Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"IE cannot display the webpage" and Chrome.exe Avast URL:Mal w

Malware Avast Chrome.exe IE

  • Please log in to reply

#1
thedarkprince

thedarkprince

    Member

  • Member
  • PipPipPip
  • 129 posts

Hi there,

 

Got a couple of issues with both IE and Chrome.  

 

IE is constantly returning error messages saying that it cannot display the webpage e.g. trying to sign into this site with twitter or facebook.  Those same links then work in Chrome but Avast keeps returning Chrome.exe errors - see attached jpeg.

 

Have run Malwarebytes but no objects found.  

 

Looked on here and it's pretty clear that this is some form of malware but no idea how to fix it.

 

Help!


Edited by thedarkprince, 03 November 2014 - 02:42 PM.

  • 0

Advertisements


#2
thedarkprince

thedarkprince

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts

Just noticed the Object in the Avast pop-up keeps changing.  Not sure if this is important or not.


  • 0

#3
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hello thedarkprince,

 

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.


  • 0

#4
thedarkprince

thedarkprince

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts

Hey emeraldnzl,

 

Thanks for helping out with this.  

 

I actually ran this scan the other day so the Addition file is from a few days back but the FSRT log is from today.

 

Cheers!

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Russ_Sally (administrator) on RUSS_SALLY-PC on 07-11-2014 20:56:38
Running from C:\Users\Russ_Sally\Desktop
Loaded Profile: Russ_Sally (Available profiles: Russ_Sally & Administrator)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [329096 2010-11-17] (BillP Studios)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-19] ()
HKLM-x32\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [329096 2010-11-17] (BillP Studios)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-07] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2335476601-2564019851-3319116419-1001\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2335476601-2564019851-3319116419-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-2335476601-2564019851-3319116419-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2335476601-2564019851-3319116419-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-2335476601-2564019851-3319116419-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
HKU\S-1-5-21-2335476601-2564019851-3319116419-1001\...\MountPoints2: {badbd9fd-0099-11e4-8e4d-a4badb950394} - E:\autorun.exe
AppInit_DLLs-x32: c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll" File Not Found
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Russ_Sally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Russ_Sally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: http=127.0.0.1:49549;https=127.0.0.1:49549
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bbc.co.uk/football
URLSearchHook: HKCU - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT1060933
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {9E9F380F-7E44-4E13-98B0-BC0BD69AD470} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = 
SearchScopes: HKCU - {C2D1EC2C-0A80-43C3-983B-2CE1457087B8} URL = 
SearchScopes: HKCU - {F3706E41-47A6-4F64-B86E-7AC1C5AAFA6D} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Octh Class -> {000123B4-9B42-4900-B3F7-F4B073EFC214} -> C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> C:\Users\Russ_Sally\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Toolbar: HKCU - No Name - {1392B8D2-5C05-419F-A8F6-B9F15A596612} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Russ_Sally\AppData\Roaming\Mozilla\Firefox\Profiles\j3b7albc.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF DefaultSearchUrl: https://www.google.com/search
FF SearchEngineOrder.1: Google
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Russ_Sally\AppData\Roaming\Mozilla\Firefox\Profiles\j3b7albc.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: Savee oN - C:\Users\Russ_Sally\AppData\Roaming\Mozilla\Firefox\Profiles\j3b7albc.default\Extensions\[email protected] [2014-09-12]
FF Extension: Adblocker - C:\Users\Russ_Sally\AppData\Roaming\Mozilla\Firefox\Profiles\j3b7albc.default\Extensions\[email protected] [2014-09-12]
FF Extension: Yahoo! Toolbar - C:\Users\Russ_Sally\AppData\Roaming\Mozilla\Firefox\Profiles\j3b7albc.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-10-12]
FF Extension: DownloadHelper - C:\Users\Russ_Sally\AppData\Roaming\Mozilla\Firefox\Profiles\j3b7albc.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012-07-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-31]
 
