Jump to content


Photo
- - - - -

Getting rid of Secure Search


  • Please log in to reply
16 replies to this topic

#1 jimindt

jimindt

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 02 March 2013 - 09:11 PM

I just installed AdAware Free 10.5 and a LavaSoft Secure Search has replaced the standard Google Search. Well, thanks but no thanks.

So how do I remove it short of removing AdAware completely - which I will do if needed.

I've looked all over Firefox and don't see any way to remove it. I've also uninstalled everything but the basic AdAware.

#2 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 6777 posts

Posted 03 March 2013 - 12:48 AM

Hi jimindt,

Have you restarted the computer after the uninstallation of the toolbar?
That's important.

Do you mean as a search engine used in the search field or in some other way?
You handle the search engines by clicking on the little down-arrow at the left side of the search field, and selecting "Handle Search Engines" (or maybe it's "Manage Search Engines"). There you can select the search engine you want to use now, change the order of the search engines and remove search engines.

#3 jimindt

jimindt

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 03 March 2013 - 06:11 AM

Thanks, that down arrow advice did it. Never really noticed that before.

Jim

#4 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 6777 posts

Posted 03 March 2013 - 11:30 AM

You are welcome, Jim :)
I'm glad it has been resolved.

#5 bedlam49

bedlam49

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 10 March 2013 - 03:11 PM

I have Ad-aware free antivirus+ ver, 10.5.1.4369 and since installing it the search facility from the location bar has been replaced with lavasoft secure search. How do I reset this to google as I had it before. This not from the search bar, I have already set that to google, but from the location abr.

#6 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 6777 posts

Posted 10 March 2013 - 06:34 PM

Hi bedlam49,

I assume that your question is about the location bar in Firefox.

In Firefox location bar enter:

about:config

Find the entry called "keyword.URL".
Right-click it and select to restore the original value.

Restart Firefox.

Did it help?

#7 carlsutherland

carlsutherland

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 10 March 2013 - 08:01 PM

I have a Mac with Fusion and Windows 7. How do I get rid of Secure Search?

Thank you

Carl

#8 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 6777 posts

Posted 10 March 2013 - 11:39 PM

Hi Carl,

How do you notice Secure Search and in which browser?

#9 kfirl

kfirl

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 16 March 2013 - 10:44 PM

I am thoroughly frustrated. I installed AdAware Free 10.5, which I have immediately uninstalled. However, the LavaSoft Secure Search has replaced my Google search in all my browsers. I have removed it using the anti-malware Adwcleaner, and that has helped for a while, but now it is back on all my PCs and browsers. I use Chrome, Firefox and EI.

There must be a way to stop this from happening and it is not in the best interest of your company to become so intrusive that people will consider you a malware (which is my feeling toward the Lavasoft Search right now).

Please provide clear instructions for removing it once and for all from all browsers. Thank you.

#10 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 6777 posts

Posted 17 March 2013 - 02:29 AM

Hi kfirl,

Please, note that the purpose of the forum is to let users of the free version of Ad-Aware help each other. I'm not working at Lavasoft and the forum isn't monitored by the Lavasoft staff.

Have you checked if you still have "Ad-Aware Browsing Protection" or any other Ad-Aware/Lavasoft program installed?
See How to uninstall Ad-Aware 10.x.
Did you uninstall according to the instruction or did you miss to turn of the browsers first?

#11 kfirl

kfirl

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 17 March 2013 - 09:01 AM

Hi Cecilia,

Sorry for that. The Lavasoft logo is confusing because it makes the forum look like something formally connected with the company.

As to your questions, I did everything according to instructions, including turning off the browser first. Using adwcleaner actually cleaned my system for a while, and then the Lavasoft Search came up again, which means that malware is installed somewhere in the system, that makes that happen. Short of suing Lavasoft I have tried everything else I could think of or was suggested in the web.

#12 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 6777 posts

Posted 17 March 2013 - 10:37 AM

Hi kfirl,

It is Lavasoft that pays for and administrates the forum, it is their forum, but paying customers can get help directly from the Lavasoft support team.

I'll try to help you.

Save OTL on the Desktop. http://oldtimer.geekstogo.com/OTL.exe
Close all programs.
Double-click OTL to run it.

Click on Quick Scan and do not use the computer while the program runs.

