:13:36 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.toolbarContextMenuLastCheckTime", "Wed Apr 04 2012 21:51:14 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.usageEnabled", false);
user_pref("CT2438727.usagesFlag", 2);
user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13");
user_pref("CommunityToolbar.ConduitSearchList", "BitTorrentBar Customized Web Search");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727", "\"85cbe4b44e0248f8a85ab082c1bc24c92\"");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2790392/CT2790392", "\"6ec05e18feb6f057b211af0b0555ee442\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/832836/828639/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", "\"1334663508\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "C5ZJe6gL80JBW5CuLy+wkg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "2E1/v7EfCEDbv3VaBQMELg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "UgzXjW7BIkfdx+x39Ruv3w==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "4BgM4MhF/sOgPsDNmIs3Yw==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:1308\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:144a\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"04afd94b864cd1:14f9\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727", "\"5a3bfb736bf65ca0cca630a3f0917948\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2790392", "\"5a3bfb736bf65ca0cca630a3f0917948\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/27/243/CT2438727/Images/Blank.png", "\"27f9ceb6f365cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"2292e5c1512a30b86b91a7e3313d799f\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Mary\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\2d8cmtbl.default\\conduitCommon\\modules\\3.13.0.6");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
user_pref("CommunityToolbar.ToolbarsList", "CT2438727");
user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");
user_pref("CommunityToolbar.ToolbarsList4", "CT2438727");
user_pref("CommunityToolbar.globalUserId", "360e4815-c901-422f-89df-f744e0513fb4");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2790392");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jul 08 2012 21:54:12 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.notifications.alertEnabled", false);
user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Apr 04 2012 21:51:21 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Jul 11 2012 18:50:40 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "8420765a-0aa3-4b8a-ac8e-63114f8d6da7");
user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
user_pref("browser.search.defaultenginename", "Blekko");
user_pref("browser.search.defaultthis.engineName", "BitTorrentBar Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}");
user_pref("browser.search.order.1", "Blekko");
user_pref("browser.search.selectedEngine", "BitTorrentBar Customized Web Search");
user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
user_pref("extensions.asktb.cbid", "FM");
user_pref("extensions.asktb.config-updated", false);
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}");
user_pref("extensions.asktb.displaybehavior", "");
user_pref("extensions.asktb.displaytext", "");
user_pref("extensions.asktb.dtid", "YYYYYYYYUS");
user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.guid", "B958FA3A-B5E1-4D87-8AC8-83EA09E230C5");
user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp
user_pref("extensions.asktb.if", "");
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1342050632086");
user_pref("extensions.asktb.last-search-timestamp", "1342057332015");
user_pref("extensions.asktb.locale", "en_US");
user_pref("extensions.asktb.lstation", "");
user_pref("extensions.asktb.new-tab-enabled", true);
user_pref("extensions.asktb.news-native-on", true);
user_pref("extensions.asktb.o", "14193");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.pstate", "");
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "2");
user_pref("extensions.asktb.sa", "NO");
user_pref("extensions.asktb.search-history-queries", "university of phoenix");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
user_pref("extensions.asktb.socialmini-first", true);
user_pref("extensions.asktb.socialmini-interval", "1200000");
user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
user_pref("extensions.asktb.socialmini-max-items", "30");
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.socialmini-speed", "10000");
user_pref("extensions.asktb.socialmini-transition-first-open", false);
user_pref("extensions.asktb.themeid", "");
user_pref("extensions.asktb.timeinstalled", "7/10/2012 10:06:02 PM");
user_pref("extensions.asktb.v", "3.15.4.100013");
user_pref("extensions.asktb.version", "5.15.4.23821");
user_pref("extensions.asktb.volume", "");
user_pref("yahoo.ytff.search.searchhistory", false);
Successfully deleted the following from C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\2okchnq1.default-1342800996893\prefs.js