Chrome: 
=======
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR Profile: C:\Users\Russ_Sally\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Russ_Sally\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Russ_Sally\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-30]
CHR Extension: (YouTube) - C:\Users\Russ_Sally\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-21]
CHR Extension: (Google Search) - C:\Users\Russ_Sally\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-21]
CHR Extension: (Savee oN) - C:\Users\Russ_Sally\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp [2014-06-30]
CHR Extension: (Google Wallet) - C:\Users\Russ_Sally\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-21]
CHR Extension: (Gmail) - C:\Users\Russ_Sally\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-21]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\RUSS_S~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-08-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-07] (AVAST Software)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-07] ()
R1 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [65600 2011-12-28] (microOLAP Technologies LTD)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-06 22:16 - 2014-11-06 22:16 - 00880272 _____ (Google Inc.) C:\Users\Russ_Sally\Downloads\ChromeSetup.exe
2014-11-03 20:54 - 2014-11-07 20:56 - 00020444 _____ () C:\Users\Russ_Sally\Desktop\FRST.txt
2014-11-03 20:54 - 2014-11-03 20:54 - 00023131 _____ () C:\Users\Russ_Sally\Desktop\Addition.txt
2014-11-03 20:53 - 2014-11-03 20:54 - 00023131 _____ () C:\Users\Russ_Sally\Downloads\Addition.txt
2014-11-03 20:52 - 2014-11-03 20:54 - 00028438 _____ () C:\Users\Russ_Sally\Downloads\FRST.txt
2014-11-03 20:34 - 2014-11-03 20:34 - 01375089 _____ () C:\Users\Russ_Sally\Desktop\AdwCleaner.exe
2014-11-03 20:10 - 2014-11-07 20:56 - 00000000 ____D () C:\FRST
2014-11-03 20:10 - 2014-11-03 20:10 - 02114560 _____ (Farbar) C:\Users\Russ_Sally\Desktop\FRST64.exe
2014-11-03 11:50 - 2014-11-03 11:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Orbit
2014-11-03 11:50 - 2014-11-03 11:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ProgSense
2014-11-02 16:53 - 2014-11-02 16:53 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-02 16:53 - 2014-11-02 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-02 16:52 - 2014-11-02 16:53 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-02 16:52 - 2014-11-02 16:53 - 00000000 ____D () C:\Program Files\iTunes
2014-11-02 16:52 - 2014-11-02 16:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-02 16:52 - 2014-11-02 16:52 - 00000000 ____D () C:\Program Files\iPod
2014-11-02 16:49 - 2014-11-02 16:49 - 00000000 ____D () C:\Users\Russ_Sally\AppData\Local\Aiseesoft Studio
2014-11-02 16:47 - 2014-11-02 16:48 - 19598128 _____ (Aiseesoft Studio ) C:\Users\Russ_Sally\Downloads\ios-data-recovery.exe
2014-11-02 16:33 - 2014-11-02 16:35 - 00003896 _____ () C:\Users\Russ_Sally\Downloads\umbrella.log
2014-11-02 16:33 - 2014-11-02 16:34 - 00000000 ____D () C:\Users\Russ_Sally\.shsh
2014-11-02 16:33 - 2014-11-02 16:33 - 03618816 _____ () C:\Users\Russ_Sally\Downloads\tinyumbrella-7.12.00.exe
2014-11-02 16:33 - 2014-11-02 16:33 - 00000000 _____ () C:\Users\Russ_Sally\Downloads\tinyumbrella-7_12_00_exe.ed2pusd.partial
2014-11-02 16:07 - 2014-11-02 16:09 - 00000000 ____D () C:\Users\Russ_Sally\Documents\fixrecovery-win
2014-10-27 15:11 - 2014-10-27 15:11 - 00876585 _____ () C:\Users\Russ_Sally\Desktop\(7 unread) - sallyanne_knowles - Yahoo Mail.mht
2014-10-21 21:38 - 2014-10-21 21:38 - 00010966 _____ () C:\Users\Russ_Sally\Downloads\The_Walking_Dead_S05E01_HDTV_x264-KILLERS_mp4.torrent
2014-10-18 18:47 - 2014-10-18 18:47 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-18 18:47 - 2014-10-18 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-09 12:12 - 2014-10-09 12:12 - 00509070 _____ () C:\Users\Russ_Sally\Downloads\MBwwzaohotzw.rar
2014-10-08 12:28 - 2014-10-08 12:28 - 00001031 _____ () C:\Users\Russ_Sally\Downloads\x-men-days-of-future-past_english-975153.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-07 20:54 - 2009-07-14 04:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-07 20:54 - 2009-07-14 04:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-07 20:49 - 2009-07-14 05:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-07 20:48 - 2013-08-12 20:56 - 00000000 ___RD () C:\Users\Russ_Sally\Google Drive
2014-11-07 20:45 - 2012-07-07 18:34 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-07 20:44 - 2012-07-09 21:29 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-07 20:43 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-07 20:43 - 2009-07-14 04:51 - 00106805 _____ () C:\Windows\setupact.log
2014-11-06 22:37 - 2014-09-27 11:10 - 00000000 ____D () C:\Users\Russ_Sally\Documents\Calibre Library
2014-11-06 22:37 - 2011-03-09 23:28 - 00000000 ____D () C:\Users\Russ_Sally\AppData\Roaming\Orbit
2014-11-06 22:37 - 2011-01-22 17:31 - 00000000 ____D () C:\Users\Russ_Sally\AppData\Roaming\Azureus
2014-11-06 22:37 - 2009-07-14 05:10 - 01637489 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 22:28 - 2012-10-12 22:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-06 22:23 - 2013-05-31 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-06 22:23 - 2012-07-09 21:29 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-06 22:17 - 2012-07-09 21:32 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-06 22:16 - 2012-07-09 21:29 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-06 22:16 - 2012-07-09 21:29 - 00003650 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-03 20:20 - 2011-01-22 17:23 - 00000000 ____D () C:\Users\Russ_Sally\Documents\Russ Docs
2014-11-02 21:59 - 2011-01-22 18:22 - 00000000 ____D () C:\Users\Russ_Sally\AppData\Roaming\vlc
2014-11-02 21:12 - 2011-01-22 16:22 - 00000000 ____D () C:\Users\Russ_Sally
2014-11-02 18:00 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-02 16:52 - 2011-03-18 19:04 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-02 16:51 - 2014-09-22 08:09 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-29 20:33 - 2014-07-16 20:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-29 20:32 - 2014-07-16 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-29 20:32 - 2014-07-16 20:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-29 20:32 - 2012-11-06 22:57 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-29 20:05 - 2014-08-09 16:53 - 00000000 ____D () C:\Users\Russ_Sally\AppData\Roaming\Skype
2014-10-21 21:19 - 2014-06-30 21:32 - 00000000 ____D () C:\Program Files (x86)\Championship Manager 01-02
2014-10-18 18:47 - 2014-08-09 16:53 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-18 18:47 - 2014-08-09 16:53 - 00000000 ____D () C:\ProgramData\Skype
 
Files to move or delete:
====================
C:\Users\Russ_Sally\AppData\Roaming\settings.ini
 
 
Some content of TEMP:
====================
C:\Users\Russ_Sally\AppData\Local\Temp\down.4104.putfu.exe
C:\Users\Russ_Sally\AppData\Local\Temp\i4jdel0.exe
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess1466923605820185165.dll
