Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Keep getting pop ups of http://d1.szstny.com [Solved]


  • This topic is locked This topic is locked

#1
Noobs

Noobs

    Member

  • Member
  • PipPip
  • 37 posts

Hi

 

Since i updated my Java i keep getting pop ups of http://d1. szstny.com

 

Please help me how to clean my pc, since it almost pop ups at every site


Edited by Noobs, 15 October 2014 - 03:32 AM.

  • 0

Advertisements


#2
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)


51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    process;
    services-list;
    systemspecs;
    startupall;
    skipfix-iedefaults;
    firefoxlook;
    chromelook;
    filesrcm;
    installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!


  • 0

#3
Noobs

Noobs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Zoek.exe v5.0.0.0 Updated 14-10-2014
Tool run by Chi-Yung on 15/10/2014 at 14:33:27.53.
Microsoft Windows 7 Home Premium  6.1.7600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Chi-Yung\Downloads\zoek\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

15/10/2014 14:39:26 Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

æTorrent  
888poker  
Aangifte inkomstenbelasting 2011  
Aangifte inkomstenbelasting 2012  
Aangifte inkomstenbelasting 2013  
Ad-Aware Antivirus  
Ad-Aware Security Add-on  
Adobe Flash Player 15 ActiveX  
Adobe Flash Player 15 Plugin  
Agatha Christie - Peril at End House  
Apple Application Support  
Apple Mobile Device Support  
Apple Software Update  
AVG 2014  
AVG Security Toolbar  
Bejeweled 2 Deluxe  
Bing Bar  
Bing Bar Platform  
Bing Desktop  
Bing Rewards Client Installer  
BitTornado 0.3.18  
Blackhawk Striker 2  
Blasterball 3  
Bonjour  
Bounce Symphony  
Browser Updater 1.1  
BrowseToSave 1.74  
Cake Mania  
Cake Poker 2.0  
Chuzzle Deluxe  
Common Desktop Agent  
ContinueToSave  
CyberLink DVD Suite Deluxe  
D3DX10  
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition  
DivX Setup  
Dora's World Adventure  
DVD Menu Pack for HP MediaSmart Video  
Farm Frenzy  
FATE  
Final Drive Nitro  
Full Tilt Poker  
Gala Casino Poker  
Hewlett-Packard ACLM.NET v1.2.2.3  
HP Auto  
HP Client Services  
HP Customer Experience Enhancements  
HP Game Console  
HP Games  
HP MediaSmart DVD  
HP MediaSmart Music  
HP MediaSmart Photo  
HP MediaSmart SmartMenu  
HP Odometer  
HP Setup  
HP Setup Manager  
HP Support Assistant  
HP Support Information  
HP Update  
HP Vision Hardware Diagnostics  
Intel® Graphics Media Accelerator Driver  
Intel® Management Engine Components  
iTunes  
Java 7 Update 25  
Java Auto Updater  
Java™ 6 Update 29 (64-bit)  
join.me  
Junk Mail filter update  
LabelPrint  
Magic Desktop  
Malwarebytes Anti-Malware version 2.0.2.1012  
Microsoft .NET Framework 4 Client Profile  
Microsoft .NET Framework 4 Extended  
Microsoft Application Error Reporting  
Microsoft Default Manager  
Microsoft Office Access MUI (English) 2010  
Microsoft Office Access Setup Metadata MUI (English) 2010  
Microsoft Office Excel MUI (English) 2010  
Microsoft Office Groove MUI (English) 2010  
Microsoft Office InfoPath MUI (English) 2010  
Microsoft Office Office 64-bit Components 2010  
Microsoft Office OneNote MUI (English) 2010  
Microsoft Office Outlook Connector  
Microsoft Office Outlook MUI (English) 2010  
Microsoft Office PowerPoint MUI (English) 2010  
Microsoft Office Professional Plus 2010  
Microsoft Office Proof (English) 2010  
Microsoft Office Proof (French) 2010  
Microsoft Office Proof (Spanish) 2010  
Microsoft Office Proofing (English) 2010  
Microsoft Office Publisher MUI (English) 2010  
Microsoft Office Shared 64-bit MUI (English) 2010  
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010  
Microsoft Office Shared MUI (English) 2010  
Microsoft Office Shared Setup Metadata MUI (English) 2010  
Microsoft Office Visio 2010  
Microsoft Office Visio MUI (English) 2010  
Microsoft Office Word MUI (English) 2010  
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit  
Microsoft Search Enhancement Pack  
Microsoft Silverlight  
Microsoft SkyDrive  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft Visio Premium 2010  
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053  
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2005 Redistributable (x64)  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
More Games from HP Games  
Movie Theme Pack for HP MediaSmart Video  
Mozilla Firefox 32.0.3 (x86 nl)  
Mozilla Maintenance Service  
MSVCRT  
MSVCRT_amd64  
MSXML 4.0 SP2 (KB954430)  
MSXML 4.0 SP2 (KB973688)  
MusicStation  
Mystery P.I. - The London Caper  
NyxLauncherIS  
partypoker  
PDF Complete Special Edition  
Penguins  
PhotoNow  
PictureMover  
Plants vs. Zombies  
PlayReady PC Runtime amd64  
Plus500  
Poker Superstars III  
PokerStars  
PokerStars.eu  
PokerStars.fr  
PokerStrategy.com SideKick  
PokerTracker 3 (remove only)  
PokerTracker 4 (remove only)  
Polar Bowler  
Polar Golfer  
PostgreSQL 8.3  
Power2Go  
PowerDirector  
Protected Search 1.1  
Rakion International  
RealDownloader  
Realtek High Definition Audio Driver  
Recovery Manager  
Samsung Easy Printer Manager  
Samsung ML-1860 Series  
Samsung Printer Live Update  
Search Assistant WebSearch 1.74  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)  
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)  
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)  
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)  
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)  
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition  
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition  
SkypEmoticons  
SkypeT 6.18  
Spotify  
Titan Poker  
Trader Workstation 4.0  
Unibet  
Unibet Poker v1.5.0  
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)  
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)  
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)  
Update for Microsoft .NET Framework 4 Extended (KB2468871)  
Update for Microsoft .NET Framework 4 Extended (KB2533523)  
Update for Microsoft .NET Framework 4 Extended (KB2600217)  
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition  
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition  
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition  
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition  
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2494150)  
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition  
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition  
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition  
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition  
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition  
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition  
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition  
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition  
UpdateService  
VC80CRTRedist - 8.0.50727.6195  
Virtual Villagers 4 - The Tree of Life  
Visual Studio 2008 x64 Redistributables  
Visual Studio 2010 x64 Redistributables  
Visual Studio 2012 x64 Redistributables  
Visual Studio 2012 x86 Redistributables  
VLC media player 2.0.4  
William Hill Poker  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Family Safety  
Windows Live Installer  
Windows Live Mail  
Windows Live Messenger  
Windows Live MIME IFilter  
Windows Live Movie Maker  
Windows Live Photo Common  
Windows Live Photo Gallery  
Windows Live PIMT Platform  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
Windows Live Writer  
Windows Live Writer Resources  
WinRAR 4.11 (64-bit)  
WinZip Courier  
World Cup Cricket 20-20  
YGOPro  
YGOPro DevPro  
YGOPro DevPro version 1.9.2r2  
Zuma Deluxe  

==== Running Processes ======================

C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\Chi-Yung\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\ProgramData\Search Protection\SearchProtection.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Chi-Yung\Downloads\zoek\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [Ad-Aware Service] - Ad-Aware Service - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe"
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [avgwd] - AVG WatchDog - "C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe"
R2 - [BingDesktopUpdate] - Bing Desktop Update service - "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe"
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [ezSharedSvc] - Easybits Services for Windows - C:\Windows\System32\ezSharedSvcHost.exe
R2 - [HP Support Assistant Service] - HP Support Assistant Service - "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
R2 - [HPClientSvc] - HP Client Services - "C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe"
R2 - [LMS] - Intel® Management and Security Application Local Management Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
R2 - [pdfcDispatcher] - PDF Document Manager - C:\Program Files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService
R2 - [pgsql-8.3] - PostgreSQL Database Server 8.3 - "C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "C:\Program Files (x86)\PostgreSQL\8.3\data\"
R2 - [RealNetworks Downloader Resolver Service] - RealNetworks Downloader Resolver Service - "C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe"
R2 - [RealPlayerUpdateSvc] - RealPlayer Update Service - "C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe"
R2 - [SeaPort] - SeaPort - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
R2 - [UNS] - Intel® Management & Security Application User Notification Service - "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
R2 - [vToolbarUpdater18.1.9] - vToolbarUpdater18.1.9 - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S2 - [AVGIDSAgent] - AVGIDSAgent - "C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe"
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [HitmanPro37CrusaderBoot] - HitmanPro 3.7 Crusader (Boot) - "F:\HitmanPro_x64.exe" /crusader:boot
S2 - [SBAMSvc] - Ad-Aware - "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe"
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [fsssvc] - Windows Live Family Safety Service - "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe"
S3 - [GameConsoleService] - GameConsoleService - "C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe"
S3 - [hpqwmiex] - HP Software Framework Service - "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - "C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [ose] - Office  Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [osppsvc] - Office Software Protection Platform - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) (Build 7600)
Memory (RAM): 3768 MB
CPU Info: Intel® Core™ i3 CPU         550  @ 3.20GHz
CPU Speed: 3245.3 MHz
Sound Card: Speakers (Realtek High Definiti |
Realtek Digital Output (Realtek |
Display Adapters: Intel® HD Graphics | Intel® HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: 802.11n Wireless LAN Card | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (E: | ) E: hp      CDDVDW TS-H653T
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C:  1384.1GB | D:  13.1GB
Hard Disks - Free: C:  310.4GB | D:  1.6GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 03/18/11 | HPQOEM - 20110318
Time Zone: W. Europe Standard Time
Motherboard *: MSI 2A9C
Country: United Kingdom
Language: ENG

==== System Specs (Software) ======================

Anti-Virus: AVG AntiVirus Free Edition 2014 On-access scanning disabled (Outdated)
Anti-Virus: Lavasoft Ad-Aware On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Lavasoft Ad-Aware disabled (Outdated)
Anti-Spyware: AVG AntiVirus Free Edition 2014 disabled (Outdated)
Firewall: Lavasoft Ad-Aware disabled
Default Browser: Firefox    32.0.3
Internet Explorer Version: 9.0.8112.16421
Mozilla Firefox version: 32.0.3 (x86 nl)
Sun Java version: 1.6.0_29 (64-bit)
Flash Player version: 15.0.0.152
 


  • 0

#4
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi. This is not a complete logfile, it doesn't show more than half info I need to have.

 

Check it once more please :)


  • 0

#5
Noobs

Noobs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Zoek.exe v5.0.0.0 Updated 16-10-2014
Tool run by Chi-Yung on 16/10/2014 at  9:00:51.08.
Microsoft Windows 7 Home Premium  6.1.7600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Chi-Yung\Downloads\zoek\zoek.pif [Scan all users] [Script inserted]

==== System Restore Info ======================

16/10/2014 09:06:19 Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

æTorrent  
888poker  
Aangifte inkomstenbelasting 2011  
Aangifte inkomstenbelasting 2012  
Aangifte inkomstenbelasting 2013  
Ad-Aware Antivirus  
Ad-Aware Security Add-on  
Adobe Flash Player 15 ActiveX  
Adobe Flash Player 15 Plugin  
Agatha Christie - Peril at End House  
Apple Application Support  
Apple Mobile Device Support  
Apple Software Update  
AVG 2014  
AVG Security Toolbar  
Bejeweled 2 Deluxe  
Bing Bar  
Bing Bar Platform  
Bing Desktop  
Bing Rewards Client Installer  
BitTornado 0.3.18  
Blackhawk Striker 2  
Blasterball 3  
Bonjour  
Bounce Symphony  
Browser Updater 1.1  
BrowseToSave 1.74  
Cake Mania  
Cake Poker 2.0  
Chuzzle Deluxe  
Common Desktop Agent  
ContinueToSave  
CyberLink DVD Suite Deluxe  
D3DX10  
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition  
DivX Setup  
Dora's World Adventure  
DVD Menu Pack for HP MediaSmart Video  
Farm Frenzy  
FATE  
Final Drive Nitro  
Full Tilt Poker  
Gala Casino Poker  
Hewlett-Packard ACLM.NET v1.2.2.3  
HP Auto  
HP Client Services  
HP Customer Experience Enhancements  
HP Game Console  
HP Games  
HP MediaSmart DVD  
HP MediaSmart Music  
HP MediaSmart Photo  
HP MediaSmart SmartMenu  
HP Odometer  
HP Setup  
HP Setup Manager  
HP Support Assistant  
HP Support Information  
HP Update  
HP Vision Hardware Diagnostics  
Intel® Graphics Media Accelerator Driver  
Intel® Management Engine Components  
iTunes  
Java 7 Update 25  
Java Auto Updater  
Java™ 6 Update 29 (64-bit)  
join.me  
Junk Mail filter update  
LabelPrint  
Magic Desktop  
Malwarebytes Anti-Malware version 2.0.2.1012  
Microsoft .NET Framework 4 Client Profile  
Microsoft .NET Framework 4 Extended  
Microsoft Application Error Reporting  
Microsoft Default Manager  
Microsoft Office Access MUI (English) 2010  
Microsoft Office Access Setup Metadata MUI (English) 2010  
Microsoft Office Excel MUI (English) 2010  
Microsoft Office Groove MUI (English) 2010  
Microsoft Office InfoPath MUI (English) 2010  
Microsoft Office Office 64-bit Components 2010  
Microsoft Office OneNote MUI (English) 2010  
Microsoft Office Outlook Connector  
Microsoft Office Outlook MUI (English) 2010  
Microsoft Office PowerPoint MUI (English) 2010  
Microsoft Office Professional Plus 2010  
Microsoft Office Proof (English) 2010  
Microsoft Office Proof (French) 2010  
Microsoft Office Proof (Spanish) 2010  
Microsoft Office Proofing (English) 2010  
Microsoft Office Publisher MUI (English) 2010  
Microsoft Office Shared 64-bit MUI (English) 2010  
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010  
Microsoft Office Shared MUI (English) 2010  
Microsoft Office Shared Setup Metadata MUI (English) 2010  
Microsoft Office Visio 2010  
Microsoft Office Visio MUI (English) 2010  
Microsoft Office Word MUI (English) 2010  
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit  
Microsoft Search Enhancement Pack  
Microsoft Silverlight  
Microsoft SkyDrive  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft Visio Premium 2010  
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053  
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2005 Redistributable (x64)  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
More Games from HP Games  
Movie Theme Pack for HP MediaSmart Video  
Mozilla Firefox 32.0.3 (x86 nl)  
Mozilla Maintenance Service  
MSVCRT  
MSVCRT_amd64  
MSXML 4.0 SP2 (KB954430)  
MSXML 4.0 SP2 (KB973688)  
MusicStation  
Mystery P.I. - The London Caper  
NyxLauncherIS  
partypoker  
PDF Complete Special Edition  
Penguins  
PhotoNow  
PictureMover  
Plants vs. Zombies  
PlayReady PC Runtime amd64  
Plus500  
Poker Superstars III  
PokerStars  
PokerStars.eu  
PokerStars.fr  
PokerStrategy.com SideKick  
PokerTracker 3 (remove only)  
PokerTracker 4 (remove only)  
Polar Bowler  
Polar Golfer  
PostgreSQL 8.3  
Power2Go  
PowerDirector  
Protected Search 1.1  
Rakion International  
RealDownloader  
Realtek High Definition Audio Driver  
Recovery Manager  
Samsung Easy Printer Manager  
Samsung ML-1860 Series  
Samsung Printer Live Update  
Search Assistant WebSearch 1.74  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)  
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)  
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)  
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)  
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)  
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition  
Security Update for Microsoft Word 2010 (KB2883013) 32-Bit Edition  
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition  
SkypEmoticons  
SkypeT 6.18  
Spotify  
Titan Poker  
Trader Workstation 4.0  
Unibet  
Unibet Poker v1.5.0  
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)  
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)  
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)  
Update for Microsoft .NET Framework 4 Extended (KB2468871)  
Update for Microsoft .NET Framework 4 Extended (KB2533523)  
Update for Microsoft .NET Framework 4 Extended (KB2600217)  
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition  
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition  
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition  
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition  
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2494150)  
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition  
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition  
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition  
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition  
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition  
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition  
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition  
UpdateService  
VC80CRTRedist - 8.0.50727.6195  
Virtual Villagers 4 - The Tree of Life  
Visual Studio 2008 x64 Redistributables  
Visual Studio 2010 x64 Redistributables  
Visual Studio 2012 x64 Redistributables  
Visual Studio 2012 x86 Redistributables  
VLC media player 2.0.4  
William Hill Poker  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Family Safety  
Windows Live Installer  
Windows Live Mail  
Windows Live Messenger  
Windows Live MIME IFilter  
Windows Live Movie Maker  
Windows Live Photo Common  
Windows Live Photo Gallery  
Windows Live PIMT Platform  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
Windows Live Writer  
Windows Live Writer Resources  
WinRAR 4.11 (64-bit)  
WinZip Courier  
World Cup Cricket 20-20  
YGOPro  
YGOPro DevPro  
YGOPro DevPro version 1.9.2r2  
Zuma Deluxe  