user_pref("CT3220468.BT_Stats", "{\"last_log\":1345844259,\"uuid\":85207920044416,\"seq_id\":1,\"ssb\":1345844259}");
user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3220468.Facebook_Mode", "2");
user_pref("CT3220468.Facebook_User_Locale", "en");
user_pref("CT3220468.FirstTime", "true");
user_pref("CT3220468.FirstTimeFF3", "true");
user_pref("CT3220468.LoginRevertSettingsEnabled", true);
user_pref("CT3220468.PG_ENABLE", "dHJ1ZQ==");
user_pref("CT3220468.PG_ENABLE.enc", "ZEhKMVpRPT0=");
user_pref("CT3220468.RevertSettingsEnabled", true);
user_pref("CT3220468.UserID", "UN68963521567991976");
user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT3220468.autoDisableScopes", -1);
user_pref("CT3220468.cb_experience_000.enc", "NDY=");
user_pref("CT3220468.cb_firstuse0100.enc", "MQ==");
user_pref("CT3220468.cb_user_id_000.enc", "Q0I5NjQwMzc2MjEyMzhfMTM2Mjg3ODcwMjA3OV9GaXJlZm94");
user_pref("CT3220468.cbcountry_001", "US");
user_pref("CT3220468.cbfirsttime.enc", "RnJpIEF1ZyAyNCAyMDEyIDE2OjM3OjI5IEdNVC0wNTAwIChDZW50cmFsIERheWxpZ2h0IFRpbWUp");
user_pref("CT3220468.defaultSearch", "FALSE");
user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT3220468.enableAlerts", "always");
user_pref("CT3220468.enableFix404ByUser", "FALSE");
user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
user_pref("CT3220468.firstTimeDialogOpened", "true");
user_pref("CT3220468.fixPageNotFoundError", "true");
user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");
user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
user_pref("CT3220468.fixUrls", true);
user_pref("CT3220468.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES", "resizable=0,hscroll=0,vscroll=0,titlebar=1,closebutton=1,saveresizedsize=0,openposition=alignment:(B;L
user_pref("CT3220468.installId", "fft5A44.tmp.exe");
user_pref("CT3220468.installType", "XPE");
user_pref("CT3220468.isCheckedStartAsHidden", true);
user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3220468.isFirstTimeToolbarLoading", "false");
user_pref("CT3220468.isNewTabEnabled", true);
user_pref("CT3220468.isPerformedSmartBarTransition", "true");
user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3220468&octid=CT3220468&SearchSource=15&CUI=UN6896352156799197
user_pref("CT3220468.lastVersion", "10.15.0.562");
user_pref("CT3220468.mam_gk_appStateReportTime.enc", "MTM2NTEyNjExNDU4NQ==");
user_pref("CT3220468.mam_gk_appState_CouponBuddy.enc", "b24=");
user_pref("CT3220468.mam_gk_appState_PriceGong.enc", "b24=");
user_pref("CT3220468.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnN
user_pref("CT3220468.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
user_pref("CT3220468.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkNvdXBvbkJ1ZGR5IiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiNmNjN2Q4MzUtMTQwNS00NTZhLThhNTYtNGM1Zj
user_pref("CT3220468.mam_gk_currentVersion.enc", "MS40LjQuNg==");
user_pref("CT3220468.mam_gk_first_time.enc", "MQ==");
user_pref("CT3220468.mam_gk_lastLoginTime.enc", "MTM2NTEyNjExNDU4Nw==");
user_pref("CT3220468.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHM
user_pref("CT3220468.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
user_pref("CT3220468.mam_gk_settings1.4.3.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmll
user_pref("CT3220468.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTk1XzAiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVu
user_pref("CT3220468.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTk1XzAiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVu
user_pref("CT3220468.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
user_pref("CT3220468.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
user_pref("CT3220468.mam_gk_userId.enc", "NmZlMzA3NDktZDdjNS00MDQ0LTg1Y2EtNmJjNjZlODczZGRi");
user_pref("CT3220468.mam_gk_user_apps_selection.enc", "");
user_pref("CT3220468.migrateAppsAndComponents", true);
user_pref("CT3220468.missingMachineIdSent", "true");
user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.bleepingcomputer.com%2Fdownload%2Fjunkware-removal-tool%2Fdl%2F
user_pref("CT3220468.openThankYouPage", "true");
user_pref("CT3220468.openUninstallPage", "FALSE");
user_pref("CT3220468.price-gong.isManagedApp", "true");
user_pref("CT3220468.search.searchAppId", "129813684258939747");
user_pref("CT3220468.search.searchCount", "2");
user_pref("CT3220468.searchInNewTabEnabledByUser", "true");
user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
user_pref("CT3220468.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220468\"}");
user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv2.OurToolbar.com//xpi\"}");
user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v2\"}");
user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1365069906530");
user_pref("CT3220468.serviceLayer_services_appTracking_lastUpdate", "1358812961921");
user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1365116670814");
user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1364205906252");
user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1365036833683");
user_pref("CT3220468.serviceLayer_services_login_10.10.20.14_lastUpdate", "1346108722583");
user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1353228738665");
user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358544357428");
user_pref("CT3220468.serviceLayer_services_login_10.14.370.524_lastUpdate", "1364400841161");
user_pref("CT3220468.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359654291952");
user_pref("CT3220468.serviceLayer_services_login_10.14.42.7_lastUpdate", "1361020456353");
user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363209018375");
user_pref("CT3220468.serviceLayer_services_login_10.15.0.562_lastUpdate", "1365108875955");
user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1364205906309");
user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1365036833687");
user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1365036832571");
user_pref("CT3220468.serviceLayer_services_setupAPI_lastUpdate", "1363165499624");
user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1364205906369");
user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1365116670657");
user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1365036843975");
user_pref("CT3220468.settingsINI", true);
user_pref("CT3220468.shouldFirstTimeDialog", "false");
user_pref("CT3220468.showToolbarPermission", "false");
user_pref("CT3220468.smartbar.CTID", "CT3220468");
user_pref("CT3220468.smartbar.Uninstall", "0");
user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
user_pref("CT3220468.toolbarBornServerTime", "25-8-2012");
user_pref("CT3220468.toolbarCurrentServerTime", "4-4-2013");
user_pref("CT3220468.toolbarLoginClientTime", "Wed Mar 13 2013 20:05:54 GMT-0500 (Central Daylight Time)");
user_pref("CT3220468.upgradeFromClearSBVersion", true);
user_pref("CT3220468.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEzNjUwNDM2MDU4NTYsLCxodHRwOi8vd3d3Lmdvb2dsZS5jb20vdXJsP3NhPXQmcmN0PWomcT0mZXN
user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1365126107966,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("extensions.crossrider.bic", "139730a81ef3b301be1311dd16399a99");
user_pref("smartBar.searchInNewTabOwner", "CT3220468");
user_pref("smartbar.machineId", "");
Emptied folder: C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\2okchnq1.default-1342800996893\minidumps [127 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/04/2013 at 20:50:11.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



 



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:20 AM

Posted 05 April 2013 - 01:03 AM

Malwarebytes

Please download Malwarebytes Anti-Malware and save it to your desktop. If you already have it installed launch the program and update the database.