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess2272738192127961107.dll
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess3444285789347259356.dll
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess3628287895357209499.dll
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess4793268141198843805.dll
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess5803280339399387819.dll
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess8133832584801265466.dll
C:\Users\Russ_Sally\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Russ_Sally\AppData\Local\Temp\System.Data.SQLite95936.dll
C:\Users\Russ_Sally\AppData\Local\Temp\Tsu812144C0.dll
C:\Users\Russ_Sally\AppData\Local\Temp\Wise_SETUP.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-26 11:41
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Russ_Sally at 2014-11-03 20:53:34
Running from C:\Users\Russ_Sally\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader 9.4.6 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.6 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AnalogX Script Defender (HKLM-x32\...\AnalogX Script Defender) (Version:  - AnalogX)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Balsamiq Mockups For Desktop (HKLM-x32\...\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 2.2.16 - Balsamiq SRL)
Balsamiq Mockups For Desktop (x32 Version: 2.2.16 - Balsamiq SRL) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{18681CFA-4FAF-47F7-B1AA-E7B5D02CA274}) (Version: 2.4.0 - Kovid Goyal)
Championship Manager 01-02 (HKLM-x32\...\Championship Manager 01-02) (Version:  - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CM3 Series SaveGame Editor 4.0 Build 4000 (HKLM-x32\...\CM3 Series SaveGame Editor_is1) (Version: 4.0 Build 4000 - Graeme Kelly)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.31 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.48 - Dell)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.104.115.102 - Alps Electric)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
Desktop Icon für Amazon (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 (de) - CHIP.de)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
Evernote v. 4.5.3 (HKLM-x32\...\{7BFD42CA-460A-11E1-AE58-984BE15F174E}) (Version: 4.5.3.6131 - Evernote Corp.)
FlashGet 3.7 (HKLM-x32\...\FlashGet 3.7) (Version: 3.7.0.1158 - http://www.FlashGet.com)
FM Genie Scout 13 version 1.0 beta 11 b338 (HKLM-x32\...\FM Genie Scout 13_is1) (Version: 1.0 beta 11 b338 - )
Football Manager 2013 (HKLM-x32\...\Steam App 207890) (Version:  - Sports Interactive)
Football Manager 2013 Editor (HKLM-x32\...\Steam App 220600) (Version:  - Sports Interactive)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Drive (HKLM-x32\...\{D9F75285-4864-461D-83DA-8D056BAC44D1}) (Version: 1.16.6866.4367 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1029 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java™ 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
Java™ 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
lookinglink (HKLM\...\lookinglink) (Version: 2014.01.25.024532 - lookinglink) <==== ATTENTION
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 9.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 9.0.1 (x86 en-GB)) (Version: 9.0.1 - Mozilla)
Orbit Downloader (HKLM-x32\...\Orbit_is1) (Version:  - www.orbitdownloader.com)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.0 - Roxio)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Update for Office 2007 (KB934528) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version:  - )
Update for Office System 2007 Setup (KB929722) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version:  - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.4.0.0 - Azureus Software, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinPatrol (HKLM\...\{007811BF-E310-4285-BFC6-55DB29B3EDDE}) (Version: 19.3.2010.5 - BillP Studios)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
26-10-2014 11:48:18 Scheduled Checkpoint
02-11-2014 20:56:23 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2011-01-25 20:09 - 00623385 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1  localhost
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  aconti.net
127.0.0.1  secure.aconti.net
127.0.0.1  www.aconti.net #[Dialer.Aconti]
127.0.0.1  ads.active.com
127.0.0.1  am1.activemeter.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1  ad2games.com
127.0.0.1  cms.ad2click.nl
127.0.0.1  ads.ad2games.com
127.0.0.1  content.ad20.net
127.0.0.1  core.ad20.net
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2F2F7766-CAC8-41BB-A4C4-7202C20C81A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {6F43AD4A-232C-4AA1-B8DF-43E1613F2D1E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {73EB0100-5CC3-40A9-A5E8-F6BEAEE87623} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-08-25] (Apple Inc.)
Task: {8D3109D6-680B-41B4-819C-AE9646B3D835} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {90035D98-E855-4348-85C4-A3B92BE4A273} - System32\Tasks\{CEB73FCB-99D7-4265-816D-931F115576B9} => Iexplore.exe http://ui.skype.com/...#38;page=tsBing
Task: {98AE8742-16A4-4C75-AB01-513720811B08} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {C53DB82A-9796-4FFE-B18D-A9E5924DDF6C} - System32\Tasks\D932M2K1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)
Task: {C6E6965B-5A69-4ED5-A0CD-56D76088E997} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {D4A0F1F2-B7AE-4F7C-9A42-E1209D3DF523} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-07] (AVAST Software)
Task: {F1AC362F-4E03-49C9-9378-DC7A5AF8DE19} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-12-25 10:43 - 2009-07-17 01:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2009-12-25 10:43 - 2009-07-17 01:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2009-06-19 03:46 - 2009-06-19 03:46 - 00494064 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2013-02-21 17:31 - 2013-02-21 17:31 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\009f9ab4705eb4c48a2aeb5433dfb430\VistaBridgeLibrary.ni.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2335476601-2564019851-3319116419-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2335476601-2564019851-3319116419-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2335476601-2564019851-3319116419-1002 - Limited - Enabled)
Russ_Sally (S-1-5-21-2335476601-2564019851-3319116419-1001 - Administrator - Enabled) => C:\Users\Russ_Sally
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/02/2014 08:52:31 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (11/02/2014 08:52:02 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/02/2014 05:56:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ApplePhotoStreams.exe, version: 7.15.7.3, time stamp: 0x53d97094
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10
Exception code: 0xc0000374
Fault offset: 0x000ce903
Faulting process id: 0x8e8
Faulting application start time: 0xApplePhotoStreams.exe0
Faulting application path: ApplePhotoStreams.exe1
Faulting module path: ApplePhotoStreams.exe2
Report Id: ApplePhotoStreams.exe3
 