==== Running Processes ======================

C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\Chi-Yung\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [Ad-Aware Service] - Ad-Aware Service - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe"
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [avgwd] - AVG WatchDog - "C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe"
R2 - [BingDesktopUpdate] - Bing Desktop Update service - "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe"
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [ezSharedSvc] - Easybits Services for Windows - C:\Windows\System32\ezSharedSvcHost.exe
R2 - [HP Support Assistant Service] - HP Support Assistant Service - "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
R2 - [HPClientSvc] - HP Client Services - "C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe"
R2 - [LMS] - Intel® Management and Security Application Local Management Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
R2 - [pdfcDispatcher] - PDF Document Manager - C:\Program Files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService
R2 - [pgsql-8.3] - PostgreSQL Database Server 8.3 - "C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "C:\Program Files (x86)\PostgreSQL\8.3\data\"
R2 - [RealNetworks Downloader Resolver Service] - RealNetworks Downloader Resolver Service - "C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe"
R2 - [RealPlayerUpdateSvc] - RealPlayer Update Service - "C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe"
R2 - [SBAMSvc] - Ad-Aware - "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe"
R2 - [SeaPort] - SeaPort - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
R2 - [UNS] - Intel® Management & Security Application User Notification Service - "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
R2 - [vToolbarUpdater18.1.9] - vToolbarUpdater18.1.9 - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S2 - [AVGIDSAgent] - AVGIDSAgent - "C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe"
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [HitmanPro37CrusaderBoot] - HitmanPro 3.7 Crusader (Boot) - "F:\HitmanPro_x64.exe" /crusader:boot
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [fsssvc] - Windows Live Family Safety Service - "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe"
S3 - [GameConsoleService] - GameConsoleService - "C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe"
S3 - [hpqwmiex] - HP Software Framework Service - "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - "C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [ose] - Office  Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [osppsvc] - Office Software Protection Platform - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

==== System Specs ======================

Windows: Windows XP Home Edition Service Pack 2 (Build 2600)
Memory (RAM): 3768 MB
CPU Info: Intel® Core™ i3 CPU         550  @ 3.20GHz
CPU Speed: 3189.9 MHz
Sound Card: Speakers (Realtek High Definiti |
Realtek Digital Output (Realtek |
Display Adapters: Intel® HD Graphics | Intel® HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: 802.11n Wireless LAN Card | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (E: | ) E: hp      CDDVDW TS-H653T
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C:  1384.1GB | D:  13.1GB
Hard Disks - Free: C:  311.7GB | D:  1.6GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 03/18/11 | HPQOEM - 20110318
Time Zone: W. Europe Standard Time
Motherboard *: MSI 2A9C
Country: United Kingdom
Language: ENG

==== System Specs (Software) ======================

Anti-Virus: AVG AntiVirus Free Edition 2014 On-access scanning disabled (Outdated)
Anti-Virus: Lavasoft Ad-Aware On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Lavasoft Ad-Aware disabled (Outdated)
Anti-Spyware: AVG AntiVirus Free Edition 2014 disabled (Outdated)
Firewall: Lavasoft Ad-Aware disabled
Default Browser: Firefox    32.0.3
Internet Explorer Version: 9.0.8112.16421
Mozilla Firefox version: 32.0.3 (x86 nl)
Sun Java version: 1.6.0_29 (64-bit)
Flash Player version: 15.0.0.152

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Chi-Yung\AppData\Local\Temp ====
2014-10-02 16:00:47    B6092CF25F702906630E8C2A83F964FE    4245472    ----a-w-    C:\Users\Chi-Yung\AppData\Local\Temp\optprosetup.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-10-15 07:32:17    F531610F0692F9E7FA1D8972185E45D8    504320    ----a-w-    C:\Windows\Sysnative\aepdu.dll
2014-10-15 07:32:17    EEF20CCCF38C8CF4749CC26702A00AFD    424448    ----a-w-    C:\Windows\Sysnative\aeinv.dll
2014-10-15 07:32:17    29FBAC5B01211B8DA91FFB6F2044AAE2    276480    ----a-w-    C:\Windows\Sysnative\generaltel.dll
2014-10-15 07:31:41    6A7A217A6514BE39E78A7BF58C06F712    3195392    ----a-w-    C:\Windows\Sysnative\win32k.sys
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
2014-10-16 07:00:30    5D7289B7554F8AB88DC304990C1D2734    3160    ----a-w-    C:\Windows\Sysnative\Tasks\{71858446-697C-44AA-94FD-2A89AEE91FCC}
2014-10-15 07:03:16    305D1A640933812FA0B123169E35E40E    3374    ----a-w-    C:\Windows\Sysnative\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2763017955-3505092474-3563680861-1001
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-09-26 15:31:19    --------    d-----w-    C:\Program Files\iPod
2014-09-26 15:31:18    --------    d-----w-    C:\Program Files\iTunes
======= C:\PROGRA~2 =====
2014-10-04 19:45:59    --------    d-----w-    C:\PROGRA~2\WebbbInnG
2014-10-04 16:44:10    --------    d-----w-    C:\PROGRA~2\NextCoeup
2014-10-02 15:57:41    --------    d-----w-    C:\PROGRA~2\YYoutubeAdBlocke
2014-10-02 15:57:22    --------    d-----w-    C:\PROGRA~2\GooSave
2014-09-26 15:31:18    --------    d-----w-    C:\PROGRA~2\iTunes
======= C: =====
====== C:\Users\Chi-Yung\AppData\Roaming ======
2014-10-02 16:00:58    --------    d-----w-    C:\Users\Chi-Yung\AppData\Roaming\SkypEmoticons
2014-10-02 15:57:05    --------    d-----w-    C:\Users\TEMP\AppData\Local\Torch
2014-10-02 15:57:05    --------    d-----w-    C:\Users\TEMP\AppData\Local\Chromatic Browser
2014-10-02 15:57:05    --------    d-----w-    C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-10-02 15:57:05    --------    d-----w-    C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-10-02 15:57:05    --------    d-----w-    C:\Users\Guest\AppData\Local\Torch
2014-10-02 15:57:05    --------    d-----w-    C:\Users\Guest\AppData\Local\Chromatic Browser
2014-10-02 15:57:05    --------    d-----w-    C:\Users\Chi-Yung\AppData\Local\Torch
2014-10-02 15:57:05    --------    d-----w-    C:\Users\Chi-Yung\AppData\Local\Chromatic Browser
2014-10-02 15:57:05    --------    d-----w-    C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-10-02 15:57:04    --------    d-----w-    C:\Users\TEMP\AppData\Local\Google
2014-10-02 15:57:04    --------    d-----w-    C:\Users\TEMP\AppData\Local\Comodo
2014-10-02 15:57:04    --------    d-----w-    C:\Users\HomeGroupUser$\AppData\Local\Google
2014-10-02 15:57:04    --------    d-----w-    C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-10-02 15:57:04    --------    d-----w-    C:\Users\Guest\AppData\Local\Google
2014-10-02 15:57:04    --------    d-----w-    C:\Users\Guest\AppData\Local\Comodo
2014-10-02 15:57:04    --------    d-----w-    C:\Users\Chi-Yung\AppData\Local\Comodo
2014-10-02 15:57:04    --------    d-----w-    C:\Users\Administrator\AppData\Local\Torch
2014-10-02 15:57:04    --------    d-----w-    C:\Users\Administrator\AppData\Local\Google
2014-10-02 15:57:04    --------    d-----w-    C:\Users\Administrator\AppData\Local\Comodo
====== C:\Users\Chi-Yung ======
2014-10-15 07:27:52    --------    d-----w-    C:\ProgramData\Oracle
2014-10-15 07:22:14    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-04 19:46:00    --------    d-----w-    C:\ProgramData\WebbbInnG
2014-10-04 16:44:11    --------    d-----w-    C:\ProgramData\NextCoeup
2014-10-02 16:00:58    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons
2014-10-02 15:57:42    --------    d-----w-    C:\ProgramData\YYoutubeAdBlocke
2014-10-02 15:57:24    --------    d-----w-    C:\ProgramData\GooSave
2014-10-02 15:57:06    075B0DA82E23780FA2DD7F2EA0464FD4    258    --sha-r-    C:\ProgramData\ntuser.pol
2014-10-02 15:57:06    --------    d-----w-    C:\ProgramData\4114cf7250697b23
2014-10-02 15:57:04    --------    d-----w-    C:\Users\HomeGroupUser$\AppData
2014-10-02 15:57:04    --------    d-----w-    C:\Users\Guest\AppData
2014-10-02 15:57:04    --------    d-----w-    C:\Users\Administrator\AppData
2014-09-26 15:31:57    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-26 15:31:18    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

====== C: exe-files ==
=== C: other files ==
2014-10-16 06:52:09    1A935DCD4DC0E4782828A0E8A6A29D93    544    ----a-w-    C:\$RECYCLE.BIN\S-1-5-21-2763017955-3505092474-3563680861-1001\$IURY8LM.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2763017955-3505092474-3563680861-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Chi-Yung\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"CPN Notifier"="C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe"
"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"se"="C:\Users\user\AppData\Roaming\SkypEmoticons\SE.exe  /minimized "

[HKEY_USERS\S-1-5-21-2763017955-3505092474-3563680861-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-2763017955-3505092474-3563680861-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"PDF Complete"="C:\Program Files (x86)\PDF Complete\pdfsty.exe"
"Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe"
"Microsoft Default Manager"="C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe -resume"
"vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"BingDesktop"="C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey"
"Ad-Aware Browsing Protection"="C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY"
"L79N7prOOo.exe"="C:\Users\Chi-Yung\AppData\Local\zi98BttI\L79N7prOOo.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"SearchProtection"="C:\ProgramData\Search Protection\_run.bat"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Chi-Yung\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"CPN Notifier"="C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe"
"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"se"="C:\Users\user\AppData\Roaming\SkypEmoticons\SE.exe  /minimized "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\progra~2\\browse~1\\sprote~1.dll c:\\progra~2\\contin~1\\sprote~1.dll c:\\progra~2\\websea~1\\sprote~1.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"SmartMenu"="C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background"
"CDAServer"="C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

==== Startup Folders ======================

2011-07-15 22:42:23    2029    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [24/09/2014 19:12]
C:\Windows\tasks\HPCeeScheduleForCHI-YUNG-HP$.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15/07/2011 05:43]
C:\Windows\tasks\HPCeeScheduleForChi-Yung.job --a------ C:\Program Files (x86)\Hewlett-PaC:kard\HP C:eement\HPC:EE.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Ad-Aware Antivirus Scheduled Scan" [C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe]
"C:\Windows\SysNative\tasks\Ad-Aware Update (Weekly)" [C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForChi-Yung" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForCHI-YUNG-HP$" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2763017955-3505092474-3563680861-1001" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2763017955-3505092474-3563680861-1001" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2763017955-3505092474-3563680861-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2763017955-3505092474-3563680861-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-2763017955-3505092474-3563680861-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-2763017955-3505092474-3563680861-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\{094D14AA-10FF-2443-DD19-8F5FE93CBA73}" [C:\Users\Chi-Yung\AppData\Roaming\.bittornado\icons\oezuwee.exe]
"C:\Windows\SysNative\tasks\{6791D4A7-47F6-492F-B076-3C1D244915B8}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/...ed;notincluded]
"C:\Windows\SysNative\tasks\{9ED1E62F-D907-40E6-A4BF-F4241980C110}" [C:\Users\Chi-Yung\Desktop\Microsoft Office Enterprise 2010 Corporate Final (full activated)\setup.exe]
"C:\Windows\SysNative\tasks\{C5032F4F-0C2C-4A3F-A0A0-009743E8DC09}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/...ed;notincluded]
"C:\Windows\SysNative\tasks\{F5EA79B6-03EE-44DF-9E3A-40EF62B19663}" [C:\Program Files (x86)\PacificPoker\bin\888poker.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No)" [c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes)" [c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{1DD9AC48-0855-4AE7-9934-159B4377FFA2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [24/07/2014 11:28]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Chi-Yung\AppData\Roaming\Mozilla\Firefox\Profiles\vlf1c066.default
- YYoutubeAdBlocke - %ProfilePath%\extensions\[email protected]
- Lavasoft Search Plugin - %ProfilePath%\extensions\[email protected]
- WebbbInnG - %ProfilePath%\extensions\[email protected]
- Ad-Aware Security Add-on - %ProfilePath%\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Chi-Yung\AppData\Roaming\Mozilla\Firefox\Profiles\vlf1c066.default
DFC9460CC37E5C414DC4680B10C19E7A    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll -    Shockwave Flash
06C0E62DE26FBC4F174A91F4B70C45F7    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll -    RealPlayer Video Downloader for HTML5  (32-bit)
D1041C1505FEDBBA27529AB1B57450B8    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll -    RealPlayer Video Downloader for PepperFlash  (32-bit)
D0D8A5784C6260EE1C1EA58A9576F652    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll -    RealPlayer Video Downloader  (32-bit)
1E01C084190A98763D9466499FD04E79    - C:\Game\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll -    NyxLauncher
555E65306A5D3A5978BE74E1DD62CDD9    - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll -    RealNetworks™ Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A    - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll -    RealPlayer™ HTML5VideoShim Plug-In (32-bit)


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[10/06/2014 17:54]
ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx[]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[26/10/2011 13:10]

Love OClock - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
GeoSavee - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb
Love OClock - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
GeoSavee - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb
Love OClock - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
GeoSavee - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb
Love OClock - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
GeoSavee - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb
Love OClock - Administrator\AppData\Local\Torch\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - Administrator\AppData\Local\Torch\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
GeoSavee - Administrator\AppData\Local\Torch\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb
Love OClock - Chi-Yung\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - Chi-Yung\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - Chi-Yung\AppData\Local\Chromatic Browser\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
GeoSavee - Chi-Yung\AppData\Local\Chromatic Browser\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb
Love OClock - Chi-Yung\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - Chi-Yung\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - Chi-Yung\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
GeoSavee - Chi-Yung\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb
Love OClock - Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
BRooWsse22Save - Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpnjccmhbhchejobcfckfibdlmcapbop
contiinUetoesavve - Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlinelaoeaibnnhofifkajbbpkkgiio
GeoSavee - Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb
RealPlayer HTML5Video Downloader Extension - Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
AVG Safe Search - Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Browysee2saevve - Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\klengfeddgncldgdjlnlhafmlohfjfge
Browse2sAvE - Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\miigcgkjlodcihegdbcacladlcdbbceo
AVG Do Not Track - Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
DivX Plus Web Player HTML5 \u003Cvideo\u003E - Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm
Love OClock - Chi-Yung\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - Chi-Yung\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - Chi-Yung\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
GeoSavee - Chi-Yung\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb
Love OClock - Chi-Yung\AppData\Local\Torch\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - Chi-Yung\AppData\Local\Torch\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - Chi-Yung\AppData\Local\Torch\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
GeoSavee - Chi-Yung\AppData\Local\Torch\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb
Love OClock - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
GeoSavee - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb
Love OClock - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
GeoSavee - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb
Love OClock - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
GeoSavee - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb
Love OClock - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
GeoSavee - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb
Love OClock - Guest\AppData\Local\Torch\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - Guest\AppData\Local\Torch\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - Guest\AppData\Local\Torch\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
GeoSavee - Guest\AppData\Local\Torch\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb
Love OClock - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
GeoSavee - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb
Love OClock - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
GeoSavee - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb
Love OClock - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
GeoSavee - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb
Love OClock - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
GeoSavee - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb
Love OClock - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
GeoSavee - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb
Love OClock - TEMP\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - TEMP\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - TEMP\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
GeoSavee - TEMP\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb
Love OClock - TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
GeoSavee - TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb
Love OClock - TEMP\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - TEMP\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - TEMP\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
GeoSavee - TEMP\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb
Love OClock - TEMP\AppData\Local\Torch\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - TEMP\AppData\Local\Torch\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - TEMP\AppData\Local\Torch\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
GeoSavee - TEMP\AppData\Local\Torch\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb

==== Chromium Startpages ======================

C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://websearch.loo...c=NL&unqvl=14",


==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://istart.websse...341AS_9VS478FT"
"Default_Page_URL"="http://istart.websse...341AS_9VS478FT"
"Search Page"="http://istart.websse...={searchTerms}"
"Default_Search_URL"="http://istart.websse...={searchTerms}"
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://search.certif...E&st=chrome&q="
"Search Bar"="http://search.certif...E&st=chrome&q="
"Search Page"="http://search.certif...E&st=chrome&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://search.certif...E&st=chrome&q="
"Search Bar"="http://search.certif...E&st=chrome&q="
"Search Page"="http://search.certif...E&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://istart.websse...={searchTerms}"
"Default_Page_URL"="http://istart.websse...341AS_9VS478FT"
"Start Page"="http://istart.websse...341AS_9VS478FT"
"Search Page"="http://istart.websse...={searchTerms}"
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://istart.websse...={searchTerms}"
"Default_Page_URL"="http://istart.websse...341AS_9VS478FT"
"Start Page"="http://istart.websse...341AS_9VS478FT"
"Search Page"="http://istart.websse...={searchTerms}"
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.certif...8ECF8427E&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certif...8ECF8427E&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.certif...8ECF8427E&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certif...8ECF8427E&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certif...8ECF8427E&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.certif...8ECF8427E&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://newtab.certif...800998ECF8427E"
"newtab"="about:tabs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://newtab.certif...800998ECF8427E"
"newtab"="about:tabs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://search.certif...E&st=chrome&q="
"Search Bar"="http://search.certif...E&st=chrome&q="
"Search Page"="http://search.certif...E&st=chrome&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://search.certif...E&st=chrome&q="
"Search Bar"="http://search.certif...E&st=chrome&q="
"Search Page"="http://search.certif...E&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com/"
"Search Page"="http://search.certif...E&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com/"
"Search Page"="http://search.certif...E&st=chrome&q="
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com/"
"Search Page"="http://search.certif...E&st=chrome&q="
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{D22C8C8B-CCCB-4E24-B6A1-F7DA17753EF1}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{107F1C64-AB93-41CA-8120-26A535629664} Tuvaro  Url="http://tuvaro.com/ws...={searchTerms}"
{2fa28606-de77-4029-af96-b231e3b8f827} Ask.com  Url="http://eu.ask.com/we...l=dis&o=HPDTDF"
{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} blekko  Url="http://safesearchr.l...={searchTerms}"
{95B7759C-8C7F-4BF1-B163-73684A933233} AVG Secure Search Url="http://isearch.avg.c...r&d=2011-11-16"
{afdbddaa-5d3f-42ee-b79c-185a7020515b} Web Search Url="http://search.certif...={searchTerms}"
{b7fca997-d0fb-4fe0-8afd-255e89cf9671} Yahoo  Url="http://uk.search.yah...sg&type=HPDTDF"
{D22C8C8B-CCCB-4E24-B6A1-F7DA17753EF1} Google  Url="https://www.google.c...={searchTerms}"
{d43b3890-80c7-4010-a95d-1e77b5924dc3} Wikipedia  Url="http://en.wikipedia....={searchTerms}"
{d944bb61-2e34-4dbf-a683-47e505c587dc} eBay  Url="http://rover.ebay.co...}&mfe=Desktops"
{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} Bing  Url="http://www.bing.com/...c=IE-SearchBox"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 16/10/2014 at  9:15:47.37 ======================
 


  • 0

#6
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)

Lots of work to do here...



warning.gif Multiple Anti-Virus Software

I see that you're running more than one antivirus program at the same time.