  • Make sure you are connected to the Internet and double-click on the it to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

===================================================

Farbar's MiniToolBox


  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply

===================================================

Farbar's Service Scanner

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===================================================

AdwCleaner by Xplode - Search for Adware

  • Please download AdwCleaner by Xplode onto your desktop.
  • Security softwares may flag it as malicious.This is a false positive and can be ignored.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • Click YES if you receive a warning for reboot
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================

Autoruns
 

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply



  • Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Autoruns log


#7 thekitin

thekitin
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 05 April 2013 - 10:37 AM

whew--ok here they are--thanks

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.04.05.03

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Mary :: MARY-PC [administrator]

4/5/2013 2:17:23 AM
mbam-log-2013-04-05 (02-17-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212503
Time elapsed: 49 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


MiniToolBox by Farbar  Version:05-03-2013
Ran by Mary (administrator) on 05-04-2013 at 10:14:23
Running from "C:\Users\Mary\Downloads"
Windows Vista ™ Home Basic  (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================



# ----------------------------------


Farbar Service Scanner Version: 03-03-2013
Ran by Mary (administrator) on 05-04-2013 at 10:18:01
Running from "C:\Users\Mary\Downloads"
Windows Vista ™ Home Basic  (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

# AdwCleaner v2.200 - Logfile created 04/05/2013 at 10:24:09
# Updated 02/04/2013 by Xplode
# Operating system : Windows Vista ™ Home Basic  (32 bits)
# User : Mary - MARY-PC
# Boot Mode : Normal
# Running from : C:\Users\Mary\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\2d8cmtbl.default\searchplugins\daemon-search.xml
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Users\Mary\AppData\Local\APN
Folder Deleted : C:\Windows\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}

***** [Registry] *****

Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.16982

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0 (en-US)

File : C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\2d8cmtbl.default\prefs.js

Deleted : user_pref("CT2438727.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Deleted : user_pref("CT2438727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2790392/CT2790392[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/832836/828639/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2790392",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/27/243/CT2438727/Images/Blank.png", "\"2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"229[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Mary\\AppData\\Roaming\\Mozilla\\Fi[...]
Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]

File : C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\2okchnq1.default-1342800996893\prefs.js

Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1345844259,\"uuid\":85207920044416,\"seq_id\":1,\"ssb[...]
Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT3220468.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("extensions.basicscan.init", true);
Deleted : user_pref("keyword.URL", "hxxp://www.basicscan.com/?tmp=nemo_results_removelink&prt=BscscnPB&keyword[...]

*************************

AdwCleaner[R1].txt - [10320 octets] - [05/04/2013 10:22:39]
AdwCleaner[S1].txt - [10160 octets] - [05/04/2013 10:24:09]