Error: (11/02/2014 04:55:41 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}wltrynt SENS Logon Spy Subscription
 
Error: (10/26/2014 11:44:41 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (10/26/2014 11:44:11 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/23/2014 09:54:33 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}wltrynt SENS Logon Spy Subscription
 
Error: (10/21/2014 09:54:54 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}wltrynt SENS Logon Spy Subscription
 
Error: (10/09/2014 11:29:28 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (10/09/2014 11:28:58 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (11/03/2014 08:01:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (11/03/2014 07:59:46 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: [email protected]
 
Error: (11/03/2014 03:31:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (11/03/2014 03:29:05 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: [email protected]
 
Error: (11/03/2014 11:47:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (11/03/2014 11:45:40 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: [email protected]
 
Error: (11/03/2014 11:45:14 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:44:06 on ‎03/‎11/‎2014 was unexpected.
 
Error: (11/03/2014 11:37:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (11/03/2014 11:35:37 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: [email protected]
 
Error: (11/02/2014 05:55:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 61%
Total physical RAM: 3032.36 MB
Available physical RAM: 1155.81 MB
Total Pagefile: 6062.86 MB
Available Pagefile: 3870.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:119.88 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 75349890)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#5
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hello thedarkprince,

Please download ESET Poweliks Cleaner and save the file to your desktop.

  • Right-click on ESETOnline.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • If the tool will find Poweliks, you will be prompted Win32/Poweliks found in your system.
  • Press Y to continue the removal.
  • You should be noted that the tool succesfully removed the threat from your system.
  • The tool will also produce a logfile on your desktop, named ESETPoweliksCleaner_Date.Time.
  • Please copy and paste the log into the thread back here and tell me whether the tool indicated that Poweliks was present and that it had successfully been removed.

Next

Open notepad.

Please copy the contents of the code box below.

To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

 

HKU\S-1-5-21-2335476601-2564019851-3319116419-1001\...\MountPoints2: {badbd9fd-0099-11e4-8e4d-a4badb950394} - E:\autorun.exe
AppInit_DLLs-x32: c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT1060933
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {9E9F380F-7E44-4E13-98B0-BC0BD69AD470} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKCU - {C2D1EC2C-0A80-43C3-983B-2CE1457087B8} URL =
SearchScopes: HKCU - {F3706E41-47A6-4F64-B86E-7AC1C5AAFA6D} URL =
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Toolbar: HKCU - No Name - {1392B8D2-5C05-419F-A8F6-B9F15A596612} -  No File
FF Extension: Savee oN - C:\Users\Russ_Sally\AppData\Roaming\Mozilla\Firefox\Profiles\j3b7albc.default\Extensions\[email protected] [2014-09-12]
FF Extension: Yahoo! Toolbar - C:\Users\Russ_Sally\AppData\Roaming\Mozilla\Firefox\Profiles\j3b7albc.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-10-12]
CHR Extension: (Savee oN) - C:\Users\Russ_Sally\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp [2014-06-30]
C:\Users\Russ_Sally\AppData\Local\Temp\down.4104.putfu.exe
C:\Users\Russ_Sally\AppData\Local\Temp\i4jdel0.exe
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess1466923605820185165.dll
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess2272738192127961107.dll
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess3444285789347259356.dll
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess3628287895357209499.dll
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess4793268141198843805.dll
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess5803280339399387819.dll
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess8133832584801265466.dll
C:\Users\Russ_Sally\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Russ_Sally\AppData\Local\Temp\System.Data.SQLite95936.dll
C:\Users\Russ_Sally\AppData\Local\Temp\Tsu812144C0.dll
C:\Users\Russ_Sally\AppData\Local\Temp\Wise_SETUP.exe
EmptyTemp:

This Registry file is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

So when you return please post

  • ESET Poweliks log
  • Fixlog.txt

 


  • 0

#6
thedarkprince

thedarkprince

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts

Done and done.