When the program finishes two log files are created on the Desktop, OTL.txt och Extras.txt. Paste the contents of the log OTL.txt into your answer but attach Extras.txt (if you don't see how to attach files click the button "More Reply Options" ).

#13 paablo

paablo

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 28 March 2013 - 03:27 AM

Here is my text copied from the .txt file. I'm having similar problem to the user above only I'm using chrome. Have already uninstalled everything but LS Secure Search keeps showing up as my home page and killing my tabs.


OTL Extras logfile created on: 3/27/2013 9:10:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:UserspabloDownloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 4.60 Gb Available Physical Memory | 58.12% Memory free
15.82 Gb Paging File | 12.86 Gb Available in Paging File | 81.24% Paging File free
Paging file location(s): ?:pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)
Drive C: | 279.45 Gb Total Space | 6.58 Gb Free Space | 2.35% Space Free | Partition Type: NTFS
Drive D: | 394.18 Gb Total Space | 387.85 Gb Free Space | 98.40% Space Free | Partition Type: NTFS

Computer Name: PABLO-PC | User Name: pablo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]
.url[@ = InternetShortcut] -- C:WindowsSysNativerundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]
.cpl [@ = cplfile] -- C:WindowsSysWow64control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%System32control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]
"{071EF883-7033-4617-A0C0-8761111EBED5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%system32svchost.exe |
"{0ECC1F74-A8B8-4438-A634-BAB23D1E9F05}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%system32svchost.exe |
"{16FB1D6B-E58F-4E56-B770-B4E6732184C3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1A165FF4-80F7-488F-A0ED-2A89D740AF12}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{221CBC3C-1361-4C32-A249-322EE1AFC1B8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%system32svchost.exe |
"{223C1F88-D410-4028-B7D0-B84C4771DF0B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%system32svchost.exe |
"{2CE2C232-DEBE-48D9-BAB6-AFF70DA911C3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{320DB105-FD75-4B51-9ECC-5F9E79D20DE8}" = rport=445 | protocol=6 | dir=out | app=system |
"{32CA6032-93C4-4472-A793-FC6A795651DE}" = lport=5353 | protocol=17 | dir=in | name=java™ platform se binary |
"{35A3FE76-23BB-4251-AAA4-C7AB9D22107F}" = rport=139 | protocol=6 | dir=out | app=system |
"{3880F501-EB0C-46AB-9551-62BB3C9B1F0C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%system32svchost.exe |
"{38EFCB52-D9B5-4BEE-B808-13F56F355FCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%system32svchost.exe |
"{3ED89AA3-695E-40F9-8500-C74E2AD1F006}" = lport=138 | protocol=17 | dir=in | app=system |
"{4194187F-A3E7-4AED-BA30-894473D9F2BE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{44D4FF16-C29D-4F54-B195-651242AD2217}" = lport=10243 | protocol=6 | dir=in | app=system |
"{459EE055-1998-4831-BF22-2730BB534F72}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%system32svchost.exe |
"{45CF7F82-F8CF-4D34-8C87-BCC3F1A3C516}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%system32svchost.exe |
"{48D91894-E089-4A61-B66D-119D7AA63940}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%system32svchost.exe |
"{52CC062B-DE5B-49B5-B250-330DBAEEA159}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%system32svchost.exe |
"{648B2C77-FAF9-4496-807F-09D70D9E1C4F}" = lport=445 | protocol=6 | dir=in | app=system |
"{65543B72-0F54-4C84-AC50-77122D8D9F00}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%system32spoolsv.exe |
"{6FB2503E-D171-4A06-AC39-2557B145092F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%system32svchost.exe |
"{7FA3C0C8-AB85-434F-890E-D03AD770B4AA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8146C526-FC5B-4A18-8B46-30C7983BBCB0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%system32svchost.exe |
"{86315A17-DE80-44ED-9DB5-8C8C466070A4}" = lport=8182 | protocol=6 | dir=in | name=java™ platform se binary |
"{96A67479-88E7-4D80-849D-8CD2499F1E22}" = rport=137 | protocol=17 | dir=out | app=system |
"{B155DB3B-ACC8-4FF1-8D15-A51DFF630EB0}" = rport=138 | protocol=17 | dir=out | app=system |
"{B87B5D13-6DEB-4E55-B422-F7042231374A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%system32svchost.exe |
"{D6FD7BC3-D32C-46A1-AC1A-A6DEFB27B720}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%system32svchost.exe |
"{E0401C99-8A31-4A8E-B5A2-D858E5DD3CCF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%system32svchost.exe |
"{EFCBDC21-079E-4A6E-9CBF-A5DEFCC5E328}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%system32svchost.exe |
"{F01E8991-5ADE-4E15-9F0D-D3365E7BCBF7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%system32svchost.exe |
"{F469B4AB-8DF8-4419-BE89-024EBCB2F36C}" = lport=137 | protocol=17 | dir=in | app=system |
"{F48F98FD-7DA7-494B-B6D1-401AC20EF8C8}" = lport=6004 | protocol=17 | dir=in | app=c:program files (x86)microsoft officeoffice14outlook.exe |
"{FBCE5D20-A194-46F4-8BD0-3600FC9275E8}" = lport=139 | protocol=6 | dir=in | app=system |
"{FFFB8106-AE60-44B7-9395-63A652D14653}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%system32svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]
"{027E970F-864E-4675-9E90-8997AADF760D}" = dir=in | app=c:program filesintelwifibinpandhcpdns.exe |
"{0D86B527-DE9F-4FFE-991E-76BCA6323B0A}" = protocol=17 | dir=in | app=c:program files (x86)avgavg2012avgemca.exe |
"{0DCA29EA-A555-40D7-B117-E88FDE8642B8}" = protocol=6 | dir=in | app=c:program files (x86)avgavg2012avgnsa.exe |
"{1244CD8C-A88B-429F-BB14-6A344FE681E1}" = protocol=17 | dir=in | app=c:windowssystem32dmwu.exe |
"{17835EDB-7DE4-4FD5-A01F-170B256CAC3A}" = protocol=6 | dir=in | app=c:program files (x86)microsoft officeoffice14groove.exe |
"{182294EF-592A-4E49-80D9-283C225F61AB}" = protocol=6 | dir=in | app=c:program files (x86)avgavg2012avgdiagex.exe |
"{188A8976-8F41-4670-BFE3-21BD3547F5F2}" = protocol=17 | dir=out | app=%programfiles%windows media playerwmpnetwk.exe |
"{1D1BD15E-E94C-4190-ABBC-78A345DE3126}" = protocol=17 | dir=in | app=%programfiles%windows media playerwmpnetwk.exe |
"{20762AD9-46D0-4ABF-BE47-26F849109502}" = dir=in | app=c:userspabloappdatalocalfacebookvideoskypefacebookvideocalling.exe |
"{2B0A300F-2FA9-4EE6-98F0-44D93A1F0EB4}" = dir=in | app=c:program files (x86)windows livemessengermsnmsgr.exe |
"{2F2AD111-1190-455F-99F2-34F8BD5CD62A}" = protocol=6 | dir=out | app=%programfiles%windows media playerwmpnetwk.exe |
"{2F9C0AA5-4EDD-437D-8BB6-51216BAB228E}" = protocol=17 | dir=out | app=%programfiles%windows media playerwmplayer.exe |
"{30E876E5-7CBD-4B21-991D-949ED749028A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{33F18CDF-7B36-48A3-BA9D-2E86A3C0E706}" = dir=in | app=c:program files (x86)common filesappleapple application supportwebkit2webprocess.exe |
"{34236C79-5CF5-4AB7-95C1-029A567DE0EE}" = protocol=6 | dir=out | app=%programfiles%windows media playerwmplayer.exe |
"{37852D8D-D611-4988-9841-6A8F6AB3BD5D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3BC2F892-7C53-4BD7-9D48-A0AD18B0E02C}" = protocol=17 | dir=in | app=%programfiles(x86)%windows media playerwmplayer.exe |
"{464B9D8F-FF3D-493C-B07F-596208746274}" = protocol=6 | dir=in | app=c:program files (x86)avgavg2012avgemca.exe |
"{469DBBC1-6E06-4F67-9F27-803C6E397A70}" = protocol=17 | dir=in | app=c:program files (x86)bonjourmdnsresponder.exe |
"{4E6FA5BE-9029-4CC5-ABEE-659C6C00E375}" = dir=in | app=c:program files (x86)intel corporationintel widiwidiapp.exe |
"{543C2325-84D6-417C-B114-5272AC4FED02}" = protocol=17 | dir=in | app=c:windowssystem32arfcwrtc.exe |
"{54EF2EBC-E3B2-44BF-9FEA-2280AA2ED706}" = protocol=17 | dir=in | app=c:program files (x86)microsoft officeoffice14onenote.exe |
"{57D1F1AF-F092-4275-96EF-9937FF3C1F1F}" = protocol=17 | dir=in | app=%programfiles%windows media playerwmplayer.exe |
"{5A54C572-0772-45BF-B388-448674F1D6D4}" = protocol=6 | dir=in | app=c:program filesbonjourmdnsresponder.exe |
"{5FFE8A62-B823-4B27-A44C-A6C4A983CC16}" = protocol=17 | dir=in | app=c:program files (x86)microsoft officeoffice14groove.exe |
"{6553AEF7-93A2-41AB-8D19-50E34D355B5E}" = protocol=17 | dir=in | app=c:program files (x86)avgavg2012avgdiagex.exe |
"{6EB1C0F6-F0A7-4128-B5D2-C473914B5E17}" = protocol=17 | dir=in | app=%programfiles%windows media playerwmplayer.exe |
"{6F35A1F3-53AE-441E-AD6B-27CD8A651C22}" = protocol=17 | dir=in | app=c:program files (x86)avgavg2012avgnsa.exe |
"{753CF001-0EE4-4E98-BE31-CC6BC86CBC1E}" = protocol=6 | dir=out | app=system |
"{791077C2-119B-483E-ACC9-A0ED846C0768}" = dir=in | app=c:program files (x86)windows livemeshmoe.exe |
"{7EBC7CDA-A162-41CE-9F02-0B309AA35C30}" = protocol=6 | dir=in | app=c:program files (x86)microsoft officeoffice14onenote.exe |
"{84CC975F-F0D8-448C-BA42-0C5DF0CB74C2}" = protocol=17 | dir=out | app=%programfiles(x86)%windows media playerwmplayer.exe |
"{8A9504A0-828D-4B5E-BBAA-AA0D6BA2462B}" = protocol=6 | dir=out | app=%programfiles(x86)%windows media playerwmplayer.exe |
"{927FADD3-3E5F-430B-B872-A5712917FDA6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{92DA9F80-3FA7-4298-9658-411A062B7FB0}" = protocol=6 | dir=out | app=%programfiles%windows media playerwmplayer.exe |
"{9610DA02-3835-43C8-AAF0-AF415ECA40F4}" = protocol=6 | dir=in | app=c:windowssystem32dmwu.exe |
"{9D1752E8-13D0-4B30-B78E-0E1DEF1AED68}" = protocol=6 | dir=in | app=c:program files (x86)avgavg2012avgmfapx.exe |
"{A6438D22-3981-4006-B363-8D32C3FA6D55}" = protocol=17 | dir=out | app=%programfiles%windows media playerwmplayer.exe |
"{BBBDE200-F7D5-4093-AD07-9D03118CFB8A}" = protocol=6 | dir=in | app=c:windowssystem32arfcwrtc.exe |
"{BBC32A8B-5AE4-48FB-BDBF-E71B3DA7621F}" = protocol=6 | dir=in | app=%programfiles%windows media playerwmpnetwk.exe |
"{BEF3E7B5-A0BC-43D5-9CDC-C130EB1656A2}" = protocol=6 | dir=in | app=c:userspabloappdataroamingdropboxbindropbox.exe |
"{C120279B-2C80-4E50-AAE2-81F17DD47227}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%system32svchost.exe |
"{C1456C4E-315C-4E3B-B023-1934CCC9CD2F}" = protocol=17 | dir=in | app=c:userspabloappdataroamingdropboxbindropbox.exe |
"{C2715ABD-2FCA-4730-ADDA-CE3E2BDB6EF2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C69C2445-6310-4650-BCBA-BCC5DE94A5A5}" = protocol=17 | dir=in | app=c:program filesbonjourmdnsresponder.exe |
"{D94B4F60-3B1F-4685-B95D-2A0330BD776D}" = dir=in | app=c:program files (x86)itunesitunes.exe |
"{E3855588-BC3F-4A30-AE2A-787203E9B6CA}" = protocol=17 | dir=in | app=c:program files (x86)avgavg2012avgmfapx.exe |
"{E6B0EF51-00A0-4BC8-8249-D6D366A96D6E}" = dir=in | app=c:program files (x86)windows livecontactswlcomm.exe |
"{F46E3742-E181-4256-9EC8-0D5BC6F17FAB}" = protocol=6 | dir=in | app=c:program files (x86)bonjourmdnsresponder.exe |
"{FC76BF47-F613-42A2-A687-BBF070E8F54D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%system32svchost.exe |
"TCP Query User{225AED34-D041-41D6-87D6-13396A8E50D7}C:userspabloappdataroamingdropboxbindropbox.exe" = protocol=6 | dir=in | app=c:userspabloappdataroamingdropboxbindropbox.exe |
"TCP Query User{C4CDF7CD-389B-4359-A44E-87ED25A04CC8}C:userspabloappdataroamingspotifyspotify.exe" = protocol=6 | dir=in | app=c:userspabloappdataroamingspotifyspotify.exe |
"UDP Query User{3A5A4E36-C332-4174-9BE0-EE573ED9703F}C:userspabloappdataroamingspotifyspotify.exe" = protocol=17 | dir=in | app=c:userspabloappdataroamingspotifyspotify.exe |
"UDP Query User{AEDE3F77-B7AE-42F7-AA57-2EDF72407380}C:userspabloappdataroamingdropboxbindropbox.exe" = protocol=17 | dir=in | app=c:userspabloappdataroamingdropboxbindropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
"{006B5C65-3938-4246-B182-994A7E415EDE}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{02E5BCCA-317C-418F-9E06-42526E050829}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{20B0E07B-12EA-4BAB-A3B1-E17D7568EB6F}" = Garmin ANT Agent
"{237D687E-9E50-4A30-B810-262764CC491B}" = Garmin Communicator Plugin x64
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{31CE1406-5C12-44C5-B6C5-0F55F2039DE3}" = AVG 2012
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel® PROSet/Wireless WiFi Software
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{698EAE05-09DE-47D0-9586-29E41A0934DD}" = Windows Live Family Safety
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{761C6783-D3BC-48AB-8E7C-61CE918A8436}" = ASUS Secure Delete
"{821B4CA1-D404-4CCA-AEA4-C7D3F40841B1}" = Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8832CAA2-4934-4916-A8BF-A9A51C6B58B3}" = Windows Live Family Safety
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{8EBE1375-11F7-482D-936C-4C575F3D9BCB}" = AVG 2012
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B1E301A1-C2B4-4B0B-AF31-C71F8A53DCDA}" = Fresco Logic USB3.0 Host Controller
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety
"{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EC8A40B2-096A-4EA4-B11A-167F87F293A7}" = iCloud
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"24DA573F901348FFDFF7717497830D45BE0C362E" = Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"AVG" = AVG 2012
"D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2" = Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1)
"Elantech" = ETDWare PS/2-X64 8.0.5.0_WHQL
"FlashCrest Undelete Demo_is1" = FlashCrest Undelete Demo 1.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{082FA29F-143B-47ED-B66A-A11F0E6EA4A9}" = DNRGarmin
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0ABBF310-94E4-4AE8-A6BD-10345A3F6439}" = Google Drive
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25680C01-6753-4FE9-A891-7857F26457C1}" = Intel® WiDi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{3EF6F0AE-5471-44BF-9809-B6FAD9D04478}" = Angry Birds Star Wars
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{5172E572-C175-4F80-A6D5-5CB45826AD61}" = SceneSwitch
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{64665955-E1A1-4A8B-BFFA-673A95318909}" = ArcGIS Desktop 10
"{647BB978-2876-487B-9B0E-FDB73F0EA4A2}" = Garmin Communicator Plugin
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}" = Wireless Console 3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}" = ASUS FancyStart
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"ArcGIS Desktop 10" = ArcGIS Desktop 10
"ASUS U Series ScreenSaver" = ASUS U Series ScreenSaver
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"eMusic Download Manager 5.0.3" = eMusic Download Manager
"eMusic Download Manager 6" = eMusic Download Manager 6
"File Download ActiveX" = File Download ActiveX
"Fraps" = Fraps
"HandBrake" = HandBrake 0.9.8
"InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Mplayer" = Mplayer 0.6.9
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"Vid-Saver" = Vid-Saver
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"MusicManager" = Music Manager
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/17/2013 11:46:09 PM | Computer Name = pablo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/17/2013 11:46:09 PM | Computer Name = pablo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 998

Error - 2/17/2013 11:46:09 PM | Computer Name = pablo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 998

Error - 2/17/2013 11:46:10 PM | Computer Name = pablo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/17/2013 11:46:10 PM | Computer Name = pablo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2043

Error - 2/17/2013 11:46:10 PM | Computer Name = pablo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2043

Error - 2/18/2013 3:36:13 AM | Computer Name = pablo-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:program files (x86)spybot
- search & destroyDelZip179.dll".Error in manifest or policy file "c:program
files (x86)spybot - search & destroyDelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 2/18/2013 10:55:44 PM | Computer Name = pablo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/18/2013 10:55:44 PM | Computer Name = pablo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1046

Error - 2/18/2013 10:55:44 PM | Computer Name = pablo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1046

[ System Events ]
Error - 9/23/2012 4:22:47 AM | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%32

Error - 9/23/2012 4:23:16 AM | Computer Name = pablo-PC | Source = DCOM | ID = 10010
Description =

Error - 9/25/2012 7:57:32 PM | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 10/5/2012 11:13:53 PM | Computer Name = pablo-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on DeviceHarddisk1DR2.

Error - 10/5/2012 11:13:54 PM | Computer Name = pablo-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on DeviceHarddisk1DR2.

Error - 10/5/2012 11:13:54 PM | Computer Name = pablo-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on DeviceHarddisk1DR2.

Error - 10/5/2012 11:13:55 PM | Computer Name = pablo-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on DeviceHarddisk1DR2.

Error - 10/5/2012 11:13:55 PM | Computer Name = pablo-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on DeviceHarddisk1DR2.

Error - 10/23/2012 8:13:43 AM | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 11/7/2012 8:24:31 AM | Computer Name = pablo-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >

Attached Files


Edited by paablo, 28 March 2013 - 03:32 AM.


#14 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 6777 posts

Posted 28 March 2013 - 01:00 PM

Hi paablo,

You have both pasted and attached Extras.txt but not OTL.txt that is the most important one.

Please, start by going through this topic: http://www.lavasofts...-search-engine/

#15 paablo

paablo

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 28 March 2013 - 01:33 PM

Sorry, I thought the pasted material was from OTL. Here is OTL attached.

Attached Files

  • Attached File  OTL.Txt   124KB   1 downloads


#16 paablo

paablo

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 28 March 2013 - 01:35 PM


Please, start by going through this topic: http://www.lavasofts...-search-engine/

the two things listed in that link have been done long ago.

#17 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 6777 posts

Posted 28 March 2013 - 04:05 PM

1. Is it on purpose that both (parts of) Trend Micros Titanium and AVG are running in the computer?

2. The following fix will remove everything belonging to Ad-Aware, Vid-Saver, Protector by IB Helper and Babylon that I can see in the log. Don't proceed if you want to keep them.

Close all programs including antivirus programs and other similar programs. Otherwise they might stop OTL.
How? See http://www.bleepingc...opic114351.html

Start the program OTL.
Copy all the lines in the box:
:OTL
DRV:[b]64bit:[/b] - [2013/02/17 18:18:13 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=3C93DA1BF0706775D4D775512165D870
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110789&babsrc=SP_ss&mntrId=a6f0b0c5000000000000bc7737e19e0d
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=3C93DA1BF0706775D4D775512165D870&q={searchTerms}
CHR - homepage: http://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=3C93DA1BF0706775D4D775512165D870
O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll File not found
O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat File not found
:Reg
:Files
:Commands
[CREATERESTOREPOINT]
[REBOOT]
Paste them into the field Custom Scans/Fixes.
Click on Run Fix.

If you are asked to restart the computer do that.

Notepad will pop-up with a log. Copy it and paste it into your answer.
If it is not pop-upped, you can find it in the folder c:\_OTL\Moved Files and its name contains the date and time for when OTL was run.

Be sure that antivirus programs etc. are active before connecting to internet.

3. Due to the "Protector by IB Helper" add-on, which can be hard to get rid of, I recommend that you also use the fix-program AdwCleaner.
http://www.systemloo...sion64_dll.html

Please, save AdwCleaner by Xplode on the desktop: http://general-chang...de/2-adwcleaner

Turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Search button.
Wait until the search has finished.
A report will be displayed, copy its content and paste into your answer.
If the report isn't displayed, it exist as C:\AdwCleaner[R1].txt.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users