########## EOF - C:\AdwCleaner[S1].txt - [10221 octets] ##########


"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms"    ""    ""    ""    "11/2/2006 7:46 AM"
+ "rdpclip"    ""    ""    "File not found: rdpclip"    ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "4/5/2013 10:26 AM"
+ "Adobe ARM"    "Adobe Reader and Acrobat Manager"    "Adobe Systems Incorporated"    "c:\program files\common files\adobe\arm\1.0\adobearm.exe"    "12/3/2012 2:34 AM"
+ "AdobeAAMUpdater-1.0"    "Adobe Updater Startup Utility"    "Adobe Systems Incorporated"    "c:\program files\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe"    "2/15/2010 6:11 AM"
+ "AdobeCS5ServiceManager"    "Adobe CS5 Service Manager"    "Adobe Systems Incorporated"    "c:\program files\common files\adobe\cs5servicemanager\cs5servicemanager.exe"    "2/22/2010 6:56 AM"
+ "Intuit SyncManager"    "IntuitSyncManager"    "Intuit Inc. All rights reserved."    "c:\program files\common files\intuit\sync\intuitsyncmanager.exe"    "8/31/2009 1:32 AM"
+ "QuickTime Task"    "QuickTime Task"    "Apple Inc."    "c:\program files\quicktime\qttask.exe"    "11/29/2010 8:20 PM"
+ "SunJavaUpdateSched"    "Java™ Update Scheduler"    "Sun Microsystems, Inc."    "c:\program files\common files\java\java update\jusched.exe"    "1/17/2012 2:07 PM"
+ "SwitchBoard"    "SwitchBoard Server (32 bit)"    "Adobe Systems Incorporated"    "c:\program files\common files\adobe\switchboard\switchboard.exe"    "2/19/2010 3:50 PM"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"    ""    ""    ""    "8/29/2012 5:20 AM"
+ "QuickBooks Update Agent.lnk"    "QuickBooks Automatic Update"    "Intuit Inc."    "c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe"    "9/3/2009 2:39 AM"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"    ""    ""    ""    "3/27/2013 11:20 PM"
+ "Microsoft Windows Mail 7"    "Windows Mail"    "Microsoft Corporation"    "c:\program files\windows mail\winmail.exe"    "5/2/2007 3:28 PM"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "6/23/2012 1:47 PM"
+ "Google Update"    "Google Installer"    "Google Inc."    "c:\users\mary\appdata\local\google\update\googleupdate.exe"    "2/15/2012 9:43 PM"
"HKLM\SOFTWARE\Classes\Protocols\Filter"    ""    ""    ""    "1/18/2008 9:00 AM"
+ "text/xml"    "Microsoft Office XML MIME Filter"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\office11\msoxmlmf.dll"    "4/13/2007 5:22 PM"
"HKLM\SOFTWARE\Classes\Protocols\Handler"    ""    ""    ""    "1/18/2008 9:00 AM"
+ "intu-help-qb3"    "QuickBooks Assistance Library"    "Intuit, Inc."    "c:\program files\intuit\quickbooks 2010\helpasyncpluggableprotocol.dll"    "4/27/2012 1:31 AM"
+ "mso-offdap11"    "Microsoft Office Web Components 2003"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\web components\11\owc11.dll"    "3/24/2009 7:45 PM"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""    "3/8/2011 7:19 PM"
+ "Autodesk.DWF.ContextMenu"    "Autodesk DWF ShellExtension Module"    "Autodesk, Inc."    "c:\program files\common files\autodesk shared\dwf common\dwfshellextension.dll"    "5/12/2006 1:19 AM"
+ "MorpheusShellExt"    ""    ""    "c:\program files\morpheus\morphshellext.dll"    "11/14/2007 1:58 PM"
+ "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"    "3/15/2010 1:28 AM"
+ "Yahoo! Mail"    "Yahoo! Mail"    "Yahoo! Inc."    "c:\program files\yahoo!\common\ymmapi.dll"    "6/25/2007 4:00 PM"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""    "1/18/2008 9:00 AM"
+ "Adobe Drive CS4"    "Adobe Drive Menu"    "Adobe Systems Incorporated"    "c:\program files\common files\adobe\adobe drive cs4\adfsmenu.dll"    "8/14/2008 9:32 AM"
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files\malwarebytes' anti-malware\mbamext.dll"    "12/14/2012 3:52 PM"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""    "1/27/2009 3:11 PM"
+ "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"    "3/15/2010 1:28 AM"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers"    ""    ""    ""    "1/27/2009 3:11 PM"
+ "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"    "3/15/2010 1:28 AM"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""    "1/18/2008 9:00 AM"
+ "Adobe Drive CS4"    "Adobe Drive Menu"    "Adobe Systems Incorporated"    "c:\program files\common files\adobe\adobe drive cs4\adfsmenu.dll"    "8/14/2008 9:32 AM"
+ "NvCplDesktopContext"    "NVIDIA Display Properties Extension"    "NVIDIA Corporation"    "c:\windows\system32\nvcpl.dll"    "6/19/2008 1:27 PM"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers"    ""    ""    ""    "4/13/2012 9:48 PM"
+ "PDF Shell Extension"    "PDF Shell Extension"    "Adobe Systems, Inc."    "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"    "4/3/2012 10:49 PM"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""    "4/13/2012 9:48 PM"
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files\malwarebytes' anti-malware\mbamext.dll"    "12/14/2012 3:52 PM"
+ "MorpheusShellExt"    ""    ""    "c:\program files\morpheus\morphshellext.dll"    "11/14/2007 1:58 PM"
+ "RUShellExt"    "Revo Uninstaller Pro Extension"    "VS Revo Group"    "c:\program files\vs revo group\revo uninstaller pro\ruext.dll"    "8/12/2010 8:45 AM"
+ "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"    "3/15/2010 1:28 AM"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers"    ""    ""    ""    "4/13/2012 9:48 PM"
+ "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"    "3/15/2010 1:28 AM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""    "4/5/2013 10:32 AM"
+ "Adobe PDF Link Helper"    "Adobe PDF Helper for Internet Explorer"    "Adobe Systems Incorporated"    "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"    "4/3/2012 9:37 PM"
+ "Java™ Plug-In 2 SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll"    "7/5/2012 4:21 PM"
+ "Java™ Plug-In SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll"    "7/5/2012 4:22 PM"