 

[2014.11.07 21:38:42.752] - Begin
[2014.11.07 21:38:42.752] - 
[2014.11.07 21:38:42.752] -     ....................................
[2014.11.07 21:38:42.752] -   ..::::::::::::::::::....................
[2014.11.07 21:38:42.752] -   .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Poweliks
[2014.11.07 21:38:42.752] -  .::EE::::EE:SS:::::::.EE....EE....TT......   Version: 1.0.0.1
[2014.11.07 21:38:42.767] -  .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: Oct 15 2014
[2014.11.07 21:38:42.767] -  .::EE:::::::::::::SS:.EE..........TT......
[2014.11.07 21:38:42.767] -   .::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright © ESET, spol. s r.o.
[2014.11.07 21:38:42.767] -   ..::::::::::::::::::....................    1992-2013. All rights reserved.
[2014.11.07 21:38:42.767] -     ....................................
[2014.11.07 21:38:42.767] - 
[2014.11.07 21:38:42.767] - --------------------------------------------------------------------------------
[2014.11.07 21:38:42.767] - 
[2014.11.07 21:38:42.783] - INFO: OS: 6.1.7600 SP0
[2014.11.07 21:38:42.783] - INFO: Product Type: Workstation
[2014.11.07 21:38:42.783] - INFO: WoW64: True
[2014.11.07 21:38:42.783] - INFO: Machine guid: 9C94D549-AC91-4C84-AB06-AABFB1D83491 
[2014.11.07 21:38:42.783] - 
[2014.11.07 21:38:44.728] - INFO: Scanning for system infection...
[2014.11.07 21:38:44.728] - --------------------------------------------------------------------------------
[2014.11.07 21:38:44.728] - 
[2014.11.07 21:38:44.728] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.07 21:38:44.728] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.07 21:38:44.728] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.07 21:38:44.728] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.07 21:38:44.728] - INFO: Processing classes...
[2014.11.07 21:38:44.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{6D7F9B66-08E9-4B1D-8F4D-16E600006016}]
[2014.11.07 21:38:44.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[2014.11.07 21:38:44.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CA7ED0B0-3CD4-4254-A9D2-2D7F78C5E3C5}]
[2014.11.07 21:38:44.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.775] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.775] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.775] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.775] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.775] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.775] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.775] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.775] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.776] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.776] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.776] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.776] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.776] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.777] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.792] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
[2014.11.07 21:38:44.808] - INFO: Processing clsid [\Registry\User\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
[2014.11.07 21:38:44.808] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.07 21:38:44.823] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.07 21:38:44.823] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.07 21:38:44.823] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.07 21:38:44.823] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.07 21:38:44.823] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.07 21:38:44.823] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.07 21:38:44.823] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.07 21:38:44.823] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.07 21:38:44.823] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.07 21:38:44.823] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.07 21:38:44.823] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.07 21:38:44.823] - INFO: Win32/Poweliks not found
[2014.11.07 21:39:31.495] - End
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Russ_Sally at 2014-11-07 21:41:32 Run:1
Running from C:\Users\Russ_Sally\Desktop
Loaded Profile: Russ_Sally (Available profiles: Russ_Sally & Administrator)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-2335476601-2564019851-3319116419-1001\...\MountPoints2: {badbd9fd-0099-11e4-8e4d-a4badb950394} - E:\autorun.exe
AppInit_DLLs-x32: c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT1060933
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {9E9F380F-7E44-4E13-98B0-BC0BD69AD470} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKCU - {C2D1EC2C-0A80-43C3-983B-2CE1457087B8} URL =
SearchScopes: HKCU - {F3706E41-47A6-4F64-B86E-7AC1C5AAFA6D} URL =
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Toolbar: HKCU - No Name - {1392B8D2-5C05-419F-A8F6-B9F15A596612} -  No File
FF Extension: Savee oN - C:\Users\Russ_Sally\AppData\Roaming\Mozilla\Firefox\Profiles\j3b7albc.default\Extensions\[email protected] [2014-09-12]
FF Extension: Yahoo! Toolbar - C:\Users\Russ_Sally\AppData\Roaming\Mozilla\Firefox\Profiles\j3b7albc.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-10-12]
CHR Extension: (Savee oN) - C:\Users\Russ_Sally\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp [2014-06-30]
C:\Users\Russ_Sally\AppData\Local\Temp\down.4104.putfu.exe
C:\Users\Russ_Sally\AppData\Local\Temp\i4jdel0.exe
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess1466923605820185165.dll
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess2272738192127961107.dll
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess3444285789347259356.dll
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess3628287895357209499.dll
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess4793268141198843805.dll
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess5803280339399387819.dll
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess8133832584801265466.dll
C:\Users\Russ_Sally\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Russ_Sally\AppData\Local\Temp\System.Data.SQLite95936.dll
C:\Users\Russ_Sally\AppData\Local\Temp\Tsu812144C0.dll
C:\Users\Russ_Sally\AppData\Local\Temp\Wise_SETUP.exe
EmptyTemp:
*****************
 
"HKU\S-1-5-21-2335476601-2564019851-3319116419-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{badbd9fd-0099-11e4-8e4d-a4badb950394}" => Key deleted successfully.
"HKCR\CLSID\{badbd9fd-0099-11e4-8e4d-a4badb950394}" => Key not found.
"c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll" => Value Data removed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key Deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => Key deleted successfully.
"HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9E9F380F-7E44-4E13-98B0-BC0BD69AD470}" => Key deleted successfully.
"HKCR\CLSID\{9E9F380F-7E44-4E13-98B0-BC0BD69AD470}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
"HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C2D1EC2C-0A80-43C3-983B-2CE1457087B8}" => Key deleted successfully.
"HKCR\CLSID\{C2D1EC2C-0A80-43C3-983B-2CE1457087B8}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F3706E41-47A6-4F64-B86E-7AC1C5AAFA6D}" => Key deleted successfully.
"HKCR\CLSID\{F3706E41-47A6-4F64-B86E-7AC1C5AAFA6D}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} => value deleted successfully.
"HKCR\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} => value deleted successfully.
"HKCR\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}" => Key not found.
C:\Users\Russ_Sally\AppData\Roaming\Mozilla\Firefox\Profiles\j3b7albc.default\Extensions\[email protected] => Moved successfully.
C:\Users\Russ_Sally\AppData\Roaming\Mozilla\Firefox\Profiles\j3b7albc.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} => Moved successfully.
C:\Users\Russ_Sally\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp => Moved successfully.
C:\Users\Russ_Sally\AppData\Local\Temp\down.4104.putfu.exe => Moved successfully.
C:\Users\Russ_Sally\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess1466923605820185165.dll => Moved successfully.
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess2272738192127961107.dll => Moved successfully.
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess3444285789347259356.dll => Moved successfully.
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess3628287895357209499.dll => Moved successfully.
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess4793268141198843805.dll => Moved successfully.
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess5803280339399387819.dll => Moved successfully.
C:\Users\Russ_Sally\AppData\Local\Temp\libProcessAccess8133832584801265466.dll => Moved successfully.
C:\Users\Russ_Sally\AppData\Local\Temp\System.Data.SQLite.dll => Moved successfully.
C:\Users\Russ_Sally\AppData\Local\Temp\System.Data.SQLite95936.dll => Moved successfully.
C:\Users\Russ_Sally\AppData\Local\Temp\Tsu812144C0.dll => Moved successfully.
C:\Users\Russ_Sally\AppData\Local\Temp\Wise_SETUP.exe => Moved successfully.
EmptyTemp: => Removed 2.8 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

  • 0

#7
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Well done :)

 

Now

 

Please download : ADWCleaner to your desktop  (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

After that

Please download Junkware Removal Tool to your desktop.
 