  • Lavasoft Ad-Aware
  • AVG2014

This is a bad idea.
Using more than one AV will not give you any better protection, but may cause interferences between them, slow your machine or even completely block your OS. You should choose only one to stay, and remove any others. Think carefully and stay with only one AV. It should be done before any other steps in malware removal will be taken.

Please uninstall all but one using the tools you may find in the following link: Uninstallers (removal tools) for common Windows antivirus software.
 

 

51a612a8b27e2-Zoek.png Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    vToolbarUpdater18.1.9;s
    C:\Program Files (x86)\Common Files\AVG Secure Search;fs
    HitmanPro37CrusaderBoot;s
    C:\PROGRA~2\WebbbInnG;fs
    C:\PROGRA~2\NextCoeup;fs
    C:\PROGRA~2\YYoutubeAdBlocke;fs
    C:\PROGRA~2\GooSave;fs
    C:\Users\TEMP\AppData\Local\Torch;fs
    C:\Users\TEMP\AppData\Local\Chromatic Browser;fs
    C:\Users\HomeGroupUser$\AppData\Local\Torch;fs
    C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser;fs
    C:\Users\Guest\AppData\Local\Torch;fs
    C:\Users\Guest\AppData\Local\Chromatic Browser;fs
    C:\Users\Chi-Yung\AppData\Local\Torch;fs
    C:\Users\Chi-Yung\AppData\Local\Chromatic Browser;fs
    C:\Users\Administrator\AppData\Local\Chromatic Browser;fs
    C:\Users\TEMP\AppData\Local\Google;fs
    C:\Users\TEMP\AppData\Local\Comodo;fs
    C:\Users\HomeGroupUser$\AppData\Local\Google;fs
    C:\Users\HomeGroupUser$\AppData\Local\Comodo;fs
    C:\Users\Guest\AppData\Local\Google;fs
    C:\Users\Guest\AppData\Local\Comodo;fs
    C:\Users\Chi-Yung\AppData\Local\Comodo;fs
    C:\Users\Administrator\AppData\Local\Torch;fs
    C:\Users\Administrator\AppData\Local\Google;fs
    C:\Users\Administrator\AppData\Local\Comodo;fs
    C:\ProgramData\WebbbInnG;fs
    C:\ProgramData\NextCoeup;fs
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons;fs
    C:\ProgramData\YYoutubeAdBlocke;fs
    C:\ProgramData\GooSave;fs
    C:\ProgramData\4114cf7250697b23;fs
    C:\$RECYCLE.BIN\S-1-5-21-2763017955-3505092474-3563680861-1001\$IURY8LM.zip;f
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
    "vProt"=-;r
    "L79N7prOOo.exe"=-;r
    "SearchProtection"=-;r
    C:\ProgramData\Search Protection\_run.bat;f
    C:\Users\Chi-Yung\AppData\Local\zi98BttI\L79N7prOOo.exe;f
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r
    "AppInit_DLLs"=-;r
    C:\Windows\SysNative\tasks\{094D14AA-10FF-2443-DD19-8F5FE93CBA73};f
    C:\Users\Chi-Yung\AppData\Roaming\.bittornado\icons\oezuwee.exe];f
    [email protected];ff
    [email protected];ff
    [email protected];ff
    ndibdjnfmopecpmkdieinmbadjfpblof;chr
    C:\ProgramData\AVG Secure Search;fs
    dbcnbegbcdfdlndabgemkabfhfllocma;chr
    ecgbcbolcenocpjhlbchhoamfcnlimom;chr
    goihjckibmbickocklaeocpdhclpkofp;chr
    icknbmmpdmononjaelmloaiienmjoknb;chr
    gpnjccmhbhchejobcfckfibdlmcapbop;chr
    hhlinelaoeaibnnhofifkajbbpkkgiio;chr
    klengfeddgncldgdjlnlhafmlohfjfge;chr
    miigcgkjlodcihegdbcacladlcdbbceo;chr
    {107F1C64-AB93-41CA-8120-26A535629664};c
    {2fa28606-de77-4029-af96-b231e3b8f827};c
    {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E};c
    {95B7759C-8C7F-4BF1-B163-73684A933233};c
    {afdbddaa-5d3f-42ee-b79c-185a7020515b};c
    autoclean;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!



FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


  • 0

#7
Noobs

Noobs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Zoek.exe v5.0.0.0 Updated 16-10-2014
Tool run by Chi-Yung on 16/10/2014 at 10:42:17.05.
Microsoft Windows 7 Home Premium  6.1.7600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Chi-Yung\Downloads\zoek\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-10-16-071547.log    58174 bytes

==== System Restore Info ======================

16/10/2014 10:46:46 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2763017955-3505092474-3563680861-1001\Software\Microsoft\Internet Explorer\SearchScopes\{107F1C64-AB93-41CA-8120-26A535629664} deleted successfully
HKEY_USERS\S-1-5-21-2763017955-3505092474-3563680861-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} deleted successfully
HKEY_USERS\S-1-5-21-2763017955-3505092474-3563680861-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} deleted successfully
HKEY_USERS\S-1-5-21-2763017955-3505092474-3563680861-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-2763017955-3505092474-3563680861-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-2763017955-3505092474-3563680861-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-2763017955-3505092474-3563680861-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully
HKEY_USERS\S-1-5-21-2763017955-3505092474-3563680861-1001\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.9 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.1.9 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HitmanPro37CrusaderBoot deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HitmanPro37CrusaderBoot deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\HitmanPro37CrusaderBoot deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HitmanPro37CrusaderBoot deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Chi-Yung\AppData\Roaming\Mozilla\Firefox\Profiles\vlf1c066.default

user.js not found
---- Lines [email protected] removed from prefs.js ----
user_pref("extensions.bootstrappedAddons", "{\"[email protected]\":{\"version\":\"0.6\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\
---- Lines [email protected] modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"[email protected]\":{\"descriptor\":\"C:\\\\Program Files (x86)\
---- Lines [email protected] removed from prefs.js ----
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"private
---- Lines [email protected] modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"[email protected]\":{\"descriptor\":\"C:\\\\Program Files (x86)\
---- Lines [email protected] modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"[email protected]\":{\"descriptor\":\"C:\\\\Program Files (x86)\
---- Lines Softonic removed from prefs.js ----
user_pref("extensions.Softonic.aflt", "orgnl");
user_pref("extensions.Softonic.cntry", "NL");
user_pref("extensions.Softonic.cv", "cv5");
user_pref("extensions.Softonic.dfltlng", "en");
user_pref("extensions.Softonic.dfltsrch", "false");
user_pref("extensions.Softonic.envrmnt", "production");
user_pref("extensions.Softonic.hdrMd5", "");
user_pref("extensions.Softonic.hmpg", false);
user_pref("extensions.Softonic.hrdid", "0");
user_pref("extensions.Softonic.id", "");
user_pref("extensions.Softonic.instlday", "");
user_pref("extensions.Softonic.instlref", "");
user_pref("extensions.Softonic.isdcmntcmplt", "false");
user_pref("extensions.Softonic.keywordurl", "");
user_pref("extensions.Softonic.lastVrsnTs", "");
user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
user_pref("extensions.Softonic.monitorreport", true);
user_pref("extensions.Softonic.newtab", "false");
user_pref("extensions.Softonic.newTab", false);
user_pref("extensions.Softonic.newtaburl", "");
user_pref("extensions.Softonic.prdct", "softonic");
user_pref("extensions.Softonic.prtnrid", "");
user_pref("extensions.Softonic.savedVrsnTs", "1");
user_pref("extensions.Softonic.sg", "tz");
user_pref("extensions.Softonic.smplgrp", "free");
user_pref("extensions.Softonic.smplGrp", "free");
user_pref("extensions.Softonic.srch", "");
user_pref("extensions.Softonic.srchprvdr", "");
user_pref("extensions.Softonic.tlbrid", "base");
user_pref("extensions.Softonic.tlbrsrchurl", "");
user_pref("extensions.Softonic.vrsn", "");
user_pref("extensions.Softonic.vrsni", "");
user_pref("extensions.Softonic.vrsnts", "");
---- Lines delta removed from prefs.js ----
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "66032522000000000000d0df9a466c2b");
user_pref("extensions.delta.instlDay", "15830");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.16.16");
user_pref("extensions.delta.vrsni", "1.8.16.16");
user_pref("extensions.delta.vrsnTs", "1.8.16.1614:21:32");
---- Lines tuvaro removed from prefs.js ----
user_pref("extensions.tuvaro.dnsErr", true);
user_pref("extensions.tuvaro.kw_url", "http://tuvaro.com/ws...f9a466c2b&q=");
user_pref("extensions.tuvaro.newTab", true);
user_pref("extensions.tuvaro.newTabUrl", "chrome://tuvaro/content/new browser tab.html?source=99ec39d5&tbp=tab&u=66032522000000000000d0df9a466c2b");
---- Lines Search  modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"[email protected]\":{\"descriptor\":\"C:\\\\Program Files (x86)\
---- Lines WebSearch removed from prefs.js ----
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.defaulturl", "http://websearch.loo...vl=14&l=1&q=");
user_pref("browser.search.order.1", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
---- Lines certified-toolbar removed from prefs.js ----
user_pref("browser.newtab.url", "http://search.certif...644-13680076254
---- Lines webssearch removed from prefs.js ----
user_pref("browser.search.defaultenginename", "webssearches");
user_pref("browser.search.selectedEngine", "webssearches");
---- Lines babylon removed from prefs.js ----
user_pref("extensions.5163d5217b609.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.in
user_pref("extensions.5165384998b2c.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.in
user_pref("extensions.516548933a6ca.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.in
user_pref("extensions.519b519783dc7.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.in
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
---- Lines Web Search removed from prefs.js ----
user_pref("browser.search.defaultengine", "Web Search");
user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search");
---- Lines searches removed from prefs.js ----
user_pref("HomeTab_3644.global.DisplayRecentSearches", "true");
---- Lines Sweet removed from prefs.js ----
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.searchguard.enable", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
---- Lines extensions.5163d5217b609 removed from prefs.js ----
user_pref("extensions.5163d5217b609.epoch", "1369903706");
user_pref("extensions.5163d5217b609.url", "http://jpi-syncer.in...ind=3657915009
---- Lines extensions.5165384998b2c removed from prefs.js ----
user_pref("extensions.5165384998b2c.epoch", "1369903706");
user_pref("extensions.5165384998b2c.url", "http://proxy5-jpi.in...ind=1207076388
---- Lines extensions.516548933a6ca removed from prefs.js ----
user_pref("extensions.516548933a6ca.epoch", "1369903706");
user_pref("extensions.516548933a6ca.url", "http://getfetch.info...d=4008820882
---- Lines extensions.519b519783dc7 removed from prefs.js ----
user_pref("extensions.519b519783dc7.epoch", "1369903706");
user_pref("extensions.519b519783dc7.url", "http://syncjpi.info/...=735043137&ssd=
---- Lines extensions.OW5Fs6l3emqlfuqR removed from prefs.js ----
user_pref("extensions.OW5Fs6l3emqlfuqR.epoch", "1413468403");
user_pref("extensions.OW5Fs6l3emqlfuqR.url", "http://veterances.co...hIC7n0rjnFrda9r
---- Lines extensions.fN5VWBnsQvZdlQOf removed from prefs.js ----
user_pref("extensions.fN5VWBnsQvZdlQOf.epoch", "1413468403");
user_pref("extensions.fN5VWBnsQvZdlQOf.url", "http://toolkitjob.in...6tMFHhd9FqdwErd
---- Lines extensions.jGejGAzMG7TCyhDZ removed from prefs.js ----
user_pref("extensions.jGejGAzMG7TCyhDZ.epoch", "1412701637");
user_pref("extensions.jGejGAzMG7TCyhDZ.url", "http://webdownlload....ShIC7n0rjnFrda9
---- Lines extensions.jn43Mu6QEnoWpjna removed from prefs.js ----
user_pref("extensions.jn43Mu6QEnoWpjna.epoch", "1412519543");
user_pref("extensions.jn43Mu6QEnoWpjna.url", "http://joburned.net/...rGhIC7n0rjnFrda
---- FireFox user.js and prefs.js backups ----

prefs_102014_1058_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vProt"=-
"L79N7prOOo.exe"=-
"SearchProtection"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-

==== Deleting Files \ Folders ======================

"C:\ProgramData\Search Protection\_run.bat" not found
"C:\Users\Chi-Yung\AppData\Local\zi98BttI\L79N7prOOo.exe" not found
"C:\Users\Chi-Yung\AppData\Roaming\.bittornado\icons\oezuwee.exe]" not found
C:\PROGRA~2\WebbbInnG deleted
C:\PROGRA~2\NextCoeup deleted
C:\PROGRA~2\YYoutubeAdBlocke deleted
C:\PROGRA~2\GooSave deleted
C:\Users\TEMP\AppData\Local\Torch deleted
C:\Users\TEMP\AppData\Local\Chromatic Browser deleted
C:\Users\HomeGroupUser$\AppData\Local\Torch deleted
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser deleted
C:\Users\Guest\AppData\Local\Torch deleted
C:\Users\Guest\AppData\Local\Chromatic Browser deleted
C:\Users\Chi-Yung\AppData\Local\Torch deleted
C:\Users\Chi-Yung\AppData\Local\Chromatic Browser deleted
C:\Users\Administrator\AppData\Local\Chromatic Browser deleted
C:\Users\TEMP\AppData\Local\Google deleted
C:\Users\TEMP\AppData\Local\Comodo deleted
C:\Users\HomeGroupUser$\AppData\Local\Google deleted
C:\Users\HomeGroupUser$\AppData\Local\Comodo deleted
C:\Users\Guest\AppData\Local\Comodo deleted
C:\Users\Chi-Yung\AppData\Local\Comodo deleted
C:\Users\Administrator\AppData\Local\Torch deleted
C:\Users\Administrator\AppData\Local\Google deleted
C:\Users\Administrator\AppData\Local\Comodo deleted
C:\ProgramData\WebbbInnG deleted
C:\ProgramData\NextCoeup deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons deleted
C:\ProgramData\YYoutubeAdBlocke deleted
C:\ProgramData\GooSave deleted
C:\ProgramData\4114cf7250697b23 deleted
C:\ProgramData\AVG Secure Search deleted
C:\PROGRA~3\SoftSafe deleted
C:\PROGRA~3\StarApp deleted
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted
C:\PROGRA~2\Softonic deleted
C:\PROGRA~2\BrowseToSave deleted
C:\PROGRA~2\ContinueToSave deleted
C:\PROGRA~2\AVG Security Toolbar deleted
C:\PROGRA~2\Browser Updater deleted
C:\PROGRA~2\Protected Search deleted
C:\PROGRA~2\Conduit deleted
C:\user.js deleted
C:\Users\Chi-Yung\AppData\Roaming\SkypEmoticons deleted
C:\PROGRA~3\Avg_Update_0814tb deleted
C:\PROGRA~3\BRooWsse22Save deleted
C:\PROGRA~3\Browysee2saevve deleted
C:\PROGRA~3\contiinUetoesavve deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Babylon deleted
C:\Users\Chi-Yung\AppData\Local\CRE deleted
C:\Users\Chi-Yung\AppData\Local\AVG Secure Search deleted
C:\Users\Chi-Yung\AppData\Local\adawarebp deleted
C:\Users\Chi-Yung\AppData\Local\Conduit deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BRooWsse22Save deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\contiinUetoesavve deleted
C:\Users\Chi-Yung\Downloads\SideKickSetup.exe deleted
C:\Users\Chi-Yung\AppData\LocalLow\tuvaro deleted
C:\Users\Chi-Yung\AppData\LocalLow\AVG Secure Search deleted
C:\Users\Chi-Yung\AppData\LocalLow\boost_interprocess deleted
C:\Users\Chi-Yung\AppData\LocalLow\Softonic deleted
C:\Users\Chi-Yung\AppData\LocalLow\SimplyTech deleted
C:\Users\Chi-Yung\AppData\LocalLow\Conduit deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\uTorrentControl2 deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Conduit deleted
C:\Windows\Launcher.exe deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Chi-Yung\AppData\Roaming\Mozilla\Firefox\Profiles\vlf1c066.default\Invalidprefs.js deleted
C:\Users\Chi-Yung\AppData\Roaming\Mozilla\Firefox\Profiles\vlf1c066.default\jetpack deleted
C:\Users\Chi-Yung\AppData\Roaming\Mozilla\Firefox\Profiles\vlf1c066.default\CT3072253 deleted
C:\Users\Chi-Yung\AppData\Roaming\Mozilla\Firefox\Profiles\vlf1c066.default\extensions\[email protected] deleted
C:\Users\Chi-Yung\AppData\Roaming\Mozilla\Firefox\Profiles\vlf1c066.default\extensions\[email protected] deleted
C:\Users\Chi-Yung\AppData\Roaming\Mozilla\Firefox\Profiles\vlf1c066.default\extensions\[email protected] deleted
"C:\$RECYCLE.BIN\S-1-5-21-2763017955-3505092474-3563680861-1001\$IURY8LM.zip" deleted
"C:\Windows\SysNative\tasks\{094D14AA-10FF-2443-DD19-8F5FE93CBA73}" deleted
"C:\Users\Chi-Yung\AppData\Local\452r2Fpvi4" deleted
"C:\Users\Chi-Yung\AppData\Local\EYTXvfZlNTz" deleted
"C:\Users\Chi-Yung\AppData\Local\g1d5BJJC" deleted
"C:\Users\Chi-Yung\AppData\Local\nGhwh5W0nFl" deleted
"C:\Users\Chi-Yung\AppData\Local\rkXrvbcdW" deleted
"C:\ProgramData\KBkP5GNEXt" deleted
"C:\ProgramData\R3yHJ5gFG" deleted
"C:\ProgramData\V7g60dLiLS0" deleted
"C:\ProgramData\v9fXHFWhD" deleted
"C:\ProgramData\zxIkGKovO" deleted
"C:\PROGRA~2\AVG Secure Search\TBAPI.dll" deleted
"C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted
"C:\PROGRA~2\AVG Secure Search\TBAPI.dll" deleted
"C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted
"C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\18.1.9\avgdttbx.dll" deleted
"C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\SiteSafety.dll" deleted
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.1.9\avgdttbx.dll" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.1.9\SiteSafety.dll" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll" deleted
"C:\Program Files (x86)\Common Files\AVG Secure Search" deleted
"C:\Users\Guest\AppData\Local\Google" deleted
"C:\PROGRA~2\AVG Secure Search" not deleted
"C:\PROGRA~2\AVG Secure Search" not deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted
"C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller" deleted
"C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller" deleted
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater" deleted
"C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\18.1.9" deleted
"C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9" deleted
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.1.9" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.1.9" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.1.9" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{1DD9AC48-0855-4AE7-9934-159B4377FFA2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [24/07/2014 11:28]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Chi-Yung\AppData\Roaming\Mozilla\Firefox\Profiles\vlf1c066.default
DFC9460CC37E5C414DC4680B10C19E7A    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll -    Shockwave Flash
06C0E62DE26FBC4F174A91F4B70C45F7    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll -    RealPlayer Video Downloader for HTML5  (32-bit)
D1041C1505FEDBBA27529AB1B57450B8    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll -    RealPlayer Video Downloader for PepperFlash  (32-bit)
D0D8A5784C6260EE1C1EA58A9576F652    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll -    RealPlayer Video Downloader  (32-bit)
1E01C084190A98763D9466499FD04E79    - C:\Game\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll -    NyxLauncher
555E65306A5D3A5978BE74E1DD62CDD9    - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll -    RealNetworks™ Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A    - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll -    RealPlayer™ HTML5VideoShim Plug-In (32-bit)


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[10/06/2014 17:54]
ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx[]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[26/10/2011 13:10]

Love OClock - Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
BRooWsse22Save - Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpnjccmhbhchejobcfckfibdlmcapbop
contiinUetoesavve - Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlinelaoeaibnnhofifkajbbpkkgiio
GeoSavee - Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb
RealPlayer HTML5Video Downloader Extension - Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
AVG Safe Search - Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Browysee2saevve - Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\klengfeddgncldgdjlnlhafmlohfjfge
Browse2sAvE - Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\miigcgkjlodcihegdbcacladlcdbbceo
AVG Do Not Track - Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
DivX Plus Web Player HTML5 \u003Cvideo\u003E - Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm
Love OClock - Chi-Yung\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma
NextCoeup - Chi-Yung\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom
WebbbInnG - Chi-Yung\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp
GeoSavee - Chi-Yung\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb

==== Chromium Startpages ======================

C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://websearch.loo...c=NL&unqvl=14",


==== Chromium Fix ======================

C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage deleted successfully
C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal deleted successfully
C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage deleted successfully
C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal deleted successfully
C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtube.conduitapps.com_0.localstorage deleted successfully
C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtube.conduitapps.com_0.localstorage-journal deleted successfully
C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully
C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal deleted successfully
C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma deleted successfully
C:\Users\Chi-Yung\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dbcnbegbcdfdlndabgemkabfhfllocma deleted successfully
C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom deleted successfully
C:\Users\Chi-Yung\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ecgbcbolcenocpjhlbchhoamfcnlimom deleted successfully
C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp deleted successfully
C:\Users\Chi-Yung\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\goihjckibmbickocklaeocpdhclpkofp deleted successfully
C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb deleted successfully
C:\Users\Chi-Yung\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\icknbmmpdmononjaelmloaiienmjoknb deleted successfully
C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpnjccmhbhchejobcfckfibdlmcapbop deleted successfully
C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlinelaoeaibnnhofifkajbbpkkgiio deleted successfully
C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\klengfeddgncldgdjlnlhafmlohfjfge deleted successfully
C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\miigcgkjlodcihegdbcacladlcdbbceo deleted successfully
C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://istart.websse...341AS_9VS478FT"
"Default_Page_URL"="http://istart.websse...341AS_9VS478FT"
"Search Page"="http://istart.websse...={searchTerms}"
"Default_Search_URL"="http://istart.websse...={searchTerms}"
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://search.certif...E&st=chrome&q="
"Search Bar"="http://search.certif...E&st=chrome&q="
"Search Page"="http://search.certif...E&st=chrome&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://search.certif...E&st=chrome&q="
"Search Bar"="http://search.certif...E&st=chrome&q="
"Search Page"="http://search.certif...E&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://istart.websse...={searchTerms}"
"Default_Page_URL"="http://istart.websse...341AS_9VS478FT"
"Start Page"="http://istart.websse...341AS_9VS478FT"
"Search Page"="http://istart.websse...={searchTerms}"
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://istart.websse...={searchTerms}"
"Default_Page_URL"="http://istart.websse...341AS_9VS478FT"
"Start Page"="http://istart.websse...341AS_9VS478FT"
"Search Page"="http://istart.websse...={searchTerms}"
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.certif...8ECF8427E&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certif...8ECF8427E&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.certif...8ECF8427E&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certif...8ECF8427E&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certif...8ECF8427E&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.certif...8ECF8427E&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://search.certif...E&st=chrome&q="
"Search Bar"="http://search.certif...E&st=chrome&q="
"Search Page"="http://search.certif...E&st=chrome&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://search.certif...E&st=chrome&q="
"Search Bar"="http://search.certif...E&st=chrome&q="
"Search Page"="http://search.certif...E&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com/"
"Search Page"="http://search.certif...E&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com/"
"Search Page"="http://search.certif...E&st=chrome&q="
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com/"
"Search Page"="http://search.certif...E&st=chrome&q="

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft..../?LinkId=54896"
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"Search Bar"="http://go.microsoft..../?LinkId=54896"
"Default_Page_URL"="http://go.microsoft..../?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"Search Bar"="http://go.microsoft..../?LinkId=54896"
"Search Page"="http://go.microsoft..../?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"Search Bar"="http://go.microsoft..../?LinkId=54896"
"Search Page"="http://go.microsoft..../?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"Search Page"="http://go.microsoft..../?LinkId=54896"
"Search Bar"="http://go.microsoft..../?LinkId=54896"
"Default_Page_URL"="http://go.microsoft..../?LinkId=69157"
"Start Page"="http://go.microsoft..../?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"Search Page"="http://go.microsoft..../?LinkId=54896"
"Search Bar"="http://go.microsoft..../?LinkId=54896"
"Default_Page_URL"="http://go.microsoft..../?LinkId=69157"
"Start Page"="http://go.microsoft..../?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.co...sults.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.co...sults.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.co...sults.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.co...sults.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.co...sults.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.co...sults.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"Search Bar"="http://go.microsoft..../?LinkId=54896"
"Search Page"="http://go.microsoft..../?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"Search Bar"="http://go.microsoft..../?LinkId=54896"
"Search Page"="http://go.microsoft..../?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"Search Page"="http://go.microsoft..../?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"Search Page"="http://go.microsoft..../?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"Search Page"="http://go.microsoft..../?LinkId=54896"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{D22C8C8B-CCCB-4E24-B6A1-F7DA17753EF1}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...={searchTerms}"
{D22C8C8B-CCCB-4E24-B6A1-F7DA17753EF1} Google  Url="https://www.google.c...={searchTerms}"
{d43b3890-80c7-4010-a95d-1e77b5924dc3} Wikipedia  Url="http://en.wikipedia....={searchTerms}"
{d944bb61-2e34-4dbf-a683-47e505c587dc} eBay  Url="http://rover.ebay.co...}&mfe=Desktops"
{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} Bing  Url="http://www.bing.com/...c=IE-SearchBox"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-2763017955-3505092474-3563680861-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-2763017955-3505092474-3563680861-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-2763017955-3505092474-3563680861-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A477177-B12F-8E3A-405C-9D07982CB454} deleted successfully
HKEY_USERS\S-1-5-21-2763017955-3505092474-3563680861-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6A477177-B12F-8E3A-405C-9D07982CB454} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{6A477177-B12F-8E3A-405C-9D07982CB454} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A477177-B12F-8E3A-405C-9D07982CB454} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\[email protected] deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Chi-Yung\Desktop\888poker.lnk - C:\Program Files (x86)\PacificPoker\bin\888poker.exe
C:\Users\Chi-Yung\Desktop\Cake Poker 2.0.lnk - C:\Program Files (x86)\Cake Poker 2.0\CakePoker.exe
C:\Users\Chi-Yung\Desktop\DivX Movies.lnk - C:\Users\Chi-Yung\Videos\DivX Movies
C:\Users\Chi-Yung\Desktop\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Users\Chi-Yung\Desktop\join.me.lnk - C:\Users\Chi-Yung\AppData\Local\join.me\join.me.exe
C:\Users\Chi-Yung\Desktop\partypoker.lnk - C:\Programs\PartyGaming\PartyGaming.exe -P=PartyPoker
C:\Users\Chi-Yung\Desktop\Plus500.lnk - C:\Program Files (x86)\Plus500\Plus500.exe
C:\Users\Chi-Yung\Desktop\PokerStars.fr.lnk - C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
C:\Users\Chi-Yung\Desktop\PokerTracker 3.lnk - C:\Program Files (x86)\PokerTracker 3\PokerTracker.exe
C:\Users\Chi-Yung\Desktop\PokerTracker 4.lnk - C:\Program Files (x86)\PokerTracker 4\PokerTracker4.exe
C:\Users\Chi-Yung\Desktop\Spotify.lnk - C:\Users\Chi-Yung\AppData\Roaming\Spotify\spotify.exe
C:\Users\Chi-Yung\Desktop\YGOPro DevPro Launcher.lnk - C:\Users\Chi-Yung\AppData\Roaming\YGOPro DevPro\DevPro.exe
C:\Users\Chi-Yung\Desktop\YGOPro.lnk - C:\Program Files (x86)\YGOPro\ygopro_vs.exe
C:\Users\Chi-Yung\Desktop\µTorrent.lnk -  
C:\Users\postgres\Desktop\888poker.lnk - C:\Program Files (x86)\PacificPoker\bin\888poker.exe
C:\Users\postgres\Desktop\Plus500.lnk - C:\Program Files (x86)\Plus500\Plus500.exe
C:\Users\postgres\Desktop\PokerTracker 3.lnk - C:\Program Files (x86)\PokerTracker 3\PokerTracker.exe
C:\Users\postgres\Desktop\PokerTracker 4.lnk - C:\Program Files (x86)\PokerTracker 4\PokerTracker4.exe
C:\Users\postgres\Desktop\YGOPro.lnk - C:\Program Files (x86)\YGOPro\ygopro_vs.exe
C:\Users\TEMP\Desktop\PokerTracker 4.lnk - C:\Program Files (x86)\PokerTracker 4\PokerTracker4.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\AVG 2014.lnk - C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Users\Public\Desktop\DivX Plus Converter.lnk - C:\Program Files (x86)\DivX\DivX Plus Converter\DivXConverterLauncher.exe SW_SHOWNORMAL
C:\Users\Public\Desktop\DivX Plus Player.lnk - C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exe
C:\Users\Public\Desktop\eBay.nl.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe http://redirect.hp.c...nl&bd=all&c=104
C:\Users\Public\Desktop\Full Tilt Poker.lnk - C:\Program Files (x86)\Full Tilt Poker\FullTiltPoker.exe
C:\Users\Public\Desktop\Gala Casino Poker.lnk - C:\Poker\Gala Casino Poker\casino.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Magic Desktop.lnk - C:\Program Files (x86)\EasyBits For Kids\ezSecShield.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Play HP Games.lnk - C:\Program Files (x86)\HP Games\onplay\onplay.exe "C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe" /src desktopoem
C:\Users\Public\Desktop\Poker 770.lnk - C:\Poker\Poker 770\casino.exe
C:\Users\Public\Desktop\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
C:\Users\Public\Desktop\Titan Poker.lnk - C:\Poker\Titan Poker\casino.exe
C:\Users\Public\Desktop\Trader Workstation 4.0.LNK - C:\Windows\System32\javaw.exe -cp jts.jar;total.2012.jar -Dsun.java2d.noddraw=true -Dswing.boldMetal=false -Dsun.locale.formatasdefault=true -Xmx1024M -XX:MaxPermSize=256M jclient/LoginFrame C:\PROGRA~3\Jts
C:\Users\Public\Desktop\Unibet Poker.lnk - C:\Program Files (x86)\Unibet Poker\Unibet Poker.exe
C:\Users\Public\Desktop\Unibet.lnk - C:\Microgaming\Poker\unibetpokerMPP\MPPoker.exe
C:\Users\Public\Desktop\William Hill Poker.lnk - C:\Poker\William Hill Poker\casino.exe
C:\Users\Public\Desktop\µTorrent.lnk -  

==== shortcuts in Users Start Menu ======================

C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.websse...0341AS_9VS478FT
C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.websse...0341AS_9VS478FT

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://istart.websse...0341AS_9VS478FT
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\en_GB.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre6\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre6\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre6\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -  

==== shortcuts in Quick Launch ======================

C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\888poker.lnk - C:\Program Files (x86)\PacificPoker\bin\888poker.exe
C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.websse...0341AS_9VS478FT
C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\partypoker.lnk - C:\Programs\PartyGaming\PartyGaming.exe -P=PartyPoker
C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.eu.lnk - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe
C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Titan Poker.lnk - C:\Poker\Titan Poker\casino.exe
C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Unibet.lnk - C:\Microgaming\Poker\unibetpokerMPP\MPPoker.exe
C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -  
C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\25bb2cdfb96af2d6\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\f966724577ef19eb\PokerStars.EU.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\hpDST.lnk - C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe
C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\postgres\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\postgres\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== shortcuts After Repair ======================

C:\Users\Public\Desktop\eBay.nl.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe
C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{22424C5C-3A2B-4718-A5F3-7209F9A16EAA} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{198B75C1-CDA2-873B-8EDC-29A4574B5847} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SkypEmoticons_is1 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecb deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Protected Search_is1 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Chi-Yung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Chi-Yung\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Chi-Yung\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Chi-Yung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=6413 folders=1038 692905737 bytes)

==== Empty Temp Folders ======================

C:\Users\Chi-Yung\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\postgres\AppData\Local\Temp emptied successfully
C:\Users\TEMP\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Chi-Yung\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Chi-Yung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found
"C:\PROGRA~2\AVG Secure Search"  not found
"C:\PROGRA~2\AVG Secure Search"  not found