"Task Scheduler"    ""    ""    ""    ""
+ "\87349e70"    ""    ""    "File not found: C:\Users\Mary\AppData\Local\Temp\setup1073474480.exe"    ""
+ "\Adobe Flash Player Updater"    "Adobe® Flash® Player Update Service 11.6 r602"    "Adobe Systems Incorporated"    "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"    "2/28/2013 9:40 PM"
+ "\Apple\AppleSoftwareUpdate"    ""    ""    "File not found: C:\Program Files\Apple Software Update\SoftwareUpdate.exe"    ""
+ "\CCleanerSkipUAC"    "CCleaner"    "Piriform Ltd"    "c:\program files\ccleaner\ccleaner.exe"    "6/22/2012 2:11 PM"
+ "\GoogleUpdateTaskUserS-1-5-21-2786847773-3535864445-686843180-1000Core"    "Google Installer"    "Google Inc."    "c:\users\mary\appdata\local\google\update\googleupdate.exe"    "2/15/2012 9:43 PM"
+ "\GoogleUpdateTaskUserS-1-5-21-2786847773-3535864445-686843180-1000UA"    "Google Installer"    "Google Inc."    "c:\users\mary\appdata\local\google\update\googleupdate.exe"    "2/15/2012 9:43 PM"
+ "\ha"    ""    ""    "File not found: C:\Users\Mary\Desktop\clippy\clippy.exe"    ""
+ "\haha"    ""    ""    "File not found: C:\Users\Mary\Desktop\clippy\clippy.exe"    ""
+ "\HPCustParticipation HP Deskjet 1000 J110 series"    "HP Customer Participation."    "Hewlett-Packard Co."    "c:\program files\hp\hp deskjet 1000 j110 series\bin\hpcustpartic.exe"    "10/2/2012 7:57 AM"
+ "\IHUninstallTrackingTASK"    ""    ""    "File not found: DEL"    ""
+ "\Microsoft\Office Genuine Advantage\OGALogon"    ""    ""    "c:\windows\system32\ogaexec.exe"    "8/3/2009 4:54 PM"
+ "\Microsoft\Windows Defender\MP Scheduled Scan"    "Windows Defender Command Line Utility"    "Microsoft Corporation"    "c:\program files\windows defender\mpcmdrun.exe"    "1/16/2007 8:58 PM"
+ "\Microsoft\Windows Defender\MP Scheduled Signature Update"    "Windows Defender Command Line Utility"    "Microsoft Corporation"    "c:\program files\windows defender\mpcmdrun.exe"    "1/16/2007 8:58 PM"
+ "\Microsoft\Windows\Wired\GatherWiredInfo"    ""    ""    "c:\windows\system32\gatherwiredinfo.vbs"    "9/18/2006 4:29 PM"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo"    ""    ""    "c:\windows\system32\gatherwirelessinfo.vbs"    "11/2/2006 7:33 AM"
+ "\RunAsStdUser Task"    ""    ""    "File not found: C:\Users\Mary\AppData\Local\videotwisterSA\bin\1.0.4.0\VideoTwisterSA.exe"    ""
+ "\SandboxieInstall_SandboxieControl"    ""    ""    "File not found: 'C:\Program"    ""
+ "\Scheduled Update for Ask Toolbar"    ""    ""    "File not found: C:\Program Files\Ask.com\UpdateTask.exe"    ""
+ "\SpyHunter4Startup"    ""    ""    "File not found: C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe"    ""
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""    "3/27/2013 11:20 PM"
+ "Autodesk Licensing Service"    "Anchor service for Autodesk products licensed with SafeCast"    "Autodesk"    "c:\program files\common files\autodesk shared\service\adskscsrv.exe"    "4/6/2005 3:15 AM"
+ "eRecoveryService"    "Acer eRecovery Management"    "Acer Inc."    "c:\acer\empowering technology\erecovery\erecoveryservice.exe"    "1/31/2007 9:18 PM"
+ "FLEXnet Licensing Service"    "This service performs licensing functions on behalf of FLEXnet enabled products."    "Acresso Software Inc."    "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"    "5/6/2008 10:26 AM"
+ "LightScribeService"    "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work."    "Hewlett-Packard Company"    "c:\program files\common files\lightscribe\lssrvc.exe"    "12/14/2006 8:36 PM"
+ "lxcc_device"    "Printer Communication System"    " "    "c:\windows\system32\lxcccoms.exe"    "1/30/2007 9:31 AM"
+ "MDM"    "Manages local and remote debugging for Visual Studio debuggers"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\vs7debug\mdm.exe"    "2/23/2001 5:07 AM"
+ "mi-raysat_3dsmax9_32"    "mental ray 3.5 Satellite (32-bit)"    ""    "c:\program files\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe"    "11/29/2004 3:39 PM"
+ "MMIndexer"    "Media Manager Indexer"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\media manager\airsvcu.exe"    "7/15/1997 3:22 AM"
+ "nvsvc"    "Provides system and desktop level support to the NVIDIA display driver"    "NVIDIA Corporation"    "c:\windows\system32\nvvsvc.exe"    "6/19/2008 1:27 PM"
+ "ose"    "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\source engine\ose.exe"    "7/27/2003 11:52 AM"
+ "QBCFMonitorService"    "QuickBooks Company File Monitoring Service"    "Intuit"    "c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe"    "12/5/2009 4:34 PM"
+ "QBFCService"    "QuickBooks FCS module"    "Intuit Inc."    "c:\program files\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs.exe"    "7/23/2009 11:10 PM"
+ "StarWindServiceAE"    "Enables network access to local burners via iSCSI protocol."    "StarWind Software"    "c:\program files\alcohol soft\alcohol 52\starwind\starwindserviceae.exe"    "12/23/2009 11:57 AM"
+ "SwitchBoard"    "Adobe SwitchBoard"    "Adobe Systems Incorporated"    "c:\program files\common files\adobe\switchboard\switchboard.exe"    "2/19/2010 3:50 PM"
+ "TabletServicePen"    "Tablet Service for consumer driver"    "Wacom Technology, Corp."    "c:\windows\system32\pen_tablet.exe"    "9/7/2007 1:16 PM"
+ "WMPNetworkSvc"    "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnetwk.exe"    "11/2/2006 4:07 AM"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""    "3/27/2013 11:20 PM"
+ "adfs"    "Adobe Drive File System Driver"    "Adobe Systems, Inc."    "c:\windows\system32\drivers\adfs.sys"    "8/14/2008 9:57 AM"
+ "BrFiltLo"    "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltlo.sys"    "8/6/2006 4:33 PM"
+ "BrFiltUp"    "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltup.sys"    "8/6/2006 4:33 PM"
+ "BrUsbSer"    "Brother USB Serial Driver"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbser.sys"    "8/9/2006 7:02 AM"
+ "E1G60"    "Intel® PRO/1000 Adapter NDIS 6 deserialized driver"    "Intel Corporation"    "c:\windows\system32\drivers\e1g60i32.sys"    "8/3/2006 4:30 PM"
+ "esgiguard"    ""    ""    "File not found: C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"    ""
+ "int15"    "Acer int15 service"    ""    "c:\acer\empowering technology\erecovery\int15.sys"    "10/1/2003 12:29 AM"
+ "IntcAzAudAddService"    "Realtek® High Definition Audio Function Driver"    "Realtek Semiconductor Corp."    "c:\windows\system32\drivers\rtkvhda.sys"    "2/14/2007 1:11 AM"
+ "IpInIp"    "IP in IP Tunnel Driver"    ""    "File not found: system32\DRIVERS\ipinip.sys"    ""
+ "KMWDFILTER"    "KMWDFilter Driver from UASSOFT.COM"    "Windows ® Codename Longhorn DDK provider"    "c:\windows\system32\drivers\kmwdfilter.sys"    "10/9/2008 10:42 AM"
+ "motmodem"    "Motorola USB Modem and Ports Driver"    "Motorola"    "c:\windows\system32\drivers\motmodem.sys"    "6/18/2007 2:31 PM"
+ "MpKsl039354ee"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{30CBA41C-C6B8-45E2-AE56-257B54D634AB}\MpKsl039354ee.sys"    ""
+ "MpKsl06571b86"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A101111C-F6DA-4C90-831F-4B0858668ECF}\MpKsl06571b86.sys"    ""
+ "MpKsl168944f8"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63B8BCB4-AFFC-40B5-8AC9-28615B15EDB5}\MpKsl168944f8.sys"    ""
+ "MpKsl1ae3b07b"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{366C991D-9138-4F2F-95AC-8596044C9025}\MpKsl1ae3b07b.sys"    ""
+ "MpKsl1be2f2f5"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7ED12DD-EE73-43D7-BB2A-B44AC4C26349}\MpKsl1be2f2f5.sys"    ""
+ "MpKsl21def748"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F6C0A54-D71E-4509-AA77-A944460581BE}\MpKsl21def748.sys"    ""
+ "MpKsl228b560d"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A04E21A9-A603-4085-B0B0-AF592C19F720}\MpKsl228b560d.sys"    ""
+ "MpKsl29403807"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A101111C-F6DA-4C90-831F-4B0858668ECF}\MpKsl29403807.sys"    ""
+ "MpKsl2a5f7818"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C9E86690-E239-4C2A-A50B-D1CB558E3A0C}\MpKsl2a5f7818.sys"    ""
+ "MpKsl2ce087a2"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{366C991D-9138-4F2F-95AC-8596044C9025}\MpKsl2ce087a2.sys"    ""
+ "MpKsl2e7764aa"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F6C0A54-D71E-4509-AA77-A944460581BE}\MpKsl2e7764aa.sys"    ""
+ "MpKsl311eadc4"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D71606B-8E94-4457-90D4-A8499EB7D409}\MpKsl311eadc4.sys"    ""
+ "MpKsl360024f7"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7ED12DD-EE73-43D7-BB2A-B44AC4C26349}\MpKsl360024f7.sys"    ""
+ "MpKsl372b99e2"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F5E9F29-BB2D-4669-BE81-5A700A08501D}\MpKsl372b99e2.sys"    ""
+ "MpKsl374b9ad3"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F5E9F29-BB2D-4669-BE81-5A700A08501D}\MpKsl374b9ad3.sys"    ""
+ "MpKsl37ad0784"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F65D188-0F8A-4E6F-8FFF-9934CE43934D}\MpKsl37ad0784.sys"    ""
+ "MpKsl45350d28"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7ED12DD-EE73-43D7-BB2A-B44AC4C26349}\MpKsl45350d28.sys"    ""
+ "MpKsl4a8d8b76"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63B8BCB4-AFFC-40B5-8AC9-28615B15EDB5}\MpKsl4a8d8b76.sys"    ""
+ "MpKsl4ea0dff6"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{61639C62-FB85-451A-AAD0-A8D94FFDC794}\MpKsl4ea0dff6.sys"    ""
+ "MpKsl51e35019"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{27F5330B-C3EC-4500-AF35-69AD97B21CF1}\MpKsl51e35019.sys"    ""
+ "MpKsl51e5c217"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{366C991D-9138-4F2F-95AC-8596044C9025}\MpKsl51e5c217.sys"    ""
+ "MpKsl549b5845"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7ED12DD-EE73-43D7-BB2A-B44AC4C26349}\MpKsl549b5845.sys"    ""
+ "MpKsl55b31bf4"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C61F2103-58EF-4A3C-B40F-807F62B7ACE6}\MpKsl55b31bf4.sys"    ""
+ "MpKsl63e42d7e"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{41546943-61AC-47A1-9D66-D7AE45E59943}\MpKsl63e42d7e.sys"    ""
+ "MpKsl652be7d8"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F5E9F29-BB2D-4669-BE81-5A700A08501D}\MpKsl652be7d8.sys"    ""
+ "MpKsl67f10cc4"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2137EBFF-1717-4EB3-92C6-E0C4AFE74DD9}\MpKsl67f10cc4.sys"    ""
+ "MpKsl6884125d"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{87CDB784-B273-49E9-AF54-E189C1B7761A}\MpKsl6884125d.sys"    ""
+ "MpKsl6b75fc25"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F6C0A54-D71E-4509-AA77-A944460581BE}\MpKsl6b75fc25.sys"    ""
+ "MpKsl6c799674"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7ED12DD-EE73-43D7-BB2A-B44AC4C26349}\MpKsl6c799674.sys"    ""
+ "MpKsl7915d0bf"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0D19832D-C41E-4571-97E0-E90EA276CFF0}\MpKsl7915d0bf.sys"    ""
+ "MpKsl7dd0637c"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{366C991D-9138-4F2F-95AC-8596044C9025}\MpKsl7dd0637c.sys"    ""
+ "MpKsl7e08f51a"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF149CC3-9DF5-4AFC-9CE6-03E6E97CEDFB}\MpKsl7e08f51a.sys"    ""
+ "MpKsl85611b11"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A3659C83-1EF5-4BE2-9369-508450B7A7E4}\MpKsl85611b11.sys"    ""
+ "MpKsl8f3c4c76"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7ED12DD-EE73-43D7-BB2A-B44AC4C26349}\MpKsl8f3c4c76.sys"    ""
+ "MpKsl907c5618"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{366C991D-9138-4F2F-95AC-8596044C9025}\MpKsl907c5618.sys"    ""
+ "MpKsl9d13497b"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{323C98D3-75F3-4E0B-9CCA-4189812CB2C0}\MpKsl9d13497b.sys"    ""
+ "MpKsl9e5464d8"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C61F2103-58EF-4A3C-B40F-807F62B7ACE6}\MpKsl9e5464d8.sys"    ""
+ "MpKsla0a0502b"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9A899A4-C26A-4C9C-BB0B-B3683B4DC212}\MpKsla0a0502b.sys"    ""
+ "MpKsla24074db"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF149CC3-9DF5-4AFC-9CE6-03E6E97CEDFB}\MpKsla24074db.sys"    ""
+ "MpKsla24f8f1e"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{124157DC-6213-4503-8A93-975D9F1ABD76}\MpKsla24f8f1e.sys"    ""
+ "MpKslb1c18eae"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7ED12DD-EE73-43D7-BB2A-B44AC4C26349}\MpKslb1c18eae.sys"    ""
+ "MpKslb642409b"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7ED12DD-EE73-43D7-BB2A-B44AC4C26349}\MpKslb642409b.sys"    ""
+ "MpKslb68099ed"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7ED12DD-EE73-43D7-BB2A-B44AC4C26349}\MpKslb68099ed.sys"    ""
+ "MpKslb7c5a105"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{30B9DCA9-2F6D-466B-A742-2DE68A5C0381}\MpKslb7c5a105.sys"    ""
+ "MpKslb9d386b0"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7ED12DD-EE73-43D7-BB2A-B44AC4C26349}\MpKslb9d386b0.sys"    ""
+ "MpKslc0bf3b5d"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0D19832D-C41E-4571-97E0-E90EA276CFF0}\MpKslc0bf3b5d.sys"    ""
+ "MpKslc7ba0a30"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C61F2103-58EF-4A3C-B40F-807F62B7ACE6}\MpKslc7ba0a30.sys"    ""
+ "MpKslc8a58eb6"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7ED12DD-EE73-43D7-BB2A-B44AC4C26349}\MpKslc8a58eb6.sys"    ""
+ "MpKslc97dbf85"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F5E9F29-BB2D-4669-BE81-5A700A08501D}\MpKslc97dbf85.sys"    ""
+ "MpKsld3c6b514"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{30B9DCA9-2F6D-466B-A742-2DE68A5C0381}\MpKsld3c6b514.sys"    ""
+ "MpKsldc4257a8"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F5E9F29-BB2D-4669-BE81-5A700A08501D}\MpKsldc4257a8.sys"    ""
+ "MpKsle23e656c"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7ED12DD-EE73-43D7-BB2A-B44AC4C26349}\MpKsle23e656c.sys"    ""
+ "MpKsle45a1539"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9A899A4-C26A-4C9C-BB0B-B3683B4DC212}\MpKsle45a1539.sys"    ""
+ "MpKsle57bfbdf"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{61639C62-FB85-451A-AAD0-A8D94FFDC794}\MpKsle57bfbdf.sys"    ""
+ "MpKsle5d3f789"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AB55CCCB-24A3-4695-A6C3-9A7322EAA60C}\MpKsle5d3f789.sys"    ""
+ "MpKsle7e4e4bc"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A101111C-F6DA-4C90-831F-4B0858668ECF}\MpKsle7e4e4bc.sys"    ""
+ "MpKsleb71e11e"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4161143D-2EE6-4EDC-807B-47AD18F07CBE}\MpKsleb71e11e.sys"    ""
+ "MpKslf51e46de"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0F4A4267-0D36-4915-B01E-4943E5BD9590}\MpKslf51e46de.sys"    ""
+ "MpKslf7ea2f43"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7ED12DD-EE73-43D7-BB2A-B44AC4C26349}\MpKslf7ea2f43.sys"    ""
+ "MpKslf906cd7b"    ""    ""    "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F5E9F29-BB2D-4669-BE81-5A700A08501D}\MpKslf906cd7b.sys"    ""
+ "MREMP50"    "PCAUSA NDIS 5.0 MPR Protocol Driver"    "Printing Communications Assoc., Inc. (PCAUSA)"    "c:\program files\common files\motive\mremp50.sys"    "11/19/2005 3:13 AM"
+ "MREMPR5"    "Motive NDIS 5.0 MPR Protocol Driver"    "Motive, Inc."    "c:\program files\common files\motive\mrempr5.sys"    "11/22/2004 6:36 PM"
+ "MRENDIS5"    "Motive NDIS 5.0 Protocol Driver"    "Motive, Inc."    "c:\program files\common files\motive\mrendis5.sys"    "11/22/2004 6:36 PM"
+ "MRESP50"    "PCAUSA NDIS 5.0 SPR Protocol Driver"    "Printing Communications Assoc., Inc. (PCAUSA)"    "c:\program files\common files\motive\mresp50.sys"    "11/19/2005 3:13 AM"
+ "netr73"    "Ralink 802.11 Wireless Adapter Driver"    "Ralink Technology Inc."    "c:\windows\system32\drivers\wusb54gcx86.sys"    "1/31/2007 3:01 AM"
+ "NTIDrvr"    "NTI CD-ROM Filter Driver"    "NewTech Infosystems, Inc."    "c:\windows\system32\drivers\ntidrvr.sys"    "12/21/2004 3:33 PM"
+ "nvlddmkm"    "NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 175.30 "    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvlddmkm.sys"    "6/19/2008 12:54 PM"
+ "nvstor32"    "NVIDIA® nForce™ Sata Performance Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvstor32.sys"    "1/27/2007 8:19 PM"
+ "NwlnkFlt"    "IPX Traffic Filter Driver"    ""    "File not found: system32\DRIVERS\nwlnkflt.sys"    ""
+ "NwlnkFwd"    "IPX Traffic Forwarder Driver"    ""    "File not found: system32\DRIVERS\nwlnkfwd.sys"    ""
+ "phaudlwr"    "Philips USB Audio Processing Filter"    "Philips Applied Technologies"    "c:\windows\system32\drivers\phaudlwr.sys"    "6/19/2007 7:21 AM"
+ "PL-40R"    "CASIO : LK USB MIDI"    "CASIO COMPUTER CO., LTD."    "c:\windows\system32\drivers\pl40rwdm.sys"    "10/1/2004 2:08 AM"
+ "Revoflt"    "Revo Uninstaller Filter driver"    "VS Revo Group"    "c:\windows\system32\drivers\revoflt.sys"    "12/30/2009 4:18 AM"
+ "secdrv"    "Macrovision SECURITY Driver"    "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."    "c:\windows\system32\drivers\secdrv.sys"    "9/13/2006 8:18 AM"
+ "smserial"    "Motorola SM56 Modem WDM Driver"    "Motorola Inc."    "c:\windows\system32\drivers\smserial.sys"    "10/9/2006 11:47 AM"
+ "SPC1300"    "Philips Camera Streaming Driver"    ""    "c:\windows\system32\drivers\spc1300.sys"    "10/18/2007 1:57 AM"
+ "sptd"    "SCSI Pass Through Direct Host"    "Duplex Secure Ltd."    "c:\windows\system32\drivers\sptd.sys"    "3/3/2012 11:42 AM"
+ "USBAAPL"    ""    ""    "File not found: System32\Drivers\usbaapl.sys"    ""
+ "wacommousefilter"    "Wacom Mouse Filter Driver"    "Wacom Technology"    "c:\windows\system32\drivers\wacommousefilter.sys"    "2/16/2007 1:12 PM"
+ "wacomvhid"    "Virtual Hid Device"    "Wacom Technology"    "c:\windows\system32\drivers\wacomvhid.sys"    "2/16/2007 12:29 PM"
+ "WacomVKHid"    "Virtual Hid Device"    "Wacom Technology"    "c:\windows\system32\drivers\wacomvkhid.sys"    "2/15/2007 6:11 PM"