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Please post

  • AdwCleaner log
  • JRT.txt

 


  • 0

#8
thedarkprince

thedarkprince

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts

First up the AdwCleaner report, followed by JRT.

 

 

# AdwCleaner v4.100 - Report created 08/11/2014 at 11:45:04
# DB v2014-11-07.1
# Updated 08/11/2014 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Russ_Sally - RUSS_SALLY-PC
# Running from : C:\Users\Russ_Sally\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\ea7db459713869cc
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\orbitdownloader
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Administrator\AppData\Roaming\GrabPro
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Russ_Sally\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Russ_Sally\AppData\Local\Conduit
Folder Deleted : C:\Users\Russ_Sally\AppData\Local\torch
Folder Deleted : C:\Users\Russ_Sally\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Russ_Sally\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Russ_Sally\AppData\Roaming\Browser Extensions
Folder Deleted : C:\Users\Russ_Sally\AppData\Roaming\DesktopIconForAmazon
Folder Deleted : C:\Users\Russ_Sally\AppData\Roaming\GrabPro
Folder Deleted : C:\Users\Russ_Sally\AppData\Roaming\Mozilla\Firefox\Profiles\j3b7albc.default\Extensions\[email protected]
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp
Folder Deleted : C:\Users\Russ_Sally\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp
File Deleted : C:\END
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\5b6d6d1b03cef43
Key Deleted : HKLM\SOFTWARE\5b6d6d1b03cef43
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Orbit
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Browser Extensions
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\Orbit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
 
-\\ Mozilla Firefox v9.0.1 (en-GB)
 
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.FirstTime", "true");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.FirstTimeFF3", "true");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.UserID", "UN16064416889424554");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.autoDisableScopes", -1);
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.defaultSearch", "false");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.enableAlerts", "false");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.enableSearchFromAddressBar", "true");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.firstTimeDialogOpened", "true");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.fixPageNotFoundError", "true");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.fixUrls", true);
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.installId", "ConduitNSISIntegration");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.installType", "ConduitNSISIntegration");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.isNewTabEnabled", true);
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.isPerformedSmartBarTransition", "true");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.openThankYouPage", "false");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.openUninstallPage", "false");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.search.searchAppId", "129079840422026594");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.search.searchCount", "0");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.searchInNewTabEnabledInHidden", "true");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1358120157861");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.serviceLayer_services_appTracking_lastUpdate", "1358120157818");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.serviceLayer_services_appsMetadata_lastUpdate", "1358120157672");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1358120158246");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.serviceLayer_services_login_10.10.20.14_lastUpdate", "1358120157518");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.serviceLayer_services_optimizer_lastUpdate", "1343590170575");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1358120158306");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1358120157753");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1358120157443");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.serviceLayer_services_toolbarContextMenu_lastUpdate", "1358120172964");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1358120157900");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1358120199670");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.settingsINI", true);
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.shouldFirstTimeDialog", "false");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.smartbar.CTID", "CT2504091");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.smartbar.Uninstall", "0");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.startPage", "false");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.toolbarBornServerTime", "29-7-2012");
[j3b7albc.default\prefs.js] - Line Deleted : user_pref("CT2504091.toolbarCurrentServerTime", "14-1-2013");
 
-\\ Google Chrome v38.0.2125.111
 
[C:\Users\Russ_Sally\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
-\\ Chromium v
 
[C:\Users\Russ_Sally\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
-\\ Comodo Dragon v
 
[C:\Users\Russ_Sally\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [11487 octets] - [08/11/2014 11:42:49]
AdwCleaner[S0].txt - [11713 octets] - [08/11/2014 11:45:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11774 octets] ##########
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.6 (11.05.2014:1)
OS: Windows 7 Home Premium x64
Ran by Russ_Sally on 08/11/2014 at 11:52:54.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Russ_Sally\AppData\Roaming\getrighttogo"
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Russ_Sally\AppData\Roaming\mozilla\firefox\profiles\j3b7albc.default\smartbar
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/11/2014 at 12:00:26.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  • 0

#9
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hello again thedarkprince,

 

Making progress I think. :)

 

Now

 

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you may need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Disable your security programs.

  • Click the blue Run ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
     then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow/install to install. If your firewall asks whether you want to allow installation, say yes. If asked, click yes to allow the program to run on your computer.
  • Check "Enable detection of potentially unwanted applications"
  • Click on Start and say yes to allow the program to proceed.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed click "List of found threats" and click again on Copy to clipboard. Open notepad and past in the clipboard list. Save it as ESET log somewhere that you can find .
  • After that click the button "Back"
  • Select and check Uninstall application on close and Delete quarantined files.
  • Then click on: Finish
  • Copy and paste the ESET log back here and tell me how your machine is now.

 


  • 0

#10
thedarkprince

thedarkprince

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts

Logfile from ESET below.

 

Chrome is no longer triggering Avast warnings but still got the original issue with IE - IE cannot display the webpage.

 

   
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConduitEngine\ConduitEngine.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Russ_Sally\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Users\Russ_Sally\Documents\Downloads\Integrated_BrotherSoft_TB.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Users\Russ_Sally\Downloads\genie13_setup_b337.exe Win32/DownWare.W potentially unwanted application deleted - quarantined
C:\Users\Russ_Sally\Downloads\genie13_setup_b338.exe Win32/DownWare.W potentially unwanted application deleted - quarantined
C:\Users\Russ_Sally\Downloads\orbit_Downloader.exe a variant of Win32/InstallCore.PZ potentially unwanted application deleted - quarantined

  • 0

Advertisements


#11
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

 

IE cannot display the webpage.

 

Hmm... might be residual corruption.

 

Let's do this:

 

Use the System File Checker tool (SFC.exe) to check your system and replace files where necessary.

To do this, follow these steps:

  • To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
  • If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
  • Type the following command, and then press ENTER:
    sfc /scannow Please note that there is a single space between sfc and /scannow.

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

You should see the following on-screen messages:

Beginning the system scan. This process will take some time.

Beginning verification phase of system scan.

Verification % complete.

Once the scan has completed you will receive an onscreen message resembling one of the following:

…found no integrity violations

…found corruption but repaired it

…found corruption that it could not repair


Please reply with the completion message that you received.

 

 

After that

 

 

  • Please run Farbars Recovery Scan Tool again. Double click on FRST64 to open. Allow it to update if it wants to
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

 

 

 

So when you return please

Tell me how System File Checker went

Copy and paste FRST.txt back here


  • 0

#12
thedarkprince

thedarkprince

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts

Sorry for the delay, been crazily busy for the past few days.  

 

The System File Checker found corrupt files but was unable to fix some of them.  I've tried to access the log file that was created but says I'm not permissioned to open it even though I have Administrator rights. Tried everything but nothing works. 

 

FRST file is below.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by Russ_Sally (administrator) on RUSS_SALLY-PC on 14-11-2014 21:52:45
Running from C:\Users\Russ_Sally\Desktop
Loaded Profile: Russ_Sally (Available profiles: Russ_Sally & Administrator)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Azureus Software, Inc) C:\Program Files (x86)\Vuze\Azureus.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [329096 2010-11-17] (BillP Studios)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-19] ()
HKLM-x32\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [329096 2010-11-17] (BillP Studios)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-07] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2335476601-2564019851-3319116419-1001\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2335476601-2564019851-3319116419-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-2335476601-2564019851-3319116419-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2335476601-2564019851-3319116419-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-2335476601-2564019851-3319116419-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Russ_Sally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Russ_Sally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: http=127.0.0.1:49549;https=127.0.0.1:49549
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bbc.co.uk/football
URLSearchHook: HKCU - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {C2D1EC2C-0A80-43C3-983B-2CE1457087B8} URL = 
SearchScopes: HKLM-x32 - {C2D1EC2C-0A80-43C3-983B-2CE1457087B8} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> C:\Users\Russ_Sally\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2335476601-2564019851-3319116419-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Russ_Sally\AppData\Roaming\Mozilla\Firefox\Profiles\j3b7albc.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF DefaultSearchUrl: https://www.google.com/search
FF SearchEngineOrder.1: Google
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Russ_Sally\AppData\Roaming\Mozilla\Firefox\Profiles\j3b7albc.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: DownloadHelper - C:\Users\Russ_Sally\AppData\Roaming\Mozilla\Firefox\Profiles\j3b7albc.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012-07-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-31]
 
Chrome: 
=======
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR Profile: C:\Users\Russ_Sally\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Russ_Sally\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Russ_Sally\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-30]
CHR Extension: (YouTube) - C:\Users\Russ_Sally\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-21]
CHR Extension: (Google Search) - C:\Users\Russ_Sally\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-21]
CHR Extension: (Google Wallet) - C:\Users\Russ_Sally\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-21]
CHR Extension: (Gmail) - C:\Users\Russ_Sally\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-07] (AVAST Software)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-07] ()
R1 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [65600 2011-12-28] (microOLAP Technologies LTD)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-14 21:52 - 2014-11-14 21:52 - 00000000 ____D () C:\Users\Russ_Sally\Desktop\FRST-OlderVersion
2014-11-09 11:45 - 2014-11-09 11:45 - 00001115 _____ () C:\Users\Russ_Sally\Desktop\ESET.txt
2014-11-09 10:28 - 2014-11-09 10:29 - 00000000 ___HD () C:\Windows\AxInstSV
2014-11-08 12:00 - 2014-11-08 12:00 - 00000855 _____ () C:\Users\Russ_Sally\Desktop\JRT.txt
2014-11-08 11:52 - 2014-11-08 11:52 - 00000000 ____D () C:\Windows\ERUNT
2014-11-08 11:50 - 2014-11-08 11:50 - 01706939 _____ (Thisisu) C:\Users\Russ_Sally\Desktop\JRT.exe
2014-11-08 11:42 - 2014-11-08 11:45 - 00000000 ____D () C:\AdwCleaner
2014-11-08 11:41 - 2014-11-08 11:42 - 02145792 _____ () C:\Users\Russ_Sally\Desktop\AdwCleaner.exe
2014-11-07 21:38 - 2014-11-07 21:39 - 00243464 _____ () C:\Users\Russ_Sally\Desktop\ESETPoweliksCleaner.exe_20141107.213842.5600.log
2014-11-07 21:37 - 2014-11-07 21:37 - 00186568 _____ (ESET) C:\Users\Russ_Sally\Desktop\ESETPoweliksCleaner.exe
2014-11-06 22:16 - 2014-11-06 22:16 - 00880272 _____ (Google Inc.) C:\Users\Russ_Sally\Downloads\ChromeSetup.exe
2014-11-03 20:54 - 2014-11-14 21:52 - 00017957 _____ () C:\Users\Russ_Sally\Desktop\FRST.txt
2014-11-03 20:54 - 2014-11-03 20:54 - 00023131 _____ () C:\Users\Russ_Sally\Desktop\Addition.txt
2014-11-03 20:53 - 2014-11-03 20:54 - 00023131 _____ () C:\Users\Russ_Sally\Downloads\Addition.txt
2014-11-03 20:52 - 2014-11-03 20:54 - 00028438 _____ () C:\Users\Russ_Sally\Downloads\FRST.txt
2014-11-03 20:10 - 2014-11-14 21:52 - 02116608 _____ (Farbar) C:\Users\Russ_Sally\Desktop\FRST64.exe
2014-11-03 20:10 - 2014-11-14 21:52 - 00000000 ____D () C:\FRST
2014-11-03 11:50 - 2014-11-03 11:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Orbit
2014-11-03 11:50 - 2014-11-03 11:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ProgSense
2014-11-02 16:53 - 2014-11-02 16:53 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-02 16:53 - 2014-11-02 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-02 16:52 - 2014-11-02 16:53 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-02 16:52 - 2014-11-02 16:53 - 00000000 ____D () C:\Program Files\iTunes
2014-11-02 16:52 - 2014-11-02 16:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-02 16:52 - 2014-11-02 16:52 - 00000000 ____D () C:\Program Files\iPod
2014-11-02 16:49 - 2014-11-02 16:49 - 00000000 ____D () C:\Users\Russ_Sally\AppData\Local\Aiseesoft Studio
2014-11-02 16:47 - 2014-11-02 16:48 - 19598128 _____ (Aiseesoft Studio ) C:\Users\Russ_Sally\Downloads\ios-data-recovery.exe
2014-11-02 16:33 - 2014-11-02 16:35 - 00003896 _____ () C:\Users\Russ_Sally\Downloads\umbrella.log
2014-11-02 16:33 - 2014-11-02 16:34 - 00000000 ____D () C:\Users\Russ_Sally\.shsh
2014-11-02 16:33 - 2014-11-02 16:33 - 03618816 _____ () C:\Users\Russ_Sally\Downloads\tinyumbrella-7.12.00.exe
2014-11-02 16:33 - 2014-11-02 16:33 - 00000000 _____ () C:\Users\Russ_Sally\Downloads\tinyumbrella-7_12_00_exe.ed2pusd.partial
2014-11-02 16:07 - 2014-11-02 16:09 - 00000000 ____D () C:\Users\Russ_Sally\Documents\fixrecovery-win
2014-10-27 15:11 - 2014-10-27 15:11 - 00876585 _____ () C:\Users\Russ_Sally\Desktop\(7 unread) - sallyanne_knowles - Yahoo Mail.mht
2014-10-21 21:38 - 2014-10-21 21:38 - 00010966 _____ () C:\Users\Russ_Sally\Downloads\The_Walking_Dead_S05E01_HDTV_x264-KILLERS_mp4.torrent
2014-10-18 18:47 - 2014-10-18 18:47 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-18 18:47 - 2014-10-18 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-14 21:52 - 2011-01-22 17:31 - 00000000 ____D () C:\Users\Russ_Sally\AppData\Roaming\Azureus
2014-11-14 21:28 - 2012-10-12 22:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-14 21:28 - 2012-10-12 22:42 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-14 21:28 - 2012-10-12 22:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-14 21:28 - 2011-06-23 21:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-14 21:21 - 2012-07-09 21:29 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-14 21:00 - 2011-01-22 18:22 - 00000000 ____D () C:\Users\Russ_Sally\AppData\Roaming\vlc
2014-11-14 20:56 - 2011-01-22 17:29 - 00000000 ____D () C:\Users\Russ_Sally\AppData\Roaming\FlashGetBHO
2014-11-14 20:54 - 2009-07-14 04:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-14 20:54 - 2009-07-14 04:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-14 20:48 - 2013-08-12 20:56 - 00000000 ___RD () C:\Users\Russ_Sally\Google Drive
2014-11-14 20:46 - 2012-07-07 18:34 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-14 20:45 - 2012-07-09 21:29 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-14 20:45 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-14 20:45 - 2009-07-14 04:51 - 00107421 _____ () C:\Windows\setupact.log
2014-11-14 08:49 - 2009-07-14 05:10 - 01776094 _____ () C:\Windows\WindowsUpdate.log
2014-11-12 11:20 - 2009-07-14 05:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-08 11:45 - 2009-12-25 12:33 - 00792186 _____ () C:\Windows\PFRO.log
2014-11-07 21:47 - 2014-06-30 21:45 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-11-07 21:41 - 2009-07-14 03:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-07 21:23 - 2013-05-31 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-06 22:37 - 2014-09-27 11:10 - 00000000 ____D () C:\Users\Russ_Sally\Documents\Calibre Library
2014-11-06 22:37 - 2011-03-09 23:28 - 00000000 ____D () C:\Users\Russ_Sally\AppData\Roaming\Orbit
2014-11-06 22:17 - 2012-07-09 21:32 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-06 22:16 - 2012-07-09 21:29 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-06 22:16 - 2012-07-09 21:29 - 00003650 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-03 20:20 - 2011-01-22 17:23 - 00000000 ____D () C:\Users\Russ_Sally\Documents\Russ Docs
2014-11-02 21:12 - 2011-01-22 16:22 - 00000000 ____D () C:\Users\Russ_Sally
2014-11-02 18:00 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-02 16:52 - 2011-03-18 19:04 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-02 16:51 - 2014-09-22 08:09 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-29 20:33 - 2014-07-16 20:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-29 20:32 - 2014-07-16 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-29 20:32 - 2014-07-16 20:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-29 20:32 - 2012-11-06 22:57 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-29 20:05 - 2014-08-09 16:53 - 00000000 ____D () C:\Users\Russ_Sally\AppData\Roaming\Skype
2014-10-21 21:19 - 2014-06-30 21:32 - 00000000 ____D () C:\Program Files (x86)\Championship Manager 01-02
2014-10-18 18:47 - 2014-08-09 16:53 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-18 18:47 - 2014-08-09 16:53 - 00000000 ____D () C:\ProgramData\Skype
 
Files to move or delete:
====================
C:\Users\Russ_Sally\AppData\Roaming\settings.ini
 
 
Some content of TEMP:
====================
C:\Users\Russ_Sally\AppData\Local\Temp\i4jdel0.exe
C:\Users\Russ_Sally\AppData\Local\Temp\Quarantine.exe
C:\Users\Russ_Sally\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-08 12:55
 
==================== End Of Log ============================

Edited by thedarkprince, 14 November 2014 - 03:58 PM.

  • 0

#13
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

 

Sorry for the delay, been crazily busy for the past few days.

 

No problem, I have no immediate plans to go anywhere lol. :)

 

Turning to your computer.

 

I think there are three possibilities as to why you are still experiencing those problems:

 

1. the corruption one

 

2. something to do with your security, either the settings of IE, Winpatrol, or your firewall.

 

3. some malware we are not seeing

 

Let's pursue them in reverse order:

 

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
 

  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

 


  • 0

#14
thedarkprince

thedarkprince

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts

Here you go...

 

ComboFix 14-11-15.01 - Russ_Sally 16/11/2014  21:39:07.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.44.1033.18.3032.1305 [GMT 0:00]
Running from: c:\users\Russ_Sally\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Adblocker
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\ChXClGK.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp\2.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp\2.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp\2.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp\2.14\YgHl5PQ.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\ChXClGK.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\ChXClGK.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\ChXClGK.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp\2.14\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp\2.14\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp\2.14\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp\2.14\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp\2.14\YgHl5PQ.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\ChXClGK.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\ChXClGK.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\ChXClGK.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp\2.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp\2.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp\2.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp\2.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp\2.14\YgHl5PQ.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\ChXClGK.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\ChXClGK.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\manifest.json
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\_ctypes.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\_elementtree.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\_hashlib.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\_multiprocessing.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\_socket.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\_ssl.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\hashobjs_ext.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\pyexpat.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\pysqlite2._sqlite.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\python27.dll
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\pythoncom27.dll
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\PyWinTypes27.dll
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\select.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\unicodedata.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\win32api.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\win32com.shell.shell.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\win32crypt.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\win32event.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\win32file.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\win32gui.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\win32inet.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\win32pdh.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\win32pipe.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\win32process.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\win32profile.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\win32security.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\win32ts.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\windows._lib_cacheinvalidation.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\wx._animate.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\wx._controls_.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\wx._core_.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\wx._gdi_.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\wx._html2.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\wx._misc_.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\wx._windows_.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\wx._wizard.pyd
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\wxbase294u_net_vc90.dll
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\wxbase294u_vc90.dll
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\wxmsw294u_adv_vc90.dll
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\wxmsw294u_core_vc90.dll
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\wxmsw294u_html_vc90.dll
c:\users\RUSS_S~1\AppData\Local\Temp\_MEI33362\wxmsw294u_webview_vc90.dll
c:\users\Russ_Sally\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli
c:\users\Russ_Sally\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\background.html
c:\users\Russ_Sally\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\ChXClGK.js
c:\users\Russ_Sally\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\content.js
c:\users\Russ_Sally\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\lsdb.js
c:\users\Russ_Sally\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\manifest.json
c:\users\Russ_Sally\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp
c:\users\Russ_Sally\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp\2.14\background.html
c:\users\Russ_Sally\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp\2.14\content.js
c:\users\Russ_Sally\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp\2.14\lsdb.js
c:\users\Russ_Sally\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp\2.14\manifest.json
c:\users\Russ_Sally\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgjabnimkednonjoighaljjikpoipmkp\2.14\YgHl5PQ.js
c:\users\Russ_Sally\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli
c:\users\Russ_Sally\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\background.html
c:\users\Russ_Sally\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\ChXClGK.js
c:\users\Russ_Sally\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\content.js
c:\users\Russ_Sally\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\lsdb.js
c:\users\Russ_Sally\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\141\manifest.json
c:\users\Russ_Sally\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\_ctypes.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\_elementtree.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\_hashlib.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\_multiprocessing.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\_socket.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\_ssl.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\hashobjs_ext.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\pyexpat.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\pysqlite2._sqlite.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\python27.dll
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\pythoncom27.dll
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\PyWinTypes27.dll
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\select.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\unicodedata.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\win32api.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\win32com.shell.shell.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\win32crypt.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\win32event.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\win32file.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\win32gui.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\win32inet.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\win32pdh.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\win32pipe.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\win32process.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\win32profile.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\win32security.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\win32ts.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\windows._lib_cacheinvalidation.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\wx._animate.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\wx._controls_.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\wx._core_.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\wx._gdi_.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\wx._html2.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\wx._misc_.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\wx._windows_.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\wx._wizard.pyd
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\wxbase294u_net_vc90.dll
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\wxbase294u_vc90.dll
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\wxmsw294u_adv_vc90.dll
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\wxmsw294u_core_vc90.dll
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\wxmsw294u_html_vc90.dll
c:\users\Russ_Sally\AppData\Local\Temp\_MEI33362\wxmsw294u_webview_vc90.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-16 to 2014-11-16  )))))))))))))))))))))))))))))))
.
.
2014-11-09 10:28 . 2014-11-09 10:29 -------- d--h--w- c:\windows\AxInstSV
2014-11-08 11:52 . 2014-11-08 11:52 -------- d-----w- c:\windows\ERUNT
2014-11-08 11:42 . 2014-11-08 11:45 -------- d-----w- C:\AdwCleaner
2014-11-03 20:10 . 2014-11-14 21:54 -------- d-----w- C:\FRST
2014-11-03 11:50 . 2014-11-03 11:51 -------- d-----w- c:\users\Administrator\AppData\Roaming\Orbit
2014-11-03 11:50 . 2014-11-03 11:50 -------- d-----w- c:\users\Administrator\AppData\Roaming\ProgSense
2014-11-02 16:52 . 2014-11-02 16:52 -------- d-----w- c:\program files\iPod
2014-11-02 16:52 . 2014-11-02 16:53 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-02 16:52 . 2014-11-02 16:53 -------- d-----w- c:\program files\iTunes
2014-11-02 16:52 . 2014-11-02 16:53 -------- d-----w- c:\program files (x86)\iTunes
2014-11-02 16:49 . 2014-11-02 16:49 -------- d-----w- c:\users\Russ_Sally\AppData\Local\Aiseesoft Studio
2014-11-02 16:33 . 2014-11-02 16:34 -------- d-----w- c:\users\Russ_Sally\.shsh
2014-10-18 18:47 . 2014-10-18 18:47 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-10-18 18:47 . 2014-10-18 18:47 -------- d-----r- c:\program files (x86)\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-14 21:28 . 2012-10-12 22:42 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-14 21:28 . 2011-06-23 21:40 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-29 20:33 . 2014-07-16 20:02 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-01 11:11 . 2014-07-16 20:02 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 11:11 . 2014-07-16 20:02 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 11:11 . 2011-01-24 18:21 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-10-21 22869088]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-08-07 43816]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-08-14 43816]
"AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2014-08-04 1080104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2010-11-17 329096]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-07 4085896]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Russ_Sally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys;c:\windows\SYSNATIVE\Drivers\pssdk42.sys [x]
S1 PSSDKLBF;PSSDKLBF;c:\windows\system32\Drivers\pssdklbf.sys;c:\windows\SYSNATIVE\Drivers\pssdklbf.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-16 19:10 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-12 21:28]
.
2014-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-06 22:16]
.
2014-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-06 22:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-07 07:59 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-10-21 17:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 17:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 17:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-21 17:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-10-21 17:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-10-21 17:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2010-11-17 329096]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49549;https=127.0.0.1:49549
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Download all by FlashGet3 - c:\users\Russ_Sally\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\Russ_Sally\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Russ_Sally\AppData\Roaming\Mozilla\Firefox\Profiles\j3b7albc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
SafeBoot-MCODS
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2335476601-2564019851-3319116419-1001\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Users\\Russ_Sally\\Documents\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Users\\Russ_Sally\\Documents\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Users\\Russ_Sally\\Documents\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\Users\\Russ_Sally\\Documents\\Russ Docs\\FM Genie Scout 10\\History Points"
"LangDB"="c:\\Program Files (x86)\\Sports Interactive\\Football Manager 2010\\data\\updates\\update-1030\\db\\1030\\lang_db.dat"
"LastSaveGame"="c:\\Users\\Russ_Sally\\Documents\\Sports Interactive\\Football Manager 2010\\games\\STFC.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009f56
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000073
"UniqueID"="15-8280-E3BF"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
[HKEY_USERS\S-1-5-21-2335476601-2564019851-3319116419-1001\Software\G*e*n*i*e*"!\FM Genie Scout 13]
"GameDir"="c:\\FM Genie Scout 13\\games"
"ShortlistDir"="c:\\FM Genie Scout 13\\shortlists"
"FMPath"="c:\\Program Files (x86)\\Steam\\steamapps\\common\\Football Manager 2013\\"
"ScreenshotsDir"="c:\\FM Genie Scout 13"
"SaveDir"="c:\\FM Genie Scout 13\\"
"HistoryDir"="c:\\FM Genie Scout 13\\History Points"
"LangDB"="c:\\Program Files (x86)\\Steam\\steamapps\\common\\Football Manager 2013\\data\\db\\1300\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:0000a15b
"VersionOf201"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"ShowGuidNotification2"=dword:00000000
"ShowQuickGuideNotification"=dword:00000000
"ShowDonateNotification"=dword:00000000
"Version"=dword:00000152
"UniqueID"="15-8280-E3BF"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000006
"StaffSearchFeatureNum"=dword:00000001
"ClubSearchFeatureNum"=dword:00000002
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000000
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000000
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
"AdClicksNum"=dword:00000000
"AdImpressionsNum"=dword:0000000a
"GameLoadedCounter"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\07\01\17\16!&?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{C2D1EC2C-0A80-43C3-983B-2CE1457087B8}]
@DACL=(02 0000)
"DisplayName"="Bing"
"ShowSearchSuggestions"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
**************************************************************************
.
Completion time: 2014-11-16  22:03:40 - machine was rebooted
ComboFix-quarantined-files.txt  2014-11-16 22:03
.
Pre-Run: 125,448,167,424 bytes free
Post-Run: 125,252,956,160 bytes free
.
- - End Of File - - 6F020AA40E6E2B9D945AABA64ED472E3

  • 0

#15
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hello again thedarkprince,

 

Please download Malwarebytes' Anti-Malware from Here

  • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
  • During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;) :
    MBAM1_zps65d773c0.png
  • If an update is found, it will download and install the latest updates automatically:
    MBAM2_zps52e3211b.png
  • Now select the Settings tab > Detection and Protection (left list) and ensure the box next to Scan for rootkits has a tick in it:
    MBAM3_zps83324155.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    MBAM4_zpse3cd4a79.png
  • The scan may take some time to finish,so please be patient.
    MBAM5_zps36d7537b.png
  • When the scan is complete, it will show you the results. (This one is clean):
    MBAM65_zpsb0aa143c.png
  • Make sure that everything is checked, and click Quarantine All (or similar).
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
    MBAM7_zps782405f0.png
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy & Paste the entire contents of the report log in your next reply.

     

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
 

 


  • 0






Similar Topics


Also tagged with one or more of these keywords: Malware, Avast, Chrome.exe, IE

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP