New
#101
You could try using the old att.yahoo servers in Postbox. Methinks there is an underlying problem that needs to be addressed though.
You could try using the old att.yahoo servers in Postbox. Methinks there is an underlying problem that needs to be addressed though.
Please post the following system information: Speccy snapshot
How to publish a Speccy snapshot:
Click on the Speccy file menu and select Publish Snapshot. This method removes sensitive information and provides you with a link to the report.
Copy the link returned from Publish Snapshot and paste it in a post on this thread so members have more information to better assist you.
Thanks
Speccy snapshot of my machine: http://speccy.piriform.com/results/CHlegp43qppad1Ua8dOLDAj
am trying to post the ADW txt file.
# AdwCleaner v2.112 - Logfile created 02/23/2013 at 14:07:56
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Eugene - EUGENE-PC
# Boot Mode : Normal
# Running from : C:\Users\Public\Documents\Documents\Admin Council\Downloads\AdwCleaner (1).exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Program Files (x86)\Coupon Companion
Folder Deleted : C:\Program Files (x86)\Coupon Companion Plugin
Folder Deleted : C:\Users\Eugene\AppData\Local\Coupon Companion
Folder Deleted : C:\Users\Eugene\AppData\Local\Coupon Companion Plugin
Folder Deleted : C:\Users\Eugene\AppData\Roaming\Mozilla\Firefox\Profiles\rf8ldkim.default\extensions\crossriderapp44 93@crossrider.com
Folder Deleted : C:\Users\Eugene\AppData\Roaming\Mozilla\Firefox\Profiles\rf8ldkim.default\extensions\crossriderapp46 39@crossrider.com
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441193}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441193}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011441193}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022442293}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055445593}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441193}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Registry is clean.
-\\ Mozilla Firefox v17.0.1 (en-US)
File : C:\Users\Eugene\AppData\Roaming\Mozilla\Firefox\Profiles\rf8ldkim.default\prefs.js
C:\Users\Eugene\AppData\Roaming\Mozilla\Firefox\Profiles\rf8ldkim.default\user.js ... Deleted !
Deleted : user_pref("aol_toolbar.buttons.layout", "aol_mail_5496;facebook_40839;mapquest_40872;twitter_40883;e[...]
Deleted : user_pref("aol_toolbar.curtain.congrats", "curtain");
Deleted : user_pref("aol_toolbar.default.homepage.check", true);
Deleted : user_pref("aol_toolbar.default.homepage.protection", false);
Deleted : user_pref("aol_toolbar.default.search.check", true);
Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
Deleted : user_pref("aol_toolbar.guid", "{11934A8D-B3E6-CC5C-BB99-1C8B742B822D}");
Deleted : user_pref("aol_toolbar.install.distroid", "aol");
Deleted : user_pref("aol_toolbar.install.homepage.label", "AOL.com");
Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.9085");
Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000022");
Deleted : user_pref("aol_toolbar.install.ncid", "");
Deleted : user_pref("aol_toolbar.metrics.activestampdate", "14");
Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "1");
Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2013");
Deleted : user_pref("aol_toolbar.metrics.log", false);
Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
Deleted : user_pref("aol_toolbar.remote.publish.xml", "1360843707689");
Deleted : user_pref("aol_toolbar.reset.flag", "3");
Deleted : user_pref("aol_toolbar.reset.style", "");
Deleted : user_pref("aol_toolbar.resetprompt.daily.num", "1");
Deleted : user_pref("aol_toolbar.resetprompt.daily.timestamp", "Thu Feb 14 2013 06:08:30 GMT-0600 (Central Sta[...]
Deleted : user_pref("aol_toolbar.resetprompt.display.limit", "");
Deleted : user_pref("aol_toolbar.rtw.active", false);
Deleted : user_pref("aol_toolbar.search.button", true);
Deleted : user_pref("aol_toolbar.search.cid", "10-10-1010");
Deleted : user_pref("aol_toolbar.search.instd", "2012121594303355");
Deleted : user_pref("aol_toolbar.search.oid", "10-10-1010");
Deleted : user_pref("aol_toolbar.search.placement", "right");
Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
Deleted : user_pref("aol_toolbar.search.savehistory", false);
Deleted : user_pref("aol_toolbar.search.searchtype", "web");
Deleted : user_pref("aol_toolbar.search.source", "dlcomaol-ff");
Deleted : user_pref("aol_toolbar.searchengine.label", "AOL Search");
Deleted : user_pref("aol_toolbar.skin.custom", false);
Deleted : user_pref("aol_toolbar.ticker.active", false);
Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
Deleted : user_pref("aol_toolbar.weather.degc", "1");
Deleted : user_pref("aol_toolbar.weather.degf", "33");
Deleted : user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/33_n.png");
Deleted : user_pref("aol_toolbar.weather.locationid", "USNY0996");
Deleted : user_pref("aol_toolbar.weather.metric", true);
Deleted : user_pref("aol_toolbar.weather.tooltip", "New York , NY : Mostly Clear");
Deleted : user_pref("aol_toolbar.weather.update", "1360843707696");
Deleted : user_pref("aol_toolbar.winamp.volume", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1360843710);
Deleted : user_pref("extensions.crossriderapp4493.4493.active", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.addressbar", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.addressbarenhanced", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n//\n");
Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundver", 35);
Deleted : user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1360843710");
Deleted : user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp4493.4493.domain", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.group", 0);
Deleted : user_pref("extensions.crossriderapp4493.4493.homepage", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.iframe", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "81");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.expiration", "Thu Feb 14[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp4493.4493.newtab", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.opensearch", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 4);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 15);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var a=appAPI.db.getList([...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 32);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 4);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jq[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.code", "if(typeof jQuery!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.name", "CrossriderInfo");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015"[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsversion", 57);
Deleted : user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp4493.4493.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp4493.4493.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.thankyou", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp4493.4493.ver", 81);
Deleted : user_pref("extensions.crossriderapp4493.apps", "4493");
Deleted : user_pref("extensions.crossriderapp4493.bic", "13b868c43acc6ecbaf5f285407fa8b40");
Deleted : user_pref("extensions.crossriderapp4493.cid", 4493);
Deleted : user_pref("extensions.crossriderapp4493.firstrun", false);
Deleted : user_pref("extensions.crossriderapp4493.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp4493.installationdate", 1360843708);
Deleted : user_pref("extensions.crossriderapp4493.lastcheck", 22680728);
Deleted : user_pref("extensions.crossriderapp4493.lastcheckitem", 22680728);
Deleted : user_pref("extensions.crossriderapp4493.modetype", "production");
Deleted : user_pref("extensions.crossriderapp4493.reportInstall", true);
Deleted : user_pref("extensions.crossriderapp4639.4639.InstallationTime", 1360484983);
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie.InstallationTime.value", "1360484983");
Deleted : user_pref("extensions.crossriderapp4639.bic", "13b868c43acc6ecbaf5f285407fa8b40");
Deleted : user_pref("extensions.crossriderapp4639.firstrun", false);
Deleted : user_pref("extensions.crossriderapp4639.installationdate", 1360484983);
Deleted : user_pref("extensions.crossriderapp4639.lastcheck", 22680728);
Deleted : user_pref("extensions.crossriderapp4639.lastcheckitem", 22680728);
Deleted : user_pref("extensions.enabledAddons", "crossriderapp4639%40crossrider.com:0.86.44,%7B1DEC6447-C74F-4[...]
Deleted : user_pref("extensions.crossriderapp21804.adsOldValue", 14);
-\\ Google Chrome v [Unable to get version]
File : C:\Users\Eugene\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [42128 octets] - [02/02/2013 18:30:58]
AdwCleaner[S2].txt - [17340 octets] - [23/02/2013 14:07:56]
########## EOF - C:\AdwCleaner[S2].txt - [17401 octets]
Ok, next download DDS and post the results: Direct Download (run, save, cancel) from Bleeping Computer
If you click on the # icon on the posting menu, you can place the output between theDDS is a program that will scan your computer and create logs that can be used to display various startup, configuration, and file information from your computer. This program is used in our security forum to provide a detailed overview of what programs are automatically starting when you start Windows. The program will also display information about the computer that will allow us to quickly ascertain whether or not malware may be running on your computer.
To use DDS, simply download the executable and save it to your desktop or other location on your computer. You should then double-click on the DDS.scr icon to launch the program. DDS will then start to scan your computer and compile the information found into two log files. When DDS has finished it will launch the two Notepad windows that display the contents of these log files.[CODE][/CODE] tags. The scrollable testbox makes it a little easier to read large output files. Just a tip, not required.
--> if you get an error about too many characters - just post the report as text (forget about the[CODE][/CODE] tags)
Last edited by Slartybart; 23 Feb 2013 at 16:25.
DDS Report:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/7/2010 3:32:55 AM
System Uptime: 2/23/2013 2:09:11 PM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Eureka3
Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz | CPU 1 | 2499/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 585 GiB total, 461.806 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.57 GiB free.
E: is CDROM ()
F: is Removable
K: is FIXED (NTFS) - 466 GiB total, 169.221 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\6&59F2AA4&0&1
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\6&59F2AA4&0&1
Service:
.
==== System Restore Points ===================
.
RP602: 2/13/2013 4:22:41 AM - RegCure Pro Backup
RP603: 2/13/2013 2:45:54 PM - Windows Live Essentials
RP604: 2/13/2013 2:46:30 PM - Installed DirectX
RP605: 2/13/2013 2:47:05 PM - Installed DirectX
RP606: 2/13/2013 2:47:25 PM - Installed DirectX
RP607: 2/13/2013 2:47:47 PM - WLSetup
RP608: 2/13/2013 2:58:06 PM - Windows Live Essentials
RP609: 2/13/2013 2:58:21 PM - Installed DirectX
RP610: 2/13/2013 2:58:48 PM - Installed DirectX
RP611: 2/13/2013 2:59:05 PM - Installed DirectX
RP612: 2/13/2013 2:59:26 PM - WLSetup
RP613: 2/14/2013 6:03:52 AM - WinZip Registry Optimizer Thu, Feb 14, 13 06:03
RP614: 2/16/2013 3:00:17 AM - Windows Update
RP615: 2/17/2013 10:00:14 AM - Windows Backup
RP616: 2/19/2013 11:14:45 AM - Windows Update
RP617: 2/20/2013 5:44:19 AM - RegCure Pro Backup
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5)
Adobe Shockwave Player 11.5
Ancestral Quest 12.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Quick Fix Client
AT&T Troubleshoot & Resolve Tool
ATT-RC Self Support Tool
Audacity 2.0.2
avast! Internet Security
Bing Bar
Bonjour
CardRecoveryPro 2.1.5
CCleaner
Cisco Connect
Compatibility Pack for the 2007 Office system
Corel WordPerfect Suite 8
Coupon Companion
Coupon Companion Plugin
CyberLink DVD Suite Deluxe
D3DX10
DIRECTV Player
DIRECTV2PC(TM)
DirectX for Managed Code Update (Summer 2004)
Dragon NaturallySpeaking 11
DVD Menu Pack for HP MediaSmart Video
EaseUS Data Recovery Wizard 5.6.5
EasyCapture 1.2.0.0
Eusing Free Registry Cleaner
Family Tree Maker 2011
ffdshow [rev 3154] [2009-12-09]
File Type Assistant
Flight Simulator X
Flight Simulator X Service Pack 1
Free Audio Converter version 5.0.15.706
Free File Viewer 2011
Freemake Audio Converter version 1.1.0
Freemake Video Converter version 1.3.0
Garmin Communicator Plugin
Garmin Communicator Plugin x64
Garmin MapSource
Garmin Trip and Waypoint Manager v5
Garmin USB Drivers
Garmin WebUpdater
Gimp 2.6.2 Debug
Google Earth
Google Update Helper
Hardware Diagnostic Tools
Hewlett-Packard ACLM.NET v1.2.1.1
HP Advisor
HP Customer Experience Enhancements
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Officejet 4620 series Basic Device Software
HP Officejet 4620 series Help
HP Photo Creations
HP Product Detection
HP Remote Solution
HP Setup
HP Support Information
HP Update
iCloud
InstallIQ Updater
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only)
iTunes
Junk Mail filter update
LabelPrint
LibreOffice 3.6
LibreOffice 3.6 Help Pack (English)
LightScribe System Software
Logitech Gaming Software 5.10
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Flight Simulator X
Microsoft Flight Simulator X: Acceleration
Microsoft Office 97, Standard Edition
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft WSE 3.0 Runtime
Movie Maker
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.2 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
MyTomTom 3.2.0.802
MyUltimateOrganizer 7.0
OpenAL
OpenOffice.org 3.1
Ovi Maps 3D browser plugin for Internet Explorer (5.3.0.0)
PandoraRecovery (Remove Only)
Password Recovery for Windows Live (remove only)
PDF-XChange 3
PDFCreator
Photo Common
Photo Gallery
PlayReady PC Runtime amd64
PMB
Postbox (3.0.6)
Postbox Express (1.0.1)
Power2Go
PowerDirector
Quicken 2011
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
Recuva
RegCure Pro
Reimage Repair
ReImageCompanion
Remo Recover
SeaTools for Windows
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Sendori
Shutterfly Express Uploader
Skype Click to Call
Skype™ 6.1
TeamViewer 7
The Weather Channel Toolbar
TinyZIP
TomTom HOME
TomTom HOME Visual Studio Merge Modules
TVersity Codec Pack 1.7
TVersity Media Server 1.9.3
TVersity Media Server Pro 1.9.6
Ulead VideoStudio SE DVD
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
USB2.0 ATV
USB2.0 Grabber
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
Visual Studio C++ 10.0 Runtime
Weapon for FSX 1.0
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinMount Free Edition, V3.4.0831
WinZip Registry Optimizer
Xilisoft iPhone Transfer
Xtreme FSX PC 2.8.0.0
Yahoo! Software Update
Yahoo! Toolbar
YTD Video Downloader 3.9
.
==== Event Viewer Messages From Past Week ========
.
2/23/2013 9:56:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service.
2/23/2013 2:14:11 PM, Error: Service Control Manager [7022] - The Service Sendori service hung on starting.
2/23/2013 2:10:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect.
2/23/2013 2:10:57 PM, Error: Service Control Manager [7000] - The Freemake Improver service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/22/2013 5:04:37 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
2/20/2013 5:49:51 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
2/20/2013 5:49:51 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/20/2013 5:49:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/20/2013 5:49:40 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/20/2013 5:49:40 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
2/19/2013 4:35:08 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR6.
.
==== End Of File ===========================
Ok, that's quite a list. Can you post the other DDS file output?
When you get the chance publish a Speccy snapshot see post# 102- you have a lot of junk on your system, either intentionally or by stealth.
Those Reg "fixits" cause a lot of issues on systems and are generally not worth the time, disk space, or memory use.
Take a look at this list and uninstall those apps that are not essential to you.type msconfig into the startmenu search box - when it appears in the results, double click it
Definitely remove these
RegCure Pro
WinZip Registry Optimizer
Eusing Free Registry Cleaner
I'm not familiar with all of these, so if you're uncertain, leave it on your system.
If it's a purchased software, make sure you have the disk and license information before uninstalling, in case you want to re-install)
Ulead VideoStudio SE DVD (quite old, miht be part of other DVD suite)How much of Windows Essentails do you use?
CardRecoveryPro 2.1.5
EaseUS Data Recovery Wizard 5.6.5
Hardware Diagnostic Tools
Microsoft Silverlight (Ms is abandoning this technology)
What do these utilities do?.
ReImageCompanion
Reimage Repair
Remo Recover
Uninstall 1.0.0.1
InstallIQ Updater
Recovery Manager
WinMount Free Edition, V3.4.0831
Trail or took everything they gave me installs
Microsoft Office Home and Student 60 day trial (trial over?)
Skype Click to Call (do you click on links on websites to palce calls in Skype?)
Microsoft Works(ancient and not very useful - use Turn Windows Features on or off" in Control Panel -> Preograms and Features)
Movie Maker (how many DVD utils do you use?)
Power2Go (how many DVD utils do you use?)
PowerDirector (how many DVD utils do you use?)
Hewlett-Packard ACLM.NET v1.2.1.1 (I have many HPq machines, I don't ever recall seeing this)
Most of the HP usilities are just front ends to exisiting Windows utilities.
HP Advisor
PlayReady PC Runtime amd64 (HP bloatware)
LightScribe System Software (keep if you have a Lightscribe write)
Bonjour (part of iTunes - has been known to cause issues on Windows)
Uninstall what isn't used - Control Panel -> Progarms and Features-> Windows Essentials - clicking will allow you to change what's installed)
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live Mail
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Live Essentials
Windows Live Communications Platform
Windows Live Family Safety
Windows Live SOXE Definitions
Windows Live ID Sign-in Assistant
Windows Live Installer
-> open the startup tab
---> untick everything except Avast and Synaptics
---> hit ok to exit
---> REBOOT
I aslo see a disk error - please run chkdsk with both boxes ticked on all drives.
When I review the other DDS file, we'll keep going until the system is "clean" or one of us gives up.
Sendori is bugging me. Search results basically return a lot of questions (is this safe, is it a virus, how do uninstall it).
I found a link to an "official" site and it appearantly is supposed to improve Internet speeds thru DNS technology and strategic host placement. I am very suspicious of this software and strongly recommend it be removed. Some reports of browser hijacks, hosts entries changing, etc indicate it is at the least not a well behaved application. The improvement claims are also a bit curious.
C/net doesn't even list it, although a post on this forum from last year linked to C/net with a 3star rating. If C/net doesn't offer it for download it, it probably isn't real or they got too many complaints.
If you have difficulty uninstalling Sendori through Control Panel I might be able to help (one comment said they had to answer a survey and enter the reason before it would uninstall). Why didn't the maleware scans pick it up? I don't know.
and this: https://helpdesk.nwciowa.edu/index.p...are-of-sendori
To correct any changes malware might have made to your hosts file, please run the MS fixit
How can I reset the Hosts file back to the default?
You're probably thinking "What dows all this have to do with eMail. Lots - malware uses eMail to propogate itself.
Bill
.
Hi Slartybart. That is one of the longest list in AdwCleaner I have ever seen.
If I may make a suggestion.
Run AdwCleaner again and see if their is anything left that needs removed.
Three registry cleaner programs on one computer is also a new one to me.
That is scary.
I did not rear through a months plus worth of post (107) but it is looking like a clean install to me.
The registry cleaners alone could of mess things up so bad their is no other way to fix this computer.
Just my thoughts hope they help.
@xgdude: If an output file is too large to paste in a post, just attach it to the post (use the paper clip icon on the post menu bar). The forum only allows cetain filetypes to be attachments - if you can't attach a file, try putting it in a zip file and attach that. I should have thought about suggesting that back at post 99.
Thanks for hanging in there - this might take a while longer.
Thanks Jack,
Suggestions are always welcome.
My thoughts exactly - lots of cware (using the cCleaner nomenclature) on the machine. It's not uncommon for folks to have a few of these utilities when they try to solve one or more issues. Unfortunately, most do very little to solve issues and too many cause harm.
The plan is to run through the last few security checks and then run all again, starting with Mbam. If the next set of scans turn up clean, dude might run the machine in that condition (clean but questionable due to what the first scans reported).
If however the second set of scans report additional issues, I'll ask Jacee to look at the output. Dude can then make the decision on a clean install which always gaurantees a nice clean system.
Last edited by Slartybart; 24 Feb 2013 at 12:14.
Link requested:
http://speccy.piriform.com/results/C...ppad1Ua8dOLDAj
I created a boot disc from Windows Defender Offline, but was unable to run it.
My Avast Virus scan turned up a threat:
CRLSSI.SYS Threat: Win32Malware-gen which was moved to chest; Avast boot scan was run and found no threats.
I am lost in all the posts and don't know what to do next. Did you want another run of DDS?
xgdude