+ "XIRLINK"    "Win98 WDM driver for C-it Digital Video PC Camera"    "Xirlink, Inc"    "c:\windows\system32\drivers\c-itnt.sys"    "4/27/2000 12:29 PM"
+ "yukonwlh"    "Miniport Driver for Marvell Yukon Ethernet Controller."    "Marvell"    "c:\windows\system32\drivers\yk60x86.sys"    "12/6/2007 7:25 AM"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""    "3/27/2013 11:21 PM"
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codeca.acm"    "1/21/2010 11:02 AM"
+ "msacm.sl_anet"    "Audio codec for MS ACM"    "Sipro Lab Telecom Inc."    "c:\windows\system32\sl_anet.acm"    "6/2/2000 10:53 AM"
+ "vidc.cvid"    "Cinepak® Codec"    "Radius Inc."    "c:\windows\system32\iccvid.dll"    "11/2/2006 4:39 AM"
+ "vidc.DIVX"    "DivX"    "DivX, Inc."    "c:\windows\system32\divx.dll"    "5/14/2008 7:21 PM"
+ "VIDC.YV12"    "DivX"    "DivX, Inc."    "c:\windows\system32\divx.dll"    "5/14/2008 7:21 PM"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""    "3/23/2010 9:23 PM"
+ "9x8Resize"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
+ "AC3Filter"    "ac3filter"    ""    "c:\program files\ac3filter\ac3filter.ax"    "8/19/2003 2:20 AM"
+ "Allocator Fix"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
+ "Async Source Filter"    "MAGIX Video Source Filter"    "MAGIX AG"    "c:\program files\magix\slideshow_maker\regmodule\hhvideosource.ax"    "10/9/2008 6:45 AM"
+ "Bitmap"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
+ "Capture ASF Writer"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
+ "CLSID_CMXDVRender"    "MXAVIREADER"    "MAGIX AG"    "c:\program files\magix\slideshow_maker\regmodule\mxavireader.dll"    "9/12/2008 8:34 AM"
+ "CLSID_CMXDVSourceFilter"    "MXAVIREADER"    "MAGIX AG"    "c:\program files\magix\slideshow_maker\regmodule\mxavireader.dll"    "9/12/2008 8:34 AM"
+ "DivX Decoder Filter"    "DivX® Decoder Filter"    "DivX, Inc."    "c:\windows\system32\divxdec.ax"    "5/9/2008 10:19 AM"
+ "Frame Eater"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
+ "Honestech VCD/SVCD Encoder"    "honest technology, VCD/SVCD encoder"    "honest technology"    "c:\windows\system32\htvcdsvcd70.ax"    "4/25/2002 9:39 PM"
+ "Infinite Pin Tee"    "MAGIX Tee Filter"    "MAGIX AG"    "c:\program files\magix\slideshow_maker\regmodule\hhmultee.ax"    "5/2/2006 8:42 AM"
+ "MAGIX FlexRend"    "MAGIX FlexRend"    "MAGIX AG"    "c:\program files\magix\slideshow_maker\regmodule\flexrend.ax"    "12/23/2004 7:39 AM"
+ "Magix WAV Dest"    ""    ""    "c:\program files\magix\slideshow_maker\regmodule\wavdest.ax"    "7/2/2008 6:14 AM"
+ "Multiple File Output"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
+ "Proxy Sink"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
+ "Proxy Source"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
+ "Record Queue"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
+ "ShotDetect"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
+ "Stetch"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
+ "Video Source Filter"    "MAGIX Video Source Filter"    "MAGIX AG"    "c:\program files\magix\slideshow_maker\regmodule\hhvideosource.ax"    "10/9/2008 6:45 AM"
+ "Wav Source Filter"    "Custom Wav Source Filter"    "Magix Development"    "c:\program files\magix\slideshow_maker\regmodule\hhwavsource.ax"    "6/3/2002 9:24 AM"
+ "WM VIH2 Fix"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
+ "WMT Audio Analyzer"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
+ "WMT Black Frame Generator"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
+ "WMT DV Extract Filter"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
+ "WMT FormatConversion"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
+ "WMT Import Filter"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
+ "WMT Interlacer"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
+ "WMT Log Filter"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
+ "WMT MuxDeMux Filter"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
+ "WMT Sample Info Filter"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
+ "WMT Switch Filter"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
+ "WMT Virtual Renderer"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
+ "WMT Virtual Source"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
+ "WMT Volume"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"    "11/2/2006 4:46 AM"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries"    ""    ""    ""    "10/12/2009 2:30 PM"
+ "mdnsNSP"    "Bonjour Namespace Provider"    "Apple Inc."    "c:\program files\bonjour\mdnsnsp.dll"    "11/10/2008 6:48 PM"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors"    ""    ""    ""    "4/5/2013 10:26 AM"
+ "3300 Series Port"    "Printer Communication System"    " "    "c:\windows\system32\lxcclmpm.dll"    "1/30/2007 9:36 AM"
+ "EPSON NX410 Series 32MonitorBA"    "EPSON Bi-directional Monitor x86"    "SEIKO EPSON CORPORATION"    "c:\windows\system32\e_flbfca.dll"    "8/8/2008 2:54 AM"
+ "HP 8811 Status Monitor"    "Print Status Language Monitor"    "Hewlett-Packard Co."    "c:\windows\system32\hpinksts8811lm.dll"    "9/12/2012 7:01 AM"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order"    ""    ""    ""    "11/2/2006 7:46 AM"
+ "AdobeDriveCS4_NP"    "Adobe Drive CS4 Network"    "Adobe Systems Incorporated"    "c:\program files\common files\adobe\adobe drive cs4\adobedrivecs4_np.dll"    "8/14/2008 9:39 AM"

 



#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:20 AM

Posted 05 April 2013 - 10:41 AM

Download Services repair tool from here

ServicesRepair

  • Double-click ServicesRepair.exe
  • If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
  • Once the tool is finished you will be prompted to restart your computer. Click Yes to restart.

Run Farbar service scanner again and post the new log
 

Let me know if you still have issues.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users