==== EOF on 16/10/2014 at 11:12:04.83 ======================
 


  • 0

#8
Noobs

Noobs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-10-2014 02
Ran by Chi-Yung (administrator) on CHI-YUNG-HP on 16-10-2014 11:14:44
Running from C:\Users\Chi-Yung\Downloads
Loaded Profile: Chi-Yung (Available profiles: Chi-Yung & postgres)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Spotify Ltd) C:\Users\Chi-Yung\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [437248 2010-11-26] ()
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-08-30] (EasyBits Software AS)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-07] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2763017955-3505092474-3563680861-1001\...\Run: [Spotify Web Helper] => C:\Users\Chi-Yung\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199576 2012-11-26] (Spotify Ltd)
HKU\S-1-5-21-2763017955-3505092474-3563680861-1001\...\Run: [CPN Notifier] => C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe
HKU\S-1-5-21-2763017955-3505092474-3563680861-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\S-1-5-21-2763017955-3505092474-3563680861-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2763017955-3505092474-3563680861-1001\...\Run: [se] => C:\Users\user\AppData\Roaming\SkypEmoticons\SE.exe  /minimized
HKU\S-1-5-21-2763017955-3505092474-3563680861-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2870272 2011-02-26] (Microsoft Corporation) <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

URLSearchHook: HKCU - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...s}&mfe=Desktops
SearchScopes: HKLM-x32 - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://search.certif...q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...s}&mfe=Desktops
SearchScopes: HKLM-x32 - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://search.certif...q={searchTerms}
SearchScopes: HKCU - DefaultScope {D22C8C8B-CCCB-4E24-B6A1-F7DA17753EF1} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKCU - {D22C8C8B-CCCB-4E24-B6A1-F7DA17753EF1} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...s}&mfe=Desktops
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: WinZip Courier BHO -> {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} -> C:\Program Files (x86)\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-07-16] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 212.54.40.25 212.54.44.54

FireFox:
========
FF ProfilePath: C:\Users\Chi-Yung\AppData\Roaming\Mozilla\Firefox\Profiles\vlf1c066.default
FF DefaultSearchEngineuser_pref("browser.search.defaultenginenameS", "");: user_pref("browser.search.defaultenginenameS", "");
FF SearchEngineOrder.user_pref("browser.search.order.1S", "");: user_pref("browser.search.order.1S", "");
FF SelectedSearchEngineuser_pref("browser.search.selectedEngineS", "");: user_pref("browser.search.selectedEngineS", "");
FF Homepage: hxxp://www.google.nl/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @softnyxNpruntime -> C:\Game\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll ( )
FF Plugin-x32: @winzip.com/Winzip Courier -> C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bolcom-nl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\marktplaats-nl.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011-07-16]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-07-16]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-07-16]
FF HKLM-x32\...\Firefox\Extensions: [{74c841e3-b59f-479e-8d7a-e26a942a87c8}] - C:\Program Files (x86)\WinZip Courier\FFExt
FF Extension: WinZip Courier - C:\Program Files (x86)\WinZip Courier\FFExt [2011-11-16]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-11-30]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-24]
FF HKLM-x32\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Chi-Yung\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Chi-Yung\AppData\Local\Google\Chrome\Application\21.0.1180.75\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Chi-Yung\AppData\Local\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Chi-Yung\AppData\Local\Google\Chrome\Application\21.0.1180.75\pdf.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll (AVG Technologies CZ, s.r.o.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll No File
CHR Plugin: (WinZip Courier) - C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Users\Chi-Yung\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AVG Safe Search) - C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2012-08-05]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-08-05]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-10-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
R2 pgsql-8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2009-12-10] (PostgreSQL Global Development Group) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-10] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-11-28] (GFI Software)
S3 rak; C:\Game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys [81880 2013-12-04] () [File not signed]
S3 rkion; C:\Game\SoftnyxGame\RakionIS\Bin\avital\rakon64.sys [86352 2013-12-13] ()
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 11:14 - 2014-10-16 11:17 - 00026649 _____ () C:\Users\Chi-Yung\Downloads\FRST.txt
2014-10-16 11:14 - 2014-10-16 11:14 - 00000000 ____D () C:\FRST
2014-10-16 11:13 - 2014-10-16 11:14 - 02111488 _____ (Farbar) C:\Users\Chi-Yung\Downloads\FRST64.exe
2014-10-16 11:07 - 2014-10-16 10:42 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-10-16 10:46 - 2014-10-16 09:15 - 00058174 _____ () C:\zoek-results2014-10-16-071547.log
2014-10-16 10:44 - 2014-09-15 09:06 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-16 10:41 - 2014-10-16 10:41 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\zoek
2014-10-16 09:05 - 2014-10-16 11:12 - 00054777 _____ () C:\zoek-results.log
2014-10-16 09:01 - 2014-10-16 09:01 - 04114148 _____ () C:\Users\Chi-Yung\Downloads\zoek.zip
2014-10-16 09:00 - 2014-10-16 09:00 - 00003160 _____ () C:\Windows\System32\Tasks\{71858446-697C-44AA-94FD-2A89AEE91FCC}
2014-10-15 17:50 - 2014-10-15 19:07 - 350890191 _____ () C:\Users\Chi-Yung\Downloads\ABS-27.mp4
2014-10-15 14:28 - 2014-10-16 11:03 - 00000000 ____D () C:\zoek_backup
2014-10-15 09:32 - 2014-10-10 03:53 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 09:32 - 2014-10-10 03:53 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 09:32 - 2014-10-10 03:47 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 09:31 - 2014-09-15 02:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 09:27 - 2014-10-15 09:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-15 09:23 - 2014-10-15 09:34 - 1055962506 _____ () C:\Users\Chi-Yung\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S02E04.720p.HDTV.x264-KILLERS.mkv
2014-10-15 09:22 - 2014-10-15 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-15 09:22 - 2014-10-15 09:22 - 00000000 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-10-15 09:12 - 2014-10-15 09:29 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\The.Big.Bang.Theory.S08E04.720p.HDTV.X264-DIMENSION[rarbg]
2014-10-15 09:12 - 2014-10-15 09:16 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\The.Big.Bang.Theory.S08E05.720p.HDTV.X264-DIMENSION[rarbg]
2014-10-15 09:12 - 2014-10-15 09:14 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\The.Big.Bang.Theory.S08E03.720p.HDTV.X264-DIMENSION[rarbg]
2014-10-15 09:11 - 2014-10-15 09:12 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\The.Big.Bang.Theory.S08E02.720p.HDTV.X264-DIMENSION[rarbg]
2014-10-15 09:11 - 2014-10-15 09:12 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\The.Big.Bang.Theory.S08E01.720p.HDTV.X264-DIMENSION[rarbg]
2014-10-15 09:03 - 2014-10-16 11:13 - 00003374 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2763017955-3505092474-3563680861-1001
2014-10-15 09:03 - 2014-10-16 11:13 - 00003246 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2763017955-3505092474-3563680861-1001
2014-10-14 18:03 - 2014-10-14 18:14 - 288237446 _____ () C:\Users\Chi-Yung\Downloads\TAD-TVBN-07.rmvb
2014-10-14 16:47 - 2014-10-14 16:58 - 299398444 _____ () C:\Users\Chi-Yung\Downloads\ABS-TVBN-26.rmvb
2014-10-14 09:12 - 2014-10-14 09:12 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S02E03.PROPER.720p.HDTV.X264-DIMENSION[rarbg]
2014-10-14 09:11 - 2014-10-14 09:12 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S02E02.720p.HDTV.x264-KILLERS[rarbg]
2014-10-14 09:10 - 2014-10-14 09:26 - 1047120310 _____ () C:\Users\Chi-Yung\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S02E01.720p.HDTV.x264-KILLERS.mkv
2014-10-14 09:10 - 2014-10-14 09:10 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\Sons
2014-10-14 09:09 - 2014-10-14 09:09 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\MAOS
2014-10-14 09:05 - 2014-10-14 09:23 - 966273674 _____ () C:\Users\Chi-Yung\Downloads\Once.Upon.a.Time.S04E03.720p.HDTV.X264-DIMENSION.mkv
2014-10-14 09:03 - 2014-10-14 09:12 - 584690913 _____ () C:\Users\Chi-Yung\Downloads\[HorribleSubs] Fairy Tail S2 - 28 [1080p].mkv
2014-10-13 17:52 - 2014-10-13 18:59 - 301295713 _____ () C:\Users\Chi-Yung\Downloads\ATBS-25-TVBN.rmvb
2014-10-13 17:52 - 2014-10-13 18:03 - 292653422 _____ () C:\Users\Chi-Yung\Downloads\TAD-06-TVBN.rmvb
2014-10-10 16:44 - 2014-10-10 17:58 - 339444659 _____ () C:\Users\Chi-Yung\Downloads\ABS-TVBN-24.rmvb
2014-10-10 16:44 - 2014-10-10 16:49 - 205707166 _____ () C:\Users\Chi-Yung\Downloads\TAD-DVD-05.rmvb
2014-10-09 18:17 - 2014-10-09 18:25 - 285746126 _____ () C:\Users\Chi-Yung\Downloads\TAD-TVBN-04.rmvb
2014-10-09 16:50 - 2014-10-09 16:58 - 290590041 _____ () C:\Users\Chi-Yung\Downloads\ABS-TVBN-23.rmvb
2014-10-09 11:03 - 2014-10-09 11:07 - 952318302 _____ () C:\Users\Chi-Yung\Downloads\Once.Upon.a.Time.S04E02.720p.HDTV.X264-DIMENSION.mkv
2014-10-08 17:37 - 2014-10-08 18:40 - 289496410 _____ () C:\Users\Chi-Yung\Downloads\TAD-TVBN-03.rmvb
2014-10-06 23:04 - 2014-10-07 08:46 - 00008717 _____ () C:\Users\Chi-Yung\Documents\yu gi oh burn.xlsx
2014-10-03 17:35 - 2014-10-03 18:25 - 230333994 _____ () C:\Users\Chi-Yung\Downloads\LW-DVD-31.rmvb
2014-10-03 17:34 - 2014-10-03 17:40 - 207619629 _____ () C:\Users\Chi-Yung\Downloads\LW-DVD-30.rmvb
2014-10-02 18:01 - 2014-10-02 18:10 - 290825166 _____ () C:\Users\Chi-Yung\Downloads\LW-TVBN-29.rmvb
2014-10-02 17:57 - 2014-10-04 21:45 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-02 17:57 - 2014-10-02 17:57 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-10-02 17:57 - 2014-10-02 17:57 - 00000000 ____D () C:\Users\Guest
2014-10-02 17:57 - 2014-10-02 17:57 - 00000000 ____D () C:\Users\Administrator
2014-10-02 17:19 - 2014-10-02 19:08 - 312058811 _____ () C:\Users\Chi-Yung\Downloads\ABS-TVBN-19.rmvb
2014-10-01 17:37 - 2014-10-01 18:55 - 352941434 _____ () C:\Users\Chi-Yung\Downloads\ABS-18.mp4
2014-10-01 17:36 - 2014-10-01 17:45 - 358507591 _____ () C:\Users\Chi-Yung\Downloads\LW-28.mp4
2014-09-29 18:20 - 2014-09-29 18:34 - 277492273 _____ () C:\Users\Chi-Yung\Downloads\LW-TVBN-26.rmvb
2014-09-29 17:34 - 2014-09-29 18:47 - 293027543 _____ () C:\Users\Chi-Yung\Downloads\ABS-TVBN-16.rmvb
2014-09-29 17:09 - 2014-09-29 17:11 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\Once Upon a Time S04E01 HDTV x264-LOL[ettv]
2014-09-27 13:24 - 2014-09-27 13:25 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\22.Jump.Street.2014.HDRip.XviD-SaM[ETRG]
2014-09-26 17:31 - 2014-09-26 17:31 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-26 17:31 - 2014-09-26 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-26 17:31 - 2014-09-26 17:31 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-26 17:31 - 2014-09-26 17:31 - 00000000 ____D () C:\Program Files\iTunes
2014-09-26 17:31 - 2014-09-26 17:31 - 00000000 ____D () C:\Program Files\iPod
2014-09-26 17:31 - 2014-09-26 17:31 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-26 16:57 - 2014-09-26 17:36 - 177744805 _____ () C:\Users\Chi-Yung\Downloads\LW-DVD-25.rmvb
2014-09-26 16:57 - 2014-09-26 17:05 - 280428714 _____ () C:\Users\Chi-Yung\Downloads\ABS-TVBN-15.rmvb
2014-09-25 18:29 - 2014-09-25 20:42 - 607305814 _____ () C:\Users\Chi-Yung\Downloads\ABS-14.mp4
2014-09-25 18:14 - 2014-09-25 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-25 18:04 - 2014-09-25 18:24 - 563063431 _____ () C:\Users\Chi-Yung\Downloads\LW-24.mp4
2014-09-24 18:54 - 2014-09-24 19:56 - 283684674 _____ () C:\Users\Chi-Yung\Downloads\ABS-TVBN-13.rmvb
2014-09-24 18:53 - 2014-09-24 19:01 - 286026534 _____ () C:\Users\Chi-Yung\Downloads\LW-TVBN-23.rmvb
2014-09-23 18:56 - 2014-10-02 22:00 - 00056993 _____ () C:\Users\Chi-Yung\Documents\Bestelling Kevin.xlsx
2014-09-23 18:55 - 2014-10-02 22:00 - 00056061 _____ () C:\Users\Chi-Yung\Documents\Lijst Kevin.xlsx
2014-09-23 18:03 - 2014-09-23 18:13 - 278680702 _____ () C:\Users\Chi-Yung\Downloads\LW-TVBN-22.rmvb
2014-09-23 16:55 - 2014-09-23 17:06 - 284403191 _____ () C:\Users\Chi-Yung\Downloads\ABS-TVBN-12.rmvb
2014-09-22 17:47 - 2014-09-22 18:49 - 283360964 _____ () C:\Users\Chi-Yung\Downloads\LW-TVBN-21.rmvb
2014-09-22 17:30 - 2014-09-22 17:39 - 291222100 _____ () C:\Users\Chi-Yung\Downloads\ABS-TVBN-11.rmvb
2014-09-19 17:31 - 2014-09-19 18:34 - 286830750 _____ () C:\Users\Chi-Yung\Downloads\ABS-TVBN-10.rmvb
2014-09-19 17:31 - 2014-09-19 17:39 - 297464931 _____ () C:\Users\Chi-Yung\Downloads\LW-TVBN-20.rmvb
2014-09-18 17:10 - 2014-09-18 17:18 - 282975327 _____ () C:\Users\Chi-Yung\Downloads\SOL-TVBN-08.rmvb
2014-09-18 11:42 - 2014-09-18 11:50 - 284123986 _____ () C:\Users\Chi-Yung\Downloads\ABS-TVBN-08.rmvb
2014-09-18 11:41 - 2014-09-18 12:44 - 289009671 _____ () C:\Users\Chi-Yung\Downloads\LW-TVBN-18.rmvb

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 11:16 - 2011-07-16 00:30 - 02006448 _____ () C:\Windows\WindowsUpdate.log
2014-10-16 11:13 - 2012-01-24 17:54 - 00000000 ____D () C:\Users\Chi-Yung\AppData\Roaming\Skype
2014-10-16 11:12 - 2012-03-30 09:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-16 11:08 - 2011-11-17 00:00 - 00799526 _____ () C:\Windows\PFRO.log
2014-10-16 11:08 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 11:08 - 2009-07-14 06:51 - 00161680 _____ () C:\Windows\setupact.log
2014-10-16 11:04 - 2011-11-16 17:17 - 00001067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-16 11:04 - 2011-11-16 15:12 - 00001888 _____ () C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-16 11:04 - 2011-11-16 15:07 - 00002062 _____ () C:\Users\Public\Desktop\eBay.nl.lnk
2014-10-16 09:50 - 2011-11-16 18:02 - 00000000 ____D () C:\Users\Chi-Yung\AppData\Roaming\vlc
2014-10-16 09:30 - 2011-11-17 21:47 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForChi-Yung
2014-10-16 09:30 - 2011-11-17 21:47 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForChi-Yung.job
2014-10-16 09:00 - 2009-07-14 06:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-16 09:00 - 2009-07-14 06:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-16 08:52 - 2011-11-16 15:21 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-15 16:04 - 2009-07-14 06:45 - 00420504 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 16:03 - 2014-07-10 13:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 16:01 - 2013-08-14 21:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 16:01 - 2011-11-16 18:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 15:54 - 2011-11-23 22:34 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 10:34 - 2014-07-07 09:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-15 09:34 - 2012-02-13 11:57 - 00000000 ____D () C:\Users\Chi-Yung\AppData\Roaming\uTorrent
2014-10-15 09:22 - 2013-03-06 22:38 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-14 17:28 - 2014-02-09 15:16 - 00000000 ____D () C:\Users\Chi-Yung\AppData\Roaming\YGOPro DevPro
2014-10-14 17:10 - 2008-10-10 09:23 - 00397824 _____ () C:\Users\Chi-Yung\Documents\Adm_CYLee.xls
2014-10-14 16:55 - 2012-12-27 11:15 - 00000000 ____D () C:\Program Files (x86)\PokerTracker 4
2014-10-14 16:55 - 2011-11-16 15:40 - 00000000 ____D () C:\Users\Chi-Yung\AppData\Local\PokerStars.EU
2014-10-14 10:03 - 2011-11-21 18:21 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\Anime
2014-10-13 18:42 - 2011-07-16 00:42 - 00000000 ____D () C:\ProgramData\PDFC
2014-10-11 22:30 - 2011-11-16 17:48 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-10-09 15:12 - 2011-12-09 00:08 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-09 15:12 - 2011-11-17 21:37 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-05 20:13 - 2011-11-16 16:37 - 00000000 ____D () C:\Users\Chi-Yung\AppData\Local\CrashDumps
2014-10-04 21:46 - 2013-09-26 09:13 - 00000000 ____D () C:\ProgramData\AVG2014
2014-10-02 18:14 - 2011-11-16 17:17 - 00001140 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-02 18:13 - 2011-11-16 15:12 - 00001415 _____ () C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-10-02 17:57 - 2012-05-05 16:03 - 00000000 ____D () C:\Users\Chi-Yung\AppData\Local\Google
2014-10-02 17:57 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-02 17:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-27 09:59 - 2012-05-12 22:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 19:12 - 2012-03-30 09:55 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 19:12 - 2012-03-30 09:55 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 19:12 - 2011-11-17 14:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 18:01 - 2012-03-01 11:21 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\A Very Harold And Kumar Christmas DVDRip XviD-DiAMOND
2014-09-17 09:44 - 2012-02-15 09:54 - 00003224 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCHI-YUNG-HP$
2014-09-17 09:44 - 2012-02-15 09:54 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForCHI-YUNG-HP$.job

Files to move or delete:
====================
C:\Users\Chi-Yung\jagex_cl_oldschool_LIVE.dat
C:\Users\Chi-Yung\jagex_cl_runescape_LIVE.dat
C:\Users\Chi-Yung\random.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-09 11:58

==================== End Of Log ============================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-10-2014 02
Ran by Chi-Yung at 2014-10-16 11:18:00
Running from C:\Users\Chi-Yung\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
888poker (HKLM-x32\...\888poker) (Version:  - )
Aangifte inkomstenbelasting 2011 (HKLM-x32\...\Aangifte inkomstenbelasting 2011) (Version:  - Belastingdienst)
Aangifte inkomstenbelasting 2012 (HKLM-x32\...\Aangifte inkomstenbelasting 2012) (Version:  - Belastingdienst)
Aangifte inkomstenbelasting 2013 (HKLM-x32\...\Aangifte inkomstenbelasting 2013) (Version:  - Belastingdienst)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4040 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.0.2282.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 6.0.2282.0 - Microsoft Corporation) Hidden
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.174.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BitTornado 0.3.18 (HKLM-x32\...\BitTornado) (Version: 0.3.18 - John Hoffman)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Browser Updater 1.1 (HKLM-x32\...\Browser Updater_is1) (Version:  - Browser Updater)
BrowseToSave 1.74 (HKLM-x32\...\SP_f2a323db) (Version:  - ) <==== ATTENTION
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Poker 2.0 (HKLM-x32\...\Cake Poker 2.0) (Version: 2.0.1.5072 - Cake Poker N.V.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Common Desktop Agent (Version: 1.52.0 - OEM) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.3210 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.0.34 - DivX, LLC)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.46.3.WIN.FullTilt.COM - )
Gala Casino Poker (HKLM-x32\...\Gala Casino Poker) (Version:  - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.0.12656.3472 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.2.4725 - Hewlett-Packard) Hidden
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Music (x32 Version: 4.2.4517 - Hewlett-Packard) Hidden
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart Photo (x32 Version: 4.2.4513 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.2.4522 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 29 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416029FF}) (Version: 6.0.290 - Oracle)
join.me (HKCU\...\JoinMe) (Version: 1.9.0.130 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0413-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Mozilla Firefox 32.0.3 (x86 nl) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 nl)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MusicStation (HKLM-x32\...\MusicStationNetstaller) (Version: 1.0.1.5 - Hewlett-Packard)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
NyxLauncherIS (HKLM-x32\...\NyxLauncherIS_is1) (Version:  - Softnyx co.,ltd.)
partypoker (HKLM-x32\...\PartyPoker) (Version:  - PartyGaming)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Plus500 (HKLM-x32\...\Plus500) (Version:  - )
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
PokerStars.fr (HKLM-x32\...\PokerStars.fr) (Version:  - PokerStars.fr)
PokerStrategy.com SideKick (HKCU\...\d1821d843d27af9f) (Version: 1.0.50126.12 - PokerStrategy.com)
PokerTracker 3 (remove only) (HKLM-x32\...\PokerTracker3) (Version:  - )
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version:  - )
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PostgreSQL 8.3 (HKLM-x32\...\{B823632F-3B72-4514-8861-B961CE263224}) (Version: 8.3 - PostgreSQL Global Development Group)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
Rakion International (HKLM-x32\...\Rakion International_is1) (Version:  - Softnyx co.,ltd.)
RealDownloader (x32 Version: 17.0.11 - RealNetworks, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.00.47.00 - Samsung Electronics Co., Ltd.)
Samsung ML-1860 Series (HKLM-x32\...\Samsung ML-1860 Series) (Version:  - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version:  - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Titan Poker (HKLM-x32\...\Titan Poker) (Version:  - )
Trader Workstation 4.0 (HKLM-x32\...\Trader Workstation 4.0) (Version:  - )
Unibet (HKLM-x32\...\unibetpoker (Poker)) (Version: 16.3.2.9976 - )
Unibet Poker v1.5.0 (HKLM-x32\...\{F75070CD-DBC0-4857-9B3F-A0F888C5EB67}_is1) (Version: 1.5.0 - Relax Gaming Ltd)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIOR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIOR_{A5659197-BDB5-467F-A71A-1B817DDD7BDD}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
William Hill Poker (HKLM-x32\...\William Hill Poker) (Version:  - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
WinZip Courier (HKLM-x32\...\{CD95F661-A5C4-11AF-B2CC-ABCD21A325B8}) (Version: 3.5.9658 - WinZip Computing, S.L. )
World Cup Cricket 20-20 (x32 Version: 2.2.0.95 - WildTangent) Hidden
YGOPro (HKLM-x32\...\YGOPro) (Version: 1.033.0.2.1 - Gruntmods Studios)
YGOPro DevPro (HKLM-x32\...\{43589988-FB5A-4C3A-B7EE-1D831EF9E89F}) (Version: 1.9.9 - DevPro)
YGOPro DevPro version 1.9.2r2 (HKLM-x32\...\{3CF2634F-3F38-4DD3-9201-CB2FE6B5FF23}_is1) (Version: 1.9.2r2 - YGOPro DevPro Online)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2763017955-3505092474-3563680861-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Chi-Yung\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2763017955-3505092474-3563680861-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Chi-Yung\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2763017955-3505092474-3563680861-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Chi-Yung\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2763017955-3505092474-3563680861-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Chi-Yung\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

13-10-2014 17:05:23 Scheduled Checkpoint
15-10-2014 07:10:02 Installed Java 7 Update 71
15-10-2014 12:39:03 zoek.exe restore point
15-10-2014 13:53:58 Windows Update
16-10-2014 07:06:00 zoek.exe restore point
16-10-2014 08:46:30 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01D6F1E6-C35D-4C50-8344-2B69F23DF1B2} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {069A6337-1849-44C8-A9E8-CD7C466D7BCE} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2763017955-3505092474-3563680861-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {084ECAC0-18C9-4CC8-9C92-E1C7B415B423} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2763017955-3505092474-3563680861-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {1B07A2A3-F891-4DB8-8201-970F15F06384} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2624E35E-3902-4DF9-9B30-E0AE5F1C5B2E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {28820117-F3D4-44DC-9CCA-2839AC70D76B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {30066538-0730-4C5C-9E1E-E5441AB22D97} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {38CF0DF5-4FBD-44C6-80C9-6240CD8B3B28} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2763017955-3505092474-3563680861-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {47F61D6A-463D-4241-80F7-CEEE4C3CE3C8} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2763017955-3505092474-3563680861-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {5C321089-8767-45C0-A641-6D3122BFEB7F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2763017955-3505092474-3563680861-1001
Task: {60EE6F8E-2C18-4BAD-B7E2-A41CA183BEA6} - System32\Tasks\HPCeeScheduleForCHI-YUNG-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {6AB4E7BE-8858-4ED8-AC61-5C28248B282E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {6CC71283-B934-4C7E-AC2F-BA752D83A857} - System32\Tasks\{9ED1E62F-D907-40E6-A4BF-F4241980C110} => C:\Users\Chi-Yung\Desktop\Microsoft Office Enterprise 2010 Corporate Final (full activated)\setup.exe
Task: {7C7B6289-CF1D-43CE-AB23-5959FCEDA012} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {92C37F7D-0A45-4260-A1D4-A1A7D5845F24} - System32\Tasks\{F5EA79B6-03EE-44DF-9E3A-40EF62B19663} => C:\Program Files (x86)\PacificPoker\bin\888poker.exe [2014-02-19] ()
Task: {95F5FDC8-F8F1-4A56-A3FC-3C85BFB67E7A} - System32\Tasks\{C5032F4F-0C2C-4A3F-A0A0-009743E8DC09} => Iexplore.exe http://ui.skype.com/...red;notincluded
Task: {B82EAADD-9769-4299-849D-FE73E5BCC608} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {BAD6C9F2-D96A-4810-B6EA-FFFA2B4FE7A7} - System32\Tasks\HPCeeScheduleForChi-Yung => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {BD0FD435-52C1-4EFE-8828-8F00965DDD39} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {C2448BD3-B296-4EDE-B2F9-E9EAC5C304F8} - \{094D14AA-10FF-2443-DD19-8F5FE93CBA73} No Task File <==== ATTENTION
Task: {D540E269-8FC7-4DA0-9388-AC0088C134B5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {D7EFF9F3-CDAD-4650-B7CE-32DCE2164FBD} - System32\Tasks\{6791D4A7-47F6-492F-B076-3C1D244915B8} => Iexplore.exe http://ui.skype.com/...red;notincluded
Task: {D8F899B0-8E74-4951-85D9-B5492E555582} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2763017955-3505092474-3563680861-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {FD66F140-2010-4508-827C-A9C2D5810464} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2763017955-3505092474-3563680861-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCHI-YUNG-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForChi-Yung.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-06-15 06:57 - 2011-06-15 06:57 - 00034304 _____ () C:\Windows\System32\ssb6mlm.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-06-10 17:50 - 2014-06-10 17:50 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-06-10 22:03 - 2014-06-10 22:03 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2010-09-15 19:31 - 2010-09-15 19:31 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2010-11-26 23:18 - 2010-11-26 23:18 - 00437248 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2010-11-26 23:18 - 2010-11-26 23:18 - 00050176 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2011-07-29 01:08 - 2011-07-29 01:08 - 01259376 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-12-10 04:39 - 2009-12-10 04:39 - 00167936 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\LIBPQ.dll
2009-02-12 20:01 - 2009-02-12 20:01 - 00976384 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\libxml2.dll
2005-07-20 06:48 - 2005-07-20 06:48 - 00059904 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\zlib1.dll
2008-02-04 22:43 - 2008-02-04 22:43 - 00027136 _____ () C:\Program Files (x86)\PostgreSQL\8.3\lib\plugins\plugin_debugger.dll
2011-07-29 01:09 - 2011-07-29 01:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-09-25 18:14 - 2014-09-25 18:14 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Program Files (x86)\Cake Poker 2.0:MID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2763017955-3505092474-3563680861-500 - Administrator - Disabled)
Chi-Yung (S-1-5-21-2763017955-3505092474-3563680861-1001 - Administrator - Enabled) => C:\Users\Chi-Yung
Guest (S-1-5-21-2763017955-3505092474-3563680861-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2763017955-3505092474-3563680861-1002 - Limited - Enabled)
postgres (S-1-5-21-2763017955-3505092474-3563680861-1003 - Limited - Enabled) => C:\Users\TEMP

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2014 11:09:20 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: Chi-Yung-HP)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.

 DETAIL - Access is denied.

Error: (10/16/2014 10:46:31 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2763017955-3505092474-3563680861-1003.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {aa28bed9-3c56-48fe-b206-ec89b0cdb5b9}

Error: (10/16/2014 09:06:00 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2763017955-3505092474-3563680861-1003.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {3c43129e-02d9-4392-a729-a0e144482b0d}

Error: (10/16/2014 08:39:25 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: Chi-Yung-HP)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.

 DETAIL - Access is denied.

Error: (10/15/2014 04:04:37 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: Chi-Yung-HP)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.

 DETAIL - Access is denied.

Error: (10/15/2014 03:53:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2763017955-3505092474-3563680861-1003.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {286461d7-75c0-4333-ba33-e77115168e3b}

Error: (10/15/2014 02:39:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2763017955-3505092474-3563680861-1003.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {81ee7608-effc-4b82-8fe8-acf65b5f84f3}

Error: (10/15/2014 01:13:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/15/2014 01:13:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/15/2014 01:13:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "CinemasterAudio.4.3,language="&#x2a;",type="win32",version="4.3.0.0"1".
Dependent Assembly CinemasterAudio.4.3,language="&#x2a;",type="win32",version="4.3.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (10/16/2014 11:09:35 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (10/16/2014 11:09:20 AM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
%%5

Error: (10/16/2014 10:58:01 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (10/16/2014 10:58:01 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (10/16/2014 10:58:01 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (10/16/2014 10:58:00 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (10/16/2014 10:58:00 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (10/16/2014 10:57:59 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (10/16/2014 10:57:59 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (10/16/2014 10:57:59 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.


Microsoft Office Sessions:
=========================
Error: (10/16/2014 11:09:20 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: Chi-Yung-HP)
Description: Access is denied.

Error: (10/16/2014 10:46:31 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2763017955-3505092474-3563680861-1003.bak)0x80070539, The security ID structure is invalid.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {aa28bed9-3c56-48fe-b206-ec89b0cdb5b9}

Error: (10/16/2014 09:06:00 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2763017955-3505092474-3563680861-1003.bak)0x80070539, The security ID structure is invalid.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {3c43129e-02d9-4392-a729-a0e144482b0d}

Error: (10/16/2014 08:39:25 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: Chi-Yung-HP)
Description: Access is denied.

Error: (10/15/2014 04:04:37 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: Chi-Yung-HP)
Description: Access is denied.

Error: (10/15/2014 03:53:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2763017955-3505092474-3563680861-1003.bak)0x80070539, The security ID structure is invalid.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {286461d7-75c0-4333-ba33-e77115168e3b}

Error: (10/15/2014 02:39:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2763017955-3505092474-3563680861-1003.bak)0x80070539, The security ID structure is invalid.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {81ee7608-effc-4b82-8fe8-acf65b5f84f3}

Error: (10/15/2014 01:13:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"c:\Users\Chi-Yung\AppData\Local\Temp\~rnsetu3\videoeditor\realtrimmer.exe

Error: (10/15/2014 01:13:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"c:\Users\Chi-Yung\AppData\Local\Temp\~rnsetu3\PLAYER\realplay.exe

Error: (10/15/2014 01:13:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: CinemasterAudio.4.3,language="&#x2a;",type="win32",version="4.3.0.0"c:\Users\Chi-Yung\AppData\Local\Temp\~rnsetu3\converter\realconverter.exe


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 51%
Total physical RAM: 3767.11 MB
Available physical RAM: 1836.68 MB
Total Pagefile: 7532.36 MB
Available Pagefile: 4696.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1384.11 GB) (Free:317.91 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:13.05 GB) (Free:1.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397.3 GB) (Disk ID: 6B9DDC79)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1384.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#9
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Methinks that the improvement should be noticeable...


51a612a8b27e2-Zoek.png Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r
    "AppInit_DLLs"="";r
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!


JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.


adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • The program will begin to update the database (if internet connection is operational). Please wait a little bit.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.
 


  • 0

#10
Noobs

Noobs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Zoek.exe v5.0.0.0 Updated 16-10-2014
Tool run by Chi-Yung on 16/10/2014 at 11:57:18.16.
Microsoft Windows 7 Home Premium  6.1.7600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Chi-Yung\Downloads\zoek\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-10-16-071547.log    58174 bytes
C:\zoek-results2014-10-16-091204.log    54777 bytes

==== System Restore Info ======================

16/10/2014 12:04:50 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

==== C:\zoek_backup content ======================

C:\zoek_backup (files=6413 folders=1038 692905737 bytes)

==== EOF on 16/10/2014 at 12:05:28.30 ======================
 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Home Premium x64
Ran by Chi-Yung on 16/10/2014 at 12:06:22.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT3072253
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3072253
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\MyBabylonTB_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\MyBabylonTB_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_voor_nero-burning-rom_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_voor_nero-burning-rom_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_voor_windows-live-messenger-2011_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_voor_windows-live-messenger-2011_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_voor_nero-burning-rom_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_voor_nero-burning-rom_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_voor_windows-live-messenger-2011_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_voor_windows-live-messenger-2011_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Chi-Yung\AppData\Roaming\mozilla\firefox\profiles\vlf1c066.default\prefs.js

user_pref("aol_toolbar.default.homepage.check", false);
user_pref("aol_toolbar.default.search.check", false);
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-
Emptied folder: C:\Users\Chi-Yung\AppData\Roaming\mozilla\firefox\profiles\vlf1c066.default\minidumps [645 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/10/2014 at 12:09:14.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

# AdwCleaner v4.000 - Report created 16/10/2014 at 12:16:59
# DB v2014-10-15.7
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Chi-Yung - CHI-YUNG-HP
# Running from : C:\Users\Chi-Yung\Downloads\adwcleaner_4.000.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
File Deleted : C:\Users\Chi-Yung\AppData\Roaming\LiveSupport.exe_log.txt
File Deleted : C:\Users\Chi-Yung\AppData\Roaming\regsvr32.exe_log.txt

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [se]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LiveSupport_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\livesupport_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\5d0dedab639ee43
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_e14dcdfa
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f2a323db
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8AD40E5E-9FD9-4F5E-B4D1-DDF2C921DCE3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701F5C41-BB30-46DA-A56B-68784B0B762B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3B975A0-F679-444E-9D94-6D292FA53140}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{4C60E5AB-5C68-4C59-ABAA-885010B24B32}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\ProtectedSearch
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\simplytech
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Softonic
Key Deleted : HKLM\SOFTWARE\SoftwareUpdater
Key Deleted : HKLM\SOFTWARE\SP Global
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKLM\SOFTWARE\Vittalia
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476


-\\ Mozilla Firefox v32.0.3 (x86 nl)

[vlf1c066.default] - Line Deleted : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [14976 octets] - [16/10/2014 12:10:24]
AdwCleaner[R1].txt - [15037 octets] - [16/10/2014 12:14:52]
AdwCleaner[S0].txt - [14576 octets] - [16/10/2014 12:16:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14637 octets] ##########
 


  • 0

Advertisements


#11
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

OK, could you please update me what issues remain?



FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


  • 0

#12
Noobs

Noobs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Hi

 

Havent seen the pop ups anymore (knock on wood :P)

Hope that this solved it :D

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-10-2014 02
Ran by Chi-Yung (administrator) on CHI-YUNG-HP on 16-10-2014 12:34:55
Running from C:\Users\Chi-Yung\Downloads
Loaded Profiles: Chi-Yung & postgres (Available profiles: Chi-Yung & postgres)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Spotify Ltd) C:\Users\Chi-Yung\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [437248 2010-11-26] ()
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-08-30] (EasyBits Software AS)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-07] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2763017955-3505092474-3563680861-1001\...\Run: [Spotify Web Helper] => C:\Users\Chi-Yung\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199576 2012-11-26] (Spotify Ltd)
HKU\S-1-5-21-2763017955-3505092474-3563680861-1001\...\Run: [CPN Notifier] => C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe
HKU\S-1-5-21-2763017955-3505092474-3563680861-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\S-1-5-21-2763017955-3505092474-3563680861-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2763017955-3505092474-3563680861-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2870272 2011-02-26] (Microsoft Corporation) <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...s}&mfe=Desktops
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...s}&mfe=Desktops
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKCU - {D22C8C8B-CCCB-4E24-B6A1-F7DA17753EF1} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...s}&mfe=Desktops
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: WinZip Courier BHO -> {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} -> C:\Program Files (x86)\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-07-16] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 212.54.40.25 212.54.44.54

FireFox:
========
FF ProfilePath: C:\Users\Chi-Yung\AppData\Roaming\Mozilla\Firefox\Profiles\vlf1c066.default
FF DefaultSearchEngineuser_pref("browser.search.defaultenginenameS", "");: user_pref("browser.search.defaultenginenameS", "");
FF SearchEngineOrder.user_pref("browser.search.order.1S", "");: user_pref("browser.search.order.1S", "");
FF SelectedSearchEngineuser_pref("browser.search.selectedEngineS", "");: user_pref("browser.search.selectedEngineS", "");
FF Homepage: hxxp://www.google.nl/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @softnyxNpruntime -> C:\Game\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll ( )
FF Plugin-x32: @winzip.com/Winzip Courier -> C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bolcom-nl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\marktplaats-nl.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011-07-16]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-07-16]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-07-16]
FF HKLM-x32\...\Firefox\Extensions: [{74c841e3-b59f-479e-8d7a-e26a942a87c8}] - C:\Program Files (x86)\WinZip Courier\FFExt
FF Extension: WinZip Courier - C:\Program Files (x86)\WinZip Courier\FFExt [2011-11-16]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-11-30]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-24]
FF HKLM-x32\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Chi-Yung\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Chi-Yung\AppData\Local\Google\Chrome\Application\21.0.1180.75\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Chi-Yung\AppData\Local\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Chi-Yung\AppData\Local\Google\Chrome\Application\21.0.1180.75\pdf.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll No File
CHR Plugin: (WinZip Courier) - C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Users\Chi-Yung\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AVG Safe Search) - C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2012-08-05]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Chi-Yung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-08-05]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-10-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
R2 pgsql-8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2009-12-10] (PostgreSQL Global Development Group) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-10] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-11-28] (GFI Software)
S3 rak; C:\Game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys [81880 2013-12-04] () [File not signed]
S3 rkion; C:\Game\SoftnyxGame\RakionIS\Bin\avital\rakon64.sys [86352 2013-12-13] ()
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 12:20 - 2014-10-16 12:20 - 00003374 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2763017955-3505092474-3563680861-1001
2014-10-16 12:20 - 2014-10-16 12:20 - 00003246 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2763017955-3505092474-3563680861-1001
2014-10-16 12:10 - 2014-10-16 12:17 - 00000000 ____D () C:\AdwCleaner
2014-10-16 12:10 - 2014-10-16 12:10 - 01976320 _____ () C:\Users\Chi-Yung\Downloads\adwcleaner_4.000.exe
2014-10-16 12:09 - 2014-10-16 12:09 - 00004555 _____ () C:\Users\Chi-Yung\Desktop\JRT.txt
2014-10-16 12:06 - 2014-10-16 12:06 - 01705698 _____ (Thisisu) C:\Users\Chi-Yung\Downloads\JRT.exe
2014-10-16 12:06 - 2014-10-16 12:06 - 00000000 ____D () C:\Windows\ERUNT
2014-10-16 12:04 - 2014-10-16 11:12 - 00054777 _____ () C:\zoek-results2014-10-16-091204.log
2014-10-16 11:18 - 2014-10-16 11:18 - 00057040 _____ () C:\Users\Chi-Yung\Downloads\Addition.txt
2014-10-16 11:14 - 2014-10-16 12:35 - 00024722 _____ () C:\Users\Chi-Yung\Downloads\FRST.txt
2014-10-16 11:14 - 2014-10-16 12:34 - 00000000 ____D () C:\FRST
2014-10-16 11:13 - 2014-10-16 11:14 - 02111488 _____ (Farbar) C:\Users\Chi-Yung\Downloads\FRST64.exe
2014-10-16 10:46 - 2014-10-16 09:15 - 00058174 _____ () C:\zoek-results2014-10-16-071547.log
2014-10-16 10:44 - 2014-09-15 09:06 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-16 10:41 - 2014-10-16 10:41 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\zoek
2014-10-16 09:05 - 2014-10-16 12:05 - 00000914 _____ () C:\zoek-results.log
2014-10-16 09:01 - 2014-10-16 09:01 - 04114148 _____ () C:\Users\Chi-Yung\Downloads\zoek.zip
2014-10-16 09:00 - 2014-10-16 09:00 - 00003160 _____ () C:\Windows\System32\Tasks\{71858446-697C-44AA-94FD-2A89AEE91FCC}
2014-10-15 17:50 - 2014-10-15 19:07 - 350890191 _____ () C:\Users\Chi-Yung\Downloads\ABS-27.mp4
2014-10-15 14:28 - 2014-10-16 11:03 - 00000000 ____D () C:\zoek_backup
2014-10-15 09:32 - 2014-10-10 03:53 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 09:32 - 2014-10-10 03:53 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 09:32 - 2014-10-10 03:47 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 09:31 - 2014-09-15 02:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 09:27 - 2014-10-15 09:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-15 09:23 - 2014-10-15 09:34 - 1055962506 _____ () C:\Users\Chi-Yung\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S02E04.720p.HDTV.x264-KILLERS.mkv
2014-10-15 09:22 - 2014-10-15 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-15 09:22 - 2014-10-15 09:22 - 00000000 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-10-15 09:12 - 2014-10-15 09:29 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\The.Big.Bang.Theory.S08E04.720p.HDTV.X264-DIMENSION[rarbg]
2014-10-15 09:12 - 2014-10-15 09:16 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\The.Big.Bang.Theory.S08E05.720p.HDTV.X264-DIMENSION[rarbg]
2014-10-15 09:12 - 2014-10-15 09:14 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\The.Big.Bang.Theory.S08E03.720p.HDTV.X264-DIMENSION[rarbg]
2014-10-15 09:11 - 2014-10-15 09:12 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\The.Big.Bang.Theory.S08E02.720p.HDTV.X264-DIMENSION[rarbg]
2014-10-15 09:11 - 2014-10-15 09:12 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\The.Big.Bang.Theory.S08E01.720p.HDTV.X264-DIMENSION[rarbg]
2014-10-14 18:03 - 2014-10-14 18:14 - 288237446 _____ () C:\Users\Chi-Yung\Downloads\TAD-TVBN-07.rmvb
2014-10-14 16:47 - 2014-10-14 16:58 - 299398444 _____ () C:\Users\Chi-Yung\Downloads\ABS-TVBN-26.rmvb
2014-10-14 09:12 - 2014-10-14 09:12 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S02E03.PROPER.720p.HDTV.X264-DIMENSION[rarbg]
2014-10-14 09:11 - 2014-10-14 09:12 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S02E02.720p.HDTV.x264-KILLERS[rarbg]
2014-10-14 09:10 - 2014-10-14 09:26 - 1047120310 _____ () C:\Users\Chi-Yung\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S02E01.720p.HDTV.x264-KILLERS.mkv
2014-10-14 09:10 - 2014-10-14 09:10 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\Sons
2014-10-14 09:09 - 2014-10-14 09:09 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\MAOS
2014-10-14 09:05 - 2014-10-14 09:23 - 966273674 _____ () C:\Users\Chi-Yung\Downloads\Once.Upon.a.Time.S04E03.720p.HDTV.X264-DIMENSION.mkv
2014-10-14 09:03 - 2014-10-14 09:12 - 584690913 _____ () C:\Users\Chi-Yung\Downloads\[HorribleSubs] Fairy Tail S2 - 28 [1080p].mkv
2014-10-13 17:52 - 2014-10-13 18:59 - 301295713 _____ () C:\Users\Chi-Yung\Downloads\ATBS-25-TVBN.rmvb
2014-10-13 17:52 - 2014-10-13 18:03 - 292653422 _____ () C:\Users\Chi-Yung\Downloads\TAD-06-TVBN.rmvb
2014-10-10 16:44 - 2014-10-10 17:58 - 339444659 _____ () C:\Users\Chi-Yung\Downloads\ABS-TVBN-24.rmvb
2014-10-10 16:44 - 2014-10-10 16:49 - 205707166 _____ () C:\Users\Chi-Yung\Downloads\TAD-DVD-05.rmvb
2014-10-09 18:17 - 2014-10-09 18:25 - 285746126 _____ () C:\Users\Chi-Yung\Downloads\TAD-TVBN-04.rmvb
2014-10-09 16:50 - 2014-10-09 16:58 - 290590041 _____ () C:\Users\Chi-Yung\Downloads\ABS-TVBN-23.rmvb
2014-10-09 11:03 - 2014-10-09 11:07 - 952318302 _____ () C:\Users\Chi-Yung\Downloads\Once.Upon.a.Time.S04E02.720p.HDTV.X264-DIMENSION.mkv
2014-10-08 17:37 - 2014-10-08 18:40 - 289496410 _____ () C:\Users\Chi-Yung\Downloads\TAD-TVBN-03.rmvb
2014-10-06 23:04 - 2014-10-07 08:46 - 00008717 _____ () C:\Users\Chi-Yung\Documents\yu gi oh burn.xlsx
2014-10-03 17:35 - 2014-10-03 18:25 - 230333994 _____ () C:\Users\Chi-Yung\Downloads\LW-DVD-31.rmvb
2014-10-03 17:34 - 2014-10-03 17:40 - 207619629 _____ () C:\Users\Chi-Yung\Downloads\LW-DVD-30.rmvb
2014-10-02 18:01 - 2014-10-02 18:10 - 290825166 _____ () C:\Users\Chi-Yung\Downloads\LW-TVBN-29.rmvb
2014-10-02 17:57 - 2014-10-04 21:45 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-02 17:57 - 2014-10-02 17:57 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-10-02 17:57 - 2014-10-02 17:57 - 00000000 ____D () C:\Users\Guest
2014-10-02 17:57 - 2014-10-02 17:57 - 00000000 ____D () C:\Users\Administrator
2014-10-02 17:19 - 2014-10-02 19:08 - 312058811 _____ () C:\Users\Chi-Yung\Downloads\ABS-TVBN-19.rmvb
2014-10-01 17:37 - 2014-10-01 18:55 - 352941434 _____ () C:\Users\Chi-Yung\Downloads\ABS-18.mp4
2014-10-01 17:36 - 2014-10-01 17:45 - 358507591 _____ () C:\Users\Chi-Yung\Downloads\LW-28.mp4
2014-09-29 18:20 - 2014-09-29 18:34 - 277492273 _____ () C:\Users\Chi-Yung\Downloads\LW-TVBN-26.rmvb
2014-09-29 17:34 - 2014-09-29 18:47 - 293027543 _____ () C:\Users\Chi-Yung\Downloads\ABS-TVBN-16.rmvb
2014-09-29 17:09 - 2014-09-29 17:11 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\Once Upon a Time S04E01 HDTV x264-LOL[ettv]
2014-09-27 13:24 - 2014-09-27 13:25 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\22.Jump.Street.2014.HDRip.XviD-SaM[ETRG]
2014-09-26 17:31 - 2014-09-26 17:31 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-26 17:31 - 2014-09-26 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-26 17:31 - 2014-09-26 17:31 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-26 17:31 - 2014-09-26 17:31 - 00000000 ____D () C:\Program Files\iTunes
2014-09-26 17:31 - 2014-09-26 17:31 - 00000000 ____D () C:\Program Files\iPod
2014-09-26 17:31 - 2014-09-26 17:31 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-26 16:57 - 2014-09-26 17:36 - 177744805 _____ () C:\Users\Chi-Yung\Downloads\LW-DVD-25.rmvb
2014-09-26 16:57 - 2014-09-26 17:05 - 280428714 _____ () C:\Users\Chi-Yung\Downloads\ABS-TVBN-15.rmvb
2014-09-25 18:29 - 2014-09-25 20:42 - 607305814 _____ () C:\Users\Chi-Yung\Downloads\ABS-14.mp4
2014-09-25 18:14 - 2014-09-25 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-25 18:04 - 2014-09-25 18:24 - 563063431 _____ () C:\Users\Chi-Yung\Downloads\LW-24.mp4
2014-09-24 18:54 - 2014-09-24 19:56 - 283684674 _____ () C:\Users\Chi-Yung\Downloads\ABS-TVBN-13.rmvb
2014-09-24 18:53 - 2014-09-24 19:01 - 286026534 _____ () C:\Users\Chi-Yung\Downloads\LW-TVBN-23.rmvb
2014-09-23 18:56 - 2014-10-02 22:00 - 00056993 _____ () C:\Users\Chi-Yung\Documents\Bestelling Kevin.xlsx
2014-09-23 18:55 - 2014-10-02 22:00 - 00056061 _____ () C:\Users\Chi-Yung\Documents\Lijst Kevin.xlsx
2014-09-23 18:03 - 2014-09-23 18:13 - 278680702 _____ () C:\Users\Chi-Yung\Downloads\LW-TVBN-22.rmvb
2014-09-23 16:55 - 2014-09-23 17:06 - 284403191 _____ () C:\Users\Chi-Yung\Downloads\ABS-TVBN-12.rmvb
2014-09-22 17:47 - 2014-09-22 18:49 - 283360964 _____ () C:\Users\Chi-Yung\Downloads\LW-TVBN-21.rmvb
2014-09-22 17:30 - 2014-09-22 17:39 - 291222100 _____ () C:\Users\Chi-Yung\Downloads\ABS-TVBN-11.rmvb
2014-09-19 17:31 - 2014-09-19 18:34 - 286830750 _____ () C:\Users\Chi-Yung\Downloads\ABS-TVBN-10.rmvb
2014-09-19 17:31 - 2014-09-19 17:39 - 297464931 _____ () C:\Users\Chi-Yung\Downloads\LW-TVBN-20.rmvb
2014-09-18 17:10 - 2014-09-18 17:18 - 282975327 _____ () C:\Users\Chi-Yung\Downloads\SOL-TVBN-08.rmvb
2014-09-18 11:42 - 2014-09-18 11:50 - 284123986 _____ () C:\Users\Chi-Yung\Downloads\ABS-TVBN-08.rmvb
2014-09-18 11:41 - 2014-09-18 12:44 - 289009671 _____ () C:\Users\Chi-Yung\Downloads\LW-TVBN-18.rmvb

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 12:26 - 2009-07-14 06:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-16 12:26 - 2009-07-14 06:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-16 12:22 - 2011-07-16 00:30 - 02013298 _____ () C:\Windows\WindowsUpdate.log
2014-10-16 12:20 - 2012-01-24 17:54 - 00000000 ____D () C:\Users\Chi-Yung\AppData\Roaming\Skype
2014-10-16 12:18 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 12:18 - 2009-07-14 06:51 - 00161736 _____ () C:\Windows\setupact.log
2014-10-16 12:17 - 2011-11-17 00:00 - 00800078 _____ () C:\Windows\PFRO.log
2014-10-16 12:12 - 2012-03-30 09:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-16 11:56 - 2008-10-10 09:23 - 00398848 _____ () C:\Users\Chi-Yung\Documents\Adm_CYLee.xls
2014-10-16 11:32 - 2011-11-16 15:40 - 00000000 ____D () C:\Users\Chi-Yung\AppData\Local\PokerStars.EU
2014-10-16 11:31 - 2012-12-27 11:15 - 00000000 ____D () C:\Program Files (x86)\PokerTracker 4
2014-10-16 11:04 - 2011-11-16 17:17 - 00001067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-16 11:04 - 2011-11-16 15:12 - 00001888 _____ () C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-16 11:04 - 2011-11-16 15:07 - 00002062 _____ () C:\Users\Public\Desktop\eBay.nl.lnk
2014-10-16 09:50 - 2011-11-16 18:02 - 00000000 ____D () C:\Users\Chi-Yung\AppData\Roaming\vlc
2014-10-16 09:30 - 2011-11-17 21:47 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForChi-Yung
2014-10-16 09:30 - 2011-11-17 21:47 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForChi-Yung.job
2014-10-16 08:52 - 2011-11-16 15:21 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-15 16:04 - 2009-07-14 06:45 - 00420504 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 16:03 - 2014-07-10 13:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 16:01 - 2013-08-14 21:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 16:01 - 2011-11-16 18:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 15:54 - 2011-11-23 22:34 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 10:34 - 2014-07-07 09:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-15 09:34 - 2012-02-13 11:57 - 00000000 ____D () C:\Users\Chi-Yung\AppData\Roaming\uTorrent
2014-10-15 09:22 - 2013-03-06 22:38 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-14 17:28 - 2014-02-09 15:16 - 00000000 ____D () C:\Users\Chi-Yung\AppData\Roaming\YGOPro DevPro
2014-10-14 10:03 - 2011-11-21 18:21 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\Anime
2014-10-13 18:42 - 2011-07-16 00:42 - 00000000 ____D () C:\ProgramData\PDFC
2014-10-11 22:30 - 2011-11-16 17:48 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-10-09 15:12 - 2011-12-09 00:08 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-09 15:12 - 2011-11-17 21:37 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-05 20:13 - 2011-11-16 16:37 - 00000000 ____D () C:\Users\Chi-Yung\AppData\Local\CrashDumps
2014-10-04 21:46 - 2013-09-26 09:13 - 00000000 ____D () C:\ProgramData\AVG2014
2014-10-02 18:14 - 2011-11-16 17:17 - 00001140 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-02 18:13 - 2011-11-16 15:12 - 00001415 _____ () C:\Users\Chi-Yung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-10-02 17:57 - 2012-05-05 16:03 - 00000000 ____D () C:\Users\Chi-Yung\AppData\Local\Google
2014-10-02 17:57 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-02 17:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-27 09:59 - 2012-05-12 22:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 19:12 - 2012-03-30 09:55 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 19:12 - 2012-03-30 09:55 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 19:12 - 2011-11-17 14:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 18:01 - 2012-03-01 11:21 - 00000000 ____D () C:\Users\Chi-Yung\Downloads\A Very Harold And Kumar Christmas DVDRip XviD-DiAMOND
2014-09-17 09:44 - 2012-02-15 09:54 - 00003224 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCHI-YUNG-HP$
2014-09-17 09:44 - 2012-02-15 09:54 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForCHI-YUNG-HP$.job

Files to move or delete:
====================
C:\Users\Chi-Yung\jagex_cl_oldschool_LIVE.dat
C:\Users\Chi-Yung\jagex_cl_runescape_LIVE.dat
C:\Users\Chi-Yung\random.dat


Some content of TEMP:
====================
C:\Users\Chi-Yung\AppData\Local\Temp\Quarantine.exe
C:\Users\Chi-Yung\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-09 11:58

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-10-2014 02
Ran by Chi-Yung at 2014-10-16 12:35:37
Running from C:\Users\Chi-Yung\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
888poker (HKLM-x32\...\888poker) (Version:  - )
Aangifte inkomstenbelasting 2011 (HKLM-x32\...\Aangifte inkomstenbelasting 2011) (Version:  - Belastingdienst)
Aangifte inkomstenbelasting 2012 (HKLM-x32\...\Aangifte inkomstenbelasting 2012) (Version:  - Belastingdienst)
Aangifte inkomstenbelasting 2013 (HKLM-x32\...\Aangifte inkomstenbelasting 2013) (Version:  - Belastingdienst)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4040 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.0.2282.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 6.0.2282.0 - Microsoft Corporation) Hidden
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.174.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BitTornado 0.3.18 (HKLM-x32\...\BitTornado) (Version: 0.3.18 - John Hoffman)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Browser Updater 1.1 (HKLM-x32\...\Browser Updater_is1) (Version:  - Browser Updater)
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Poker 2.0 (HKLM-x32\...\Cake Poker 2.0) (Version: 2.0.1.5072 - Cake Poker N.V.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Common Desktop Agent (Version: 1.52.0 - OEM) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.3210 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.0.34 - DivX, LLC)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.46.3.WIN.FullTilt.COM - )
Gala Casino Poker (HKLM-x32\...\Gala Casino Poker) (Version:  - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.0.12656.3472 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.2.4725 - Hewlett-Packard) Hidden
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Music (x32 Version: 4.2.4517 - Hewlett-Packard) Hidden
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart Photo (x32 Version: 4.2.4513 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.2.4522 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 29 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416029FF}) (Version: 6.0.290 - Oracle)
join.me (HKCU\...\JoinMe) (Version: 1.9.0.130 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0413-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Mozilla Firefox 32.0.3 (x86 nl) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 nl)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MusicStation (HKLM-x32\...\MusicStationNetstaller) (Version: 1.0.1.5 - Hewlett-Packard)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
NyxLauncherIS (HKLM-x32\...\NyxLauncherIS_is1) (Version:  - Softnyx co.,ltd.)
partypoker (HKLM-x32\...\PartyPoker) (Version:  - PartyGaming)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Plus500 (HKLM-x32\...\Plus500) (Version:  - )
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
PokerStars.fr (HKLM-x32\...\PokerStars.fr) (Version:  - PokerStars.fr)
PokerStrategy.com SideKick (HKCU\...\d1821d843d27af9f) (Version: 1.0.50126.12 - PokerStrategy.com)
PokerTracker 3 (remove only) (HKLM-x32\...\PokerTracker3) (Version:  - )
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version:  - )
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PostgreSQL 8.3 (HKLM-x32\...\{B823632F-3B72-4514-8861-B961CE263224}) (Version: 8.3 - PostgreSQL Global Development Group)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
Rakion International (HKLM-x32\...\Rakion International_is1) (Version:  - Softnyx co.,ltd.)
RealDownloader (x32 Version: 17.0.11 - RealNetworks, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.00.47.00 - Samsung Electronics Co., Ltd.)
Samsung ML-1860 Series (HKLM-x32\...\Samsung ML-1860 Series) (Version:  - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version:  - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Titan Poker (HKLM-x32\...\Titan Poker) (Version:  - )
Trader Workstation 4.0 (HKLM-x32\...\Trader Workstation 4.0) (Version:  - )
Unibet (HKLM-x32\...\unibetpoker (Poker)) (Version: 16.3.2.9976 - )
Unibet Poker v1.5.0 (HKLM-x32\...\{F75070CD-DBC0-4857-9B3F-A0F888C5EB67}_is1) (Version: 1.5.0 - Relax Gaming Ltd)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIOR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIOR_{A5659197-BDB5-467F-A71A-1B817DDD7BDD}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
William Hill Poker (HKLM-x32\...\William Hill Poker) (Version:  - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
WinZip Courier (HKLM-x32\...\{CD95F661-A5C4-11AF-B2CC-ABCD21A325B8}) (Version: 3.5.9658 - WinZip Computing, S.L. )
World Cup Cricket 20-20 (x32 Version: 2.2.0.95 - WildTangent) Hidden
YGOPro (HKLM-x32\...\YGOPro) (Version: 1.033.0.2.1 - Gruntmods Studios)
YGOPro DevPro (HKLM-x32\...\{43589988-FB5A-4C3A-B7EE-1D831EF9E89F}) (Version: 1.9.9 - DevPro)
YGOPro DevPro version 1.9.2r2 (HKLM-x32\...\{3CF2634F-3F38-4DD3-9201-CB2FE6B5FF23}_is1) (Version: 1.9.2r2 - YGOPro DevPro Online)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2763017955-3505092474-3563680861-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Chi-Yung\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2763017955-3505092474-3563680861-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Chi-Yung\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2763017955-3505092474-3563680861-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Chi-Yung\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2763017955-3505092474-3563680861-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Chi-Yung\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

13-10-2014 17:05:23 Scheduled Checkpoint
15-10-2014 07:10:02 Installed Java 7 Update 71
15-10-2014 12:39:03 zoek.exe restore point
15-10-2014 13:53:58 Windows Update
16-10-2014 07:06:00 zoek.exe restore point
16-10-2014 08:46:30 zoek.exe restore point
16-10-2014 10:04:32 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01D6F1E6-C35D-4C50-8344-2B69F23DF1B2} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {084ECAC0-18C9-4CC8-9C92-E1C7B415B423} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2763017955-3505092474-3563680861-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {1B07A2A3-F891-4DB8-8201-970F15F06384} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2624E35E-3902-4DF9-9B30-E0AE5F1C5B2E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {28820117-F3D4-44DC-9CCA-2839AC70D76B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {30066538-0730-4C5C-9E1E-E5441AB22D97} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {47F61D6A-463D-4241-80F7-CEEE4C3CE3C8} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2763017955-3505092474-3563680861-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {50FEBFE4-DB8B-4992-887C-6C86F41A7727} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2763017955-3505092474-3563680861-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {5C321089-8767-45C0-A641-6D3122BFEB7F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2763017955-3505092474-3563680861-1001
Task: {60EE6F8E-2C18-4BAD-B7E2-A41CA183BEA6} - System32\Tasks\HPCeeScheduleForCHI-YUNG-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {6AB4E7BE-8858-4ED8-AC61-5C28248B282E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {6CC71283-B934-4C7E-AC2F-BA752D83A857} - System32\Tasks\{9ED1E62F-D907-40E6-A4BF-F4241980C110} => C:\Users\Chi-Yung\Desktop\Microsoft Office Enterprise 2010 Corporate Final (full activated)\setup.exe
Task: {7C7B6289-CF1D-43CE-AB23-5959FCEDA012} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {86666854-930C-42B1-A5F1-1AE96254D107} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2763017955-3505092474-3563680861-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {92C37F7D-0A45-4260-A1D4-A1A7D5845F24} - System32\Tasks\{F5EA79B6-03EE-44DF-9E3A-40EF62B19663} => C:\Program Files (x86)\PacificPoker\bin\888poker.exe [2014-02-19] ()
Task: {95F5FDC8-F8F1-4A56-A3FC-3C85BFB67E7A} - System32\Tasks\{C5032F4F-0C2C-4A3F-A0A0-009743E8DC09} => Iexplore.exe http://ui.skype.com/...red;notincluded
Task: {B82EAADD-9769-4299-849D-FE73E5BCC608} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {BAD6C9F2-D96A-4810-B6EA-FFFA2B4FE7A7} - System32\Tasks\HPCeeScheduleForChi-Yung => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {BD0FD435-52C1-4EFE-8828-8F00965DDD39} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {C2448BD3-B296-4EDE-B2F9-E9EAC5C304F8} - \{094D14AA-10FF-2443-DD19-8F5FE93CBA73} No Task File <==== ATTENTION
Task: {D540E269-8FC7-4DA0-9388-AC0088C134B5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {D7EFF9F3-CDAD-4650-B7CE-32DCE2164FBD} - System32\Tasks\{6791D4A7-47F6-492F-B076-3C1D244915B8} => Iexplore.exe http://ui.skype.com/...red;notincluded
Task: {D8F899B0-8E74-4951-85D9-B5492E555582} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2763017955-3505092474-3563680861-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {FD66F140-2010-4508-827C-A9C2D5810464} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2763017955-3505092474-3563680861-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCHI-YUNG-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForChi-Yung.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-06-15 06:57 - 2011-06-15 06:57 - 00034304 _____ () C:\Windows\System32\ssb6mlm.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-06-10 17:50 - 2014-06-10 17:50 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-06-10 22:03 - 2014-06-10 22:03 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2010-09-15 19:31 - 2010-09-15 19:31 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2010-11-26 23:18 - 2010-11-26 23:18 - 00437248 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2010-11-26 23:18 - 2010-11-26 23:18 - 00050176 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2011-07-29 01:08 - 2011-07-29 01:08 - 01259376 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-12-10 04:39 - 2009-12-10 04:39 - 00167936 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\LIBPQ.dll
2009-02-12 20:01 - 2009-02-12 20:01 - 00976384 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\libxml2.dll
2005-07-20 06:48 - 2005-07-20 06:48 - 00059904 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\zlib1.dll
2008-02-04 22:43 - 2008-02-04 22:43 - 00027136 _____ () C:\Program Files (x86)\PostgreSQL\8.3\lib\plugins\plugin_debugger.dll
2011-07-29 01:09 - 2011-07-29 01:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-09-25 18:14 - 2014-09-25 18:14 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Program Files (x86)\Cake Poker 2.0:MID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2763017955-3505092474-3563680861-500 - Administrator - Disabled)
Chi-Yung (S-1-5-21-2763017955-3505092474-3563680861-1001 - Administrator - Enabled) => C:\Users\Chi-Yung
Guest (S-1-5-21-2763017955-3505092474-3563680861-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2763017955-3505092474-3563680861-1002 - Limited - Enabled)
postgres (S-1-5-21-2763017955-3505092474-3563680861-1003 - Limited - Enabled) => C:\Users\TEMP

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2014 00:18:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: Chi-Yung-HP)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.

 DETAIL - Access is denied.


System errors:
=============
Error: (10/16/2014 00:18:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (10/16/2014 00:18:33 PM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (10/16/2014 00:18:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: Chi-Yung-HP)
Description: Access is denied.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 51%
Total physical RAM: 3767.11 MB
Available physical RAM: 1818.31 MB
Total Pagefile: 7532.36 MB
Available Pagefile: 4530.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1384.11 GB) (Free:317.58 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:13.05 GB) (Free:1.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397.3 GB) (Disk ID: 6B9DDC79)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1384.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#13
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

OK, now please do these ones.

However we are not done yet. There is still some more to perform here.

 

 

FRST.gif Fix with Farbar Recovery Scan Tool



icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-2763017955-3505092474-3563680861-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2870272 2011-02-26] (Microsoft Corporation) <==== ATTENTION
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
    Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
    CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll No File
    S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
    Hosts:
    Task: {01D6F1E6-C35D-4C50-8344-2B69F23DF1B2} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    C:\Program Files (x86)\Lavasoft
    Task: {C2448BD3-B296-4EDE-B2F9-E9EAC5C304F8} - \{094D14AA-10FF-2443-DD19-8F5FE93CBA73} No Task File <==== ATTENTION
    AlternateDataStreams: C:\Program Files (x86)\Cake Poker 2.0:MID
    EmptyTemp:
    end
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.



chrome.png Reset Chrome Plugins Cache

Open Google Chrome.

  • In the address bar type in the following: chrome://plugins
  • Press Enter.
  • Select one plugin from the list and disable it.
  • After that please re-enable it.

Finally please restart Google Chrome.



warning.gif P2P warning!

  • uTorrent

P2P programs, as they are legal itself, are often used to obtain some illegal downloads. Currently it's one of the best ways to get infected. There have been some extreme cases in which passwords, private or financial data was exposed to file sharing network because of bad P2P configuration.

I strongly recommend full uninstallation of any P2P apps. To do so:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for previously mentioned program(s), right-click the entry and click Uninstall.

This is optional, but please consider this.


  • 0

#14
Noobs

Noobs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-10-2014 02
Ran by Chi-Yung at 2014-10-16 12:51:45 Run:1
Running from C:\Users\Chi-Yung\Downloads
Loaded Profiles: Chi-Yung & postgres (Available profiles: Chi-Yung & postgres)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2763017955-3505092474-3563680861-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2870272 2011-02-26] (Microsoft Corporation) <==== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll No File
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
Hosts:
Task: {01D6F1E6-C35D-4C50-8344-2B69F23DF1B2} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files (x86)\Lavasoft
Task: {C2448BD3-B296-4EDE-B2F9-E9EAC5C304F8} - \{094D14AA-10FF-2443-DD19-8F5FE93CBA73} No Task File <==== ATTENTION
AlternateDataStreams: C:\Program Files (x86)\Cake Poker 2.0:MID
EmptyTemp:
end
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-2763017955-3505092474-3563680861-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key deleted successfully.
"HKCR\Wow6432Node\PROTOCOLS\Handler\linkscanner" => Key not found.
"HKCR\Wow6432Node\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key deleted successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll not found.
SBRE => Service deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01D6F1E6-C35D-4C50-8344-2B69F23DF1B2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01D6F1E6-C35D-4C50-8344-2B69F23DF1B2}" => Key deleted successfully.
C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly)" => Key deleted successfully.
C:\Program Files (x86)\Lavasoft => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C2448BD3-B296-4EDE-B2F9-E9EAC5C304F8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2448BD3-B296-4EDE-B2F9-E9EAC5C304F8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{094D14AA-10FF-2443-DD19-8F5FE93CBA73}" => Key deleted successfully.
C:\Program Files (x86)\Cake Poker 2.0 => ":MID" ADS removed successfully.
EmptyTemp: => Removed 487.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

 

 

Dont use Google Chrome only use mozilla


  • 0

#15
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Dont use Google Chrome only use mozilla

Fine.



51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.


ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.

To perform the scan:

  • Make sure that Enable detecion of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP