Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

computer freezes, black screens and then restarts for no apparent reas

Started by Ricky_22 , Jan 13 2015 01:35 PM

This topic is locked

#1
Ricky_22

Posted 13 January 2015 - 01:35 PM

Member

Member
349 posts

GeekU Junior (Aura), on 14 Jan 2015 - 02:16 AM, said:

You have a lot of "dangerous" software installed. I refer to dangerous software that can harm your system due to the way they work or how to affect/modify it. Plus, I see that they are throwing a lot of errors in your Event Viewer. Therefore, I will ask you to uninstall the following software:

~~Uninstall Acrobat.com - Useless;~~

~~Uninstall Adobe AIR - Outdated. Security risk;~~

~~Uninstall Adobe Flash Player 15 ActiveX - Outdated. Security risk;~~

~~Uninstall Adobe Shockwave Player 11.5 - Outdated. Security risk;~~

~~Uninstall Ashampoo WinOptimizer 10 v.10.10 - Dangerous software, useless and not needed;~~

~~Uninstall Ashampoo WinOptimizer 11 - Dangerous software, useless and not needed;~~

~~Uninstall FLV Player 2.0 (build 25) - You have VLC media player, I don't know why FLV Player 2.0 would be needed;~~

~~Uninstall WinRAR 4.20 (32-bits) - Outdated.~~

~~Uninstall YouTube Downloader Toolbar v4.6 - Adware;~~

Disregard the instructions above, I'm leaving them here for a later purpose.

I see that you have a malicious program installed on your system, YouTube Download Toolbar v4.6, by Spigot. Seeing the programs you currently have installed, I wouldn't be surprised if you have more infection hidden on your system. Therefore, before assisting you with your issue, I'll ask you to get checked up by one of our Malware Removal Helper in the Virus, Spyware, Malware Removal section. All you have to do is to follow the instructions listed in this thread in order to start the assistance procedure. Once the helper have declared you clean, if the issues are still present, you are free to comeback here so I may assist you

Aura had me do a MiniToolBox scan from BleepingComputer.com -

I'll be using my PC normally, browsing or e-mailing when suddenly the comp just freezes, blacks out and then restarts ... got me quite baffled

This happens maybe twice or thrice a day, quite randomly, and sometimes at the most inappropriate times, like halfway through writing an e-mail or replying to a forum post - even when I'm just reading or checking something .............

Ricky

*****

OTL logfile created on: 14/01/2015 3:19:36 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.65% Memory free
4.00 Gb Paging File | 1.93 Gb Available in Paging File | 48.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 694.76 Gb Free Space | 74.58% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/01/14 02:28:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2014/12/04 02:05:25 | 000,110,160 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2014/11/22 09:48:26 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
PRC - [2014/08/22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/08/22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/08/22 12:41:00 | 000,974,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/06/16 08:19:54 | 000,223,624 | ---- | M] () -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe
PRC - [2014/06/16 08:19:52 | 003,516,808 | ---- | M] (Ashampoo Development GmbH & Co. KG) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner2.exe
PRC - [2014/01/09 09:26:32 | 000,367,016 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
PRC - [2014/01/09 09:26:32 | 000,264,616 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
PRC - [2013/07/15 12:39:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcCMService.exe
PRC - [2012/11/23 10:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/05 20:40:33 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/08/04 01:51:38 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/08/04 01:51:12 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2008/02/13 13:52:10 | 004,915,200 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

========== Modules (No Company Name) ==========

MOD - [2014/01/09 09:26:32 | 000,268,712 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImLookExU.dll
MOD - [2014/01/09 09:26:32 | 000,133,544 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImComUtlU.dll
MOD - [2014/01/09 09:26:32 | 000,080,296 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImAppRU.dll
MOD - [2014/01/09 09:26:32 | 000,072,104 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\wlessfp1.dll
MOD - [2014/01/09 09:26:32 | 000,033,128 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\IMHttpComm.dll
MOD - [2012/11/18 17:29:24 | 000,108,448 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\PMC.dll
MOD - [2009/05/11 16:24:06 | 000,168,960 | ---- | M] () -- C:\Program Files\MpcStar\Codecs\ratDVD\TRLDRP6.ax
MOD - [2009/03/04 18:38:38 | 002,625,536 | ---- | M] () -- C:\Program Files\MpcStar\Codecs\ffdshow\ffdshow.ax
MOD - [2007/12/21 18:01:46 | 000,139,264 | ---- | M] () -- C:\Windows\System32\RTCOM\RTLCPAPI.dll

========== Services (SafeList) ==========

SRV - [2014/12/10 23:24:17 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/22 09:55:14 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/08/22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/08/22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/06/16 08:19:54 | 000,223,624 | ---- | M] () [Auto | Running] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe -- (WO_LiveService2)
SRV - [2013/07/15 12:39:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2013/05/27 12:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/06 08:47:34 | 000,885,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe -- (WO_LiveService)
SRV - [2012/11/05 20:40:33 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2011/09/01 09:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/07/16 02:58:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/12/28 16:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/08/04 01:51:12 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2007/11/26 13:54:12 | 001,554,728 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Auto | Stopped] -- C:\Program Files\Ashampoo\Ashampoo UnInstaller 5\IFS32.sys -- (UI5IFS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - [2015/01/13 13:50:20 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{154459AD-EC37-4512-A923-F7EAEB8005EB}\MpKsl5e8e884c.sys -- (MpKsl5e8e884c)
DRV - [2014/07/17 18:05:08 | 000,095,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2014/03/20 03:51:44 | 000,014,088 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner32.sys -- (LiveTuner2PM)
DRV - [2013/10/02 08:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/07/15 12:38:46 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2013/07/15 12:38:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2012/11/05 20:40:33 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/08/23 22:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2011/11/28 14:51:44 | 000,032,896 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV - [2011/03/08 05:01:06 | 000,012,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor32.sys -- (LiveTunerPM)
DRV - [2010/08/04 02:21:44 | 006,096,384 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/08/04 01:15:30 | 000,214,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/02/03 17:34:04 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/02/01 12:11:31 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/08/19 09:58:10 | 000,347,904 | ---- | M] (Compro Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers⠀vid.sys -- (U2800Vid)
DRV - [2009/07/14 06:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/11/26 13:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/11/26 13:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/11/26 13:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/06/25 04:37:24 | 000,084,480 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/03/23 18:29:32 | 000,060,768 | ---- | M] (2Wire, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\2WirePCP.sys -- (2WIREPCP)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Owner\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...te={installDate}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...te={installDate}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...te={installDate}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...te={installDate}
IE - HKCU\..\SearchScopes,DefaultScope = {B157E6A5-6063-4608-85AB-AA683985F058}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com...archTerms}=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{B157E6A5-6063-4608-85AB-AA683985F058}: "URL" = https://www.google.c...?q={searchTerms}
IE - HKCU\..\SearchScopes\{E57E714C-9C9F-4C35-A2A9-78E24DF5945C}: "URL" = https://au.search.ya...&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Maps4PC_0c.com/Plugin: C:\Program Files\Maps4PC_0c\bar\1.bin\NP0cStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\0cffxtbr@Maps4PC_0c.com: C:\Program Files\Maps4PC_0c\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Babylon\Babylon-Pro\Utils\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AmiExt\flashEnhancer\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/02/11 10:06:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/02/11 10:06:00 | 000,000,000 | ---D | M]

[2014/12/02 22:04:27 | 000,003,116 | ---- | M] () -- \searchplugins\bing.xml
[2010/02/01 19:30:48 | 000,002,038 | ---- | M] () -- \searchplugins\MyStart Search.xml
File not found (No name found) -- C:\PROGRAM FILES\AMIEXT\FLASHENHANCER\FF

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Flash Saving = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlbemabjbfhjcccahjioenmkgimjbbkd\242\
CHR - Extension: Motive Extension = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.1_0\
CHR - Extension: Hola Better Internet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.4.431_0\
CHR - Extension: Shopping Helper = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlcphjankhppgohedpkjonpadimhaoof\1.1_0\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkgheilfbfelchagijdhnkimfpjgeep\2.0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: RoboForm = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.9.2_0\

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Ashampoo WinOptimizer Live-Tuner2] C:\Program Files\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner2.exe (Ashampoo Development GmbH & Co. KG)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [telstra_McciTrayApp] C:\Program Files\telstra\Toolkit\pcTrayApp.exe (Alcatel-Lucent)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Customize Menu - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found
O8 - Extra context menu item: Fill Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8 - Extra context menu item: Save Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: hola.org ([]http in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{246842DE-797F-4BF9-9856-10622A84D292}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF11A9A5-305F-4BAA-B81A-A5817B67F463}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (dfboottime \??\C:\Windows\System32\dfboottime.cfg)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/01/14 02:28:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2015/01/14 01:54:04 | 000,401,920 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\MiniToolBox.exe
[2015/01/10 21:14:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2015/01/10 00:27:50 | 000,000,000 | ---D | C] -- C:\Windows\en
[2015/01/10 00:21:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2015/01/10 00:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft OneDrive
[2015/01/10 00:16:38 | 000,000,000 | R--D | C] -- C:\Users\Owner\OneDrive
[2014/12/28 03:09:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Kromtech
[2014/12/28 03:09:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Zeoinsight
[2014/12/28 03:09:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ZBAnalyticsCore
[2014/12/28 03:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kromtech
[2014/12/19 13:26:44 | 005,317,104 | ---- | C] (Piriform Ltd) -- C:\Users\Owner\Desktop\ccsetup501.exe
[2014/10/20 15:09:09 | 016,254,368 | ---- | C] (Siber Systems) -- C:\Users\Owner\RoboForm-Setup-cnetc (2).exe
[2014/09/05 17:53:33 | 016,335,416 | ---- | C] (Siber Systems) -- C:\Users\Owner\RoboForm-Setup-cnetc.exe
[2010/03/14 09:57:48 | 002,942,176 | ---- | C] (Siber Systems) -- C:\Users\Owner\AiRoboForm-cnetc.exe
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/01/14 03:11:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/14 02:28:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2015/01/14 02:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/14 01:54:10 | 000,401,920 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\MiniToolBox.exe
[2015/01/13 16:04:58 | 000,018,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/13 16:04:58 | 000,018,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/13 16:01:37 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/13 15:57:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/12 05:50:53 | 005,471,529 | ---- | M] () -- C:\Users\Owner\NASASpacescapes.themepack
[2015/01/12 05:39:52 | 011,278,409 | ---- | M] () -- C:\Users\Owner\Reflections.themepack
[2015/01/12 05:37:56 | 015,166,732 | ---- | M] () -- C:\Users\Owner\PanoramicAnimals (1).deskthemepack
[2015/01/12 05:36:56 | 015,166,732 | ---- | M] () -- C:\Users\Owner\PanoramicAnimals.deskthemepack
[2015/01/12 05:35:28 | 014,095,110 | ---- | M] () -- C:\Users\Owner\ButterfliesMayurKotlikar.themepack
[2015/01/12 05:34:01 | 015,166,726 | ---- | M] () -- C:\Users\Owner\IndianWildlifeMayurKotlikar.themepack
[2015/01/12 05:32:27 | 012,097,477 | ---- | M] () -- C:\Users\Owner\AfricanWildlife.themepack
[2015/01/12 05:29:45 | 005,410,226 | ---- | M] () -- C:\Users\Owner\EscapeHuynhNhuNguyenMinhTruc.themepack
[2015/01/03 10:03:52 | 000,001,241 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 15.lnk
[2014/12/29 19:50:06 | 000,001,340 | ---- | M] () -- C:\Users\Owner\Documents\cc_20141229_194957.reg
[2014/12/21 01:07:36 | 009,236,757 | ---- | M] () -- C:\Users\Owner\RavensAndCrows.themepack
[2014/12/19 13:27:40 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/12/19 13:27:17 | 005,317,104 | ---- | M] (Piriform Ltd) -- C:\Users\Owner\Desktop\ccsetup501.exe
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/01/12 05:50:47 | 005,471,529 | ---- | C] () -- C:\Users\Owner\NASASpacescapes.themepack
[2015/01/12 05:39:42 | 011,278,409 | ---- | C] () -- C:\Users\Owner\Reflections.themepack
[2015/01/12 05:37:35 | 015,166,732 | ---- | C] () -- C:\Users\Owner\PanoramicAnimals (1).deskthemepack
[2015/01/12 05:36:38 | 015,166,732 | ---- | C] () -- C:\Users\Owner\PanoramicAnimals.deskthemepack
[2015/01/12 05:35:15 | 014,095,110 | ---- | C] () -- C:\Users\Owner\ButterfliesMayurKotlikar.themepack
[2015/01/12 05:33:41 | 015,166,726 | ---- | C] () -- C:\Users\Owner\IndianWildlifeMayurKotlikar.themepack
[2015/01/12 05:32:15 | 012,097,477 | ---- | C] () -- C:\Users\Owner\AfricanWildlife.themepack
[2015/01/12 05:29:37 | 005,410,226 | ---- | C] () -- C:\Users\Owner\EscapeHuynhNhuNguyenMinhTruc.themepack
[2015/01/10 00:26:03 | 000,001,221 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2015/01/10 00:16:36 | 000,002,174 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
[2015/01/03 10:03:52 | 000,001,241 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 15.lnk
[2014/12/29 19:49:59 | 000,001,340 | ---- | C] () -- C:\Users\Owner\Documents\cc_20141229_194957.reg
[2014/12/21 01:07:27 | 009,236,757 | ---- | C] () -- C:\Users\Owner\RavensAndCrows.themepack
[2014/12/02 22:03:15 | 000,004,648 | ---- | C] () -- C:\Windows\System32\LavasoftTcpService.ini
[2014/12/02 22:03:15 | 000,002,480 | ---- | C] () -- C:\Windows\System32\LavasoftTcpServiceOff.ini
[2014/11/09 19:24:23 | 000,000,165 | ---- | C] () -- C:\Windows\Reimage.ini
[2014/10/20 18:57:27 | 000,081,408 | ---- | C] () -- C:\Windows\System32\dfboottime.exe
[2014/10/03 15:13:49 | 006,029,312 | ---- | C] () -- C:\Users\Owner\Photobucket.x86.msi
[2014/09/11 19:44:04 | 000,003,584 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/07/14 11:05:34 | 000,001,262 | ---- | C] () -- C:\Users\Owner\Ashampoo® UnInstaller 5.lnk
[2014/02/11 09:56:05 | 000,164,786 | ---- | C] () -- C:\Windows\hpoins13.dat
[2014/02/11 09:56:05 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat
[2014/02/11 09:47:41 | 219,873,664 | ---- | C] () -- C:\Users\Owner\PS_AIO_C4200_NonNet_Full_Win_WW_130_140.exe
[2013/04/01 19:07:05 | 000,026,108 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2011/07/14 09:42:22 | 000,000,104 | ---- | C] () -- C:\Users\Owner\Internet - Shortcut.lnk

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 09:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/11/01 09:25:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AnvSoft
[2015/01/03 10:16:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ashampoo
[2015/01/10 12:45:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitComet
[2014/02/18 17:21:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
[2011/07/16 01:01:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CD-LabelPrint
[2013/02/11 20:04:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Easy Thumbnails
[2012/07/09 11:12:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Go PDF Reader
[2011/07/16 01:01:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ImgBurn
[2014/12/02 21:55:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenCandy
[2013/08/03 11:59:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RoboForm
[2013/07/13 11:55:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SumatraPDF
[2014/12/26 07:16:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TigerPlayer
[2015/01/10 21:14:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:BF3D62E7

< End of report >

There is also this "OTL Extras txt"

OTL Extras logfile created on: 14/01/2015 3:19:36 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.65% Memory free
4.00 Gb Paging File | 1.93 Gb Available in Paging File | 48.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 694.76 Gb Free Space | 74.58% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = CHM] -- C:\Program Files\Go PDF Reader\GoPDFReader.exe (Download Manager Ltd.)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032F8443-A3F9-401F-BBAE-338E20F842D5}" = lport=138 | protocol=17 | dir=in | app=system |
"{04B3EB28-11B7-4215-BB5E-D39588C89659}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0F356C19-83A1-419E-A9E4-0517CC6F88F5}" = lport=8744 | protocol=6 | dir=in | name=bitcomet 8744 tcp |
"{187290ED-E10A-4167-BFAF-D734D713388E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2C6936AC-4565-4A67-AA66-5346F7BADA0C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{33D59C28-6226-4071-9E97-0D2633FFB3A6}" = lport=15081 | protocol=6 | dir=in | name=bitcomet 15081 tcp |
"{350B020C-8910-4F57-B51E-2E582F3EB0A1}" = rport=139 | protocol=6 | dir=out | app=system |
"{3897C1BE-1643-4A4F-ACED-B93F77ADA0E6}" = lport=8744 | protocol=17 | dir=in | name=bitcomet 8744 udp |
"{3947569E-68A8-4868-8D4D-B5964C378125}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4538C2A6-D881-47CD-863D-75A5B96F82BA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{45E1AF92-C1A2-4E34-A305-882F1518B390}" = lport=19898 | protocol=17 | dir=in | name=bitcomet 19898 udp |
"{48B3C855-37D0-4836-9B83-261DDA88FBDD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B6380A4-752A-44D3-A1F0-73CE7DC6EF01}" = lport=139 | protocol=6 | dir=in | app=system |
"{50230824-DB16-4B71-A099-6BEB8F2EC5BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{522A0B4B-A323-44FE-84CC-52AF9F591779}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{5BD865F1-0C01-48A3-A9DA-89DE0A038B45}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5FA6DECE-C167-4A53-A0A8-DE68725BCBB2}" = lport=19898 | protocol=6 | dir=in | name=bitcomet 19898 tcp |
"{62073BA1-0C00-4122-9D03-ABF0B54D7A5F}" = lport=15081 | protocol=17 | dir=in | name=bitcomet 15081 udp |
"{63D75030-22BA-4491-99E6-9F79E065111F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{72059D5C-C5BA-4915-98DB-71C9481541D7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8086BBD2-5AF8-408A-8BF9-2EA0BBA6C355}" = rport=138 | protocol=17 | dir=out | app=system |
"{8637308F-40C9-4940-93C7-9FC700B57751}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95EF5F9C-CEE0-45FB-8C75-9BFC2BD42257}" = lport=15081 | protocol=6 | dir=in | name=bitcomet 15081 tcp |
"{9E350EBE-8C71-4260-B465-8AA7B1C1BE54}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A17124E6-E733-4503-A5F3-D4ED57512D39}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ABF1C57A-63CA-4E07-9C94-A5C3758A5F28}" = lport=15081 | protocol=17 | dir=in | name=bitcomet 15081 udp |
"{B5F73457-84E8-4D78-8C8F-8B760D5D33EA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA839CBD-CCA5-4D88-88A5-B37F2A23F7E6}" = rport=445 | protocol=6 | dir=out | app=system |
"{C4910CAD-785A-4ED9-ACD4-E995870D7454}" = lport=445 | protocol=6 | dir=in | app=system |
"{DC828AFD-259E-40D6-AB95-2C12DBB439BD}" = lport=137 | protocol=17 | dir=in | app=system |
"{E3816C70-F398-48BA-815C-371898CB4C22}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E7A0A12C-C6BC-45A3-8E4E-8956061C3832}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F6820251-A8B4-4AF7-BA8A-0183B475E4EC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F96BA2C1-2392-4B13-A70B-F918F25E4C14}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0637203B-E62C-41A2-AA3E-7987EAF80FB6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{0896178B-56A9-4508-A6A6-3D4A5F16A3A9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{0C5A958B-BE6D-4964-982F-AC614A2B8E9A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{0EDB084D-D4E7-4F43-B034-EC86A9CE793B}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{17D1F40E-033E-402B-B3F1-3FC173961749}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{183EF8A5-AE32-4707-8D74-78039396C39C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{29088191-EDB6-4A4C-9FEF-84407AFD63CF}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{33912DE8-4960-4B5F-A617-AF95A2F1B025}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39A39D3E-BB3A-4704-8BC4-9841961AC735}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{3DEBBB95-067F-48C7-8FF4-D022BEA89FDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{40F158CC-0EF8-458B-A35A-0D608D03F2D0}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{4372EBAF-776F-4A75-93C3-02F3EC8D99D9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{53E1C420-7FCD-4030-9C7C-B1D02F076A3E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{62929EB5-C1BA-4DF7-B83B-8937E983A7DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{62E2A266-8AC5-4D83-B49F-206890866B30}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{643E3C36-F5CE-443F-B3A4-58117513B92A}" = protocol=58 | dir=in | [email protected],-28545 |
"{6D234E15-8929-40DE-8399-C619C5898E1B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{762F14D4-5324-4549-8326-17DCEE6ED3D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{77A596CD-8690-4CA8-B66C-BF42EB32E05F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{79EC946D-3858-44EE-8C12-DFFAE8FD9804}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{89BB5383-4343-4508-8B93-7370167C9D71}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{8AE2A909-3E45-4EF8-B371-EA64E3E5E841}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{8D41071B-0DDB-44C1-A573-D160729857E1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{90019F24-C9B5-4388-9651-3C5E87EF00A4}" = protocol=6 | dir=out | app=system |
"{933C9B84-A0A4-4675-9B8F-4B9C601989C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9655FCD9-15BF-47EE-BE4A-16FBE795E5EC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{99480236-FD3F-4E9D-83D2-8EDC417EFEDE}" = protocol=58 | dir=out | [email protected],-28546 |
"{9A05E165-EE2F-4FCE-9193-B8617DBB414D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A756FEA1-C7B8-4AFC-885F-F1BE5C75B703}" = protocol=1 | dir=in | [email protected],-28543 |
"{A770B7CF-51DA-471C-A8A6-4FBB84C7E3BA}" = dir=in | app=c:\users\owner\appdata\local\microsoft\skydrive\skydrive.exe |
"{AD5F7EFD-4D77-4E27-86CD-FCF2BBA11CAA}" = protocol=1 | dir=out | [email protected],-28544 |
"{AE329D1F-A6CB-45A2-8BEB-5A1339A9C6B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF14C0A4-A173-4572-B7A7-ED4EF2447CE3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF3C52FD-F40F-4A86-BDC9-A8EDB38D5E74}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{B53D8490-4C77-456D-9F1D-AD97DD78C729}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{BD3458B6-672C-4002-BB12-FC98D0D78671}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{BFD1A195-22BF-4B0B-B661-E27FD70117B7}" = protocol=17 | dir=in | app=c:\program files\adobe\acrobat 4.0\reader\acrord32.exe |
"{E0A8F54E-508A-469B-BE29-478C15E17A77}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{E15484A7-82CB-4546-B8EF-B75198EA50AE}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{EE573F82-ACA4-43DE-907E-1DC0D4C20E9A}" = protocol=6 | dir=in | app=c:\program files\adobe\acrobat 4.0\reader\acrord32.exe |
"{F84EAB40-F425-4BBB-A7AF-CFE528D1A1F7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{F8A50858-58BE-4223-9968-187E3469AD59}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"TCP Query User{294FD7B7-0BF1-4804-9B8C-44AC4E0A5450}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{38B99604-D6CB-4B7D-99A4-51542332812F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{5ADFBF5B-904C-4D44-BAFD-F1D8CC81C7E1}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{D25C8134-6F41-414D-8BAB-CD7497916758}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0556D590-2A24-4CE5-A64E-46E99F078885}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{137FBEB4-7013-479D-80C2-F46CB1BA5A5F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7304F280-1C2D-4070-851B-815A502D31A9}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{8CA4C3C3-C36E-4A9A-BC14-43C54916470B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}" = Windows Live Writer Resources
"{107F27B7-8EE4-4B3A-9CE5-497B120369DC}" = Microsoft Security Client
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series" = Canon MG2500 series MP Drivers
"{14BC5667-22B0-4DC4-8205-597053BBDDC9}" = HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1B7D12BE-D1D8-4CCE-A01B-43CAFF8ECA9B}" = C4200
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{27C0CED3-E9FA-4EA0-96AA-FAECE5F81033}" = Nero 7 Essentials
"{286DDBD0-6355-428F-8BD5-822CF08606EC}" = Windows Live MIME IFilter
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{4209F371-88D4-AB00-ED2B-D6520C84D9D5}_is1" = Ashampoo WinOptimizer 10 v.10.1.0
"{4209F371-8D72-8119-66FA-897D2D41E27F}_is1" = Ashampoo WinOptimizer 11
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5F8D5450-5BD8-4B8A-A1DE-8326C0395D5D}" = PS_AIO_Software_min
"{6152DEA9-EA0C-4013-9DBF-4A8881A7F722}" = Windows Live Family Safety
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72A7495B-18CD-4751-AC38-5DBED9C6B1E7}" = YouTube Downloader Toolbar v4.6
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}" = Data Lifeguard Diagnostic for Windows
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{91B33C97-5B38-0A92-D04A-A0F26F3F87D4}_is1" = Ashampoo Burning Studio 15 v.15.0.2
"{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1" = Ashampoo Burning Studio 14
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2DC527D-FA79-46E9-973F-920897CA55E9}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}" = Windows Live Mail
"{BAD984EE-790E-4513-A428-3BE2D426DCA7}" = Windows Live Messenger
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C74DCAC0-DDB3-4135-A70C-0553BF9490BC}" = Windows Live Family Safety
"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery
"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DA427272-904E-4EC2-BCC8-07B39B8EFA78}" = PC DVR-4-Net
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help
"{E703613B-BDAB-433E-A66A-DE0263E3D35D}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F9C62746-BB57-48B2-853D-38DE983A703C}" = IncrediMail
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AI RoboForm" = RoboForm 7-9-11-5 (All Users)
"Any Video Converter Ultimate_is1" = Any Video Converter Ultimate 4.6.0
"Any Video Converter_is1" = Any Video Converter 5.7.3
"Ashampoo Burning Studio 8_is1" = Ashampoo Burning Studio 8.09
"BitComet" = BitComet 1.35
"Canon MG2500 series On-screen Manual" = Canon MG2500 series On-screen Manual
"Canon My Image Garden" = Canon My Image Garden
"Canon My Image Garden Design Files" = Canon My Image Garden Design Files
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Defraggler" = Defraggler
"E2D312050E630E0CB2650D738A53820EE8BB1A95" = Windows Driver Package - 2Wire (2WIREPCP) Net (03/22/2007 2.0)
"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FLV Player" = FLV Player 2.0 (build 25)
"Google Chrome" = Google Chrome
"GoPDFReader" = Go PDF Reader
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ImgBurn" = ImgBurn
"IncrediMail" = IncrediMail 2.0
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft Security Client" = Microsoft Security Essentials
"MpcStar" = MpcStar 5.3
"Speccy" = Speccy
"SumatraPDF" = SumatraPDF
"telstra" = My Online Toolkit
"VLC media player" = VLC media player
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/01/2015 2:49:01 PM | Computer Name = Owner-PC | Source = ESENT | ID = 455
Description = taskhost (2912) WebCacheLocal: Error -1811 occurred while opening
logfile C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V0101D91.log.

Error - 12/01/2015 3:14:09 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Nero\Nero
7\InCD\InCDgui.dll".Error in manifest or policy file "C:\Program Files\Nero\Nero
7\InCD\InCDgui.dll" on line 2. Invalid Xml syntax.

Error - 12/01/2015 3:14:09 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Nero\Nero
7\InCD\InCDUP.dll".Error in manifest or policy file "C:\Program Files\Nero\Nero
7\InCD\InCDUP.dll" on line 2. Invalid Xml syntax.

Error - 12/01/2015 3:14:09 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Nero\Nero
7\InCD\InCDshx.dll".Error in manifest or policy file "C:\Program Files\Nero\Nero
7\InCD\InCDshx.dll" on line 2. Invalid Xml syntax.

Error - 12/01/2015 3:14:09 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Nero\Nero
7\InCD\NBHStr.dll".Error in manifest or policy file "C:\Program Files\Nero\Nero
7\InCD\NBHStr.dll" on line 2. Invalid Xml syntax.

Error - 13/01/2015 3:58:56 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/01/2015 11:54:24 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Nero\Nero
7\InCD\InCDgui.dll".Error in manifest or policy file "C:\Program Files\Nero\Nero
7\InCD\InCDgui.dll" on line 2. Invalid Xml syntax.

Error - 13/01/2015 11:54:24 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Nero\Nero
7\InCD\InCDUP.dll".Error in manifest or policy file "C:\Program Files\Nero\Nero
7\InCD\InCDUP.dll" on line 2. Invalid Xml syntax.

Error - 13/01/2015 11:54:24 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Nero\Nero
7\InCD\InCDshx.dll".Error in manifest or policy file "C:\Program Files\Nero\Nero
7\InCD\InCDshx.dll" on line 2. Invalid Xml syntax.

Error - 13/01/2015 11:54:24 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Nero\Nero
7\InCD\NBHStr.dll".Error in manifest or policy file "C:\Program Files\Nero\Nero
7\InCD\NBHStr.dll" on line 2. Invalid Xml syntax.

[ Media Center Events ]
Error - 2/02/2010 3:57:34 AM | Computer Name = Owner-PC | Source = ehRecvr | ID = 4
Description = Media Center is unable to communicate with the TV tuner . See ErrorCode
0x8007064a for more information.

Error - 2/02/2010 3:57:34 AM | Computer Name = Owner-PC | Source = ehRecvr | ID = 4
Description = Media Center is unable to communicate with the TV tuner . See ErrorCode
0x8007064a for more information.

Error - 2/02/2010 3:57:37 AM | Computer Name = Owner-PC | Source = ehRecvr | ID = 4
Description = Media Center is unable to communicate with the TV tuner PCDVR3101_3104
Tuner. See ErrorCode 0x80004005 for more information.

[ System Events ]
Error - 12/01/2015 2:46:42 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The Ashampoo Uninstaller 5 FileSystemChanges Driver service failed
to start due to the following error:   %%3

Error - 12/01/2015 2:47:15 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   sptd

Error - 12/01/2015 10:37:29 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 13/01/2015 3:57:00 AM | Computer Name = Owner-PC | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 13/01/2015 3:57:09 AM | Computer Name = Owner-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 13/01/2015 3:57:09 AM | Computer Name = Owner-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 13/01/2015 3:57:25 AM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:55:30 PM on ?1/?13/?2015 was unexpected.

Error - 13/01/2015 3:57:14 AM | Computer Name = Owner-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 13/01/2015 3:57:19 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The Ashampoo Uninstaller 5 FileSystemChanges Driver service failed
to start due to the following error:   %%3

Error - 13/01/2015 3:57:53 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   sptd

< End of report >

Thank you so much for your time

Ricky

Edited by Ricky_22, 13 January 2015 - 08:48 PM.

#2
Naathim

Posted 14 January 2015 - 01:22 AM

GeekU Minion

Expert
4,568 posts

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat

Before we start please note the following:

Analysis and research take some time, also sometimes real life gets in the way, please be patient.

Limit your internet access to posting here, some infections just wait to steal typed-in passwords.

Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.

Paste the logs in your posts, attachments make my work harder and more complicated.

Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.

Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight!

I believe there are more issues here than are visible currently. Probably you'll have to upgrade firmware and follow it up with a clean Windows install. I'll take down what I see and ask a colleague to consult some of those.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.

In the main box please paste in the following script:

createsrpoint;
iedefaults;
{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9};c
firefoxlook;
chromelook;
autoclean;
C:\Program Files\Babylon;fs
emptyclsid;

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!

Please include their content in your next reply.

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
When the tool opens click Yes to disclaimer.
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

#3
Ricky_22

Posted 14 January 2015 - 02:20 AM

Member

Topic Starter
Member
349 posts

Thank you very much for your time Naat.

Zoek.exe v5.0.0.0 Updated 13-01-2015
Tool run by Owner on Wed 14/01/2015 at 15:48:29.48.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Owner\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
14/01/2015 3:51:31 PM Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\Program Files\AmiExt deleted successfully
C:\Program Files\DriverUpdate deleted successfully
C:\Program Files\FLV_Runner deleted successfully
C:\Program Files\MALWAREBYTES ANTI-MALWARE deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\SUPERAntiSpyware deleted successfully
C:\Program Files\YoutubeAdBlocke deleted successfully
C:\Program Files\Common Files\Apple deleted successfully
C:\PROGRA~2\boost_interprocess deleted successfully
C:\PROGRA~2\YoutubeAdBlocke deleted successfully
C:\Users\Owner\AppData\Roaming\HpUpdate deleted successfully
C:\Users\Owner\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\Owner\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Owner\AppData\Local\CrashDumps deleted successfully
C:\Users\Owner\AppData\Local\PackageAware deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully
HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E57E714C-9C9F-4C35-A2A9-78E24DF5945C} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15F149F6-F6C6-41C6-8BE-C1C9897AE5} deleted successfully
HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A0BE1A1-32F9-4CA6-A6C0-DCB95840DFFD} deleted successfully
HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{288894FF-9C68-4D26-A814-51D1F52E2C21} deleted successfully
HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37A200D6-311E-47A7-BE82-521CF9C13E32} deleted successfully
HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40864D6E-712F-47DD-A750-389CF53C8C73} deleted successfully
HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65C422FF-45D9-4A38-BE2-3CCECFC4575} deleted successfully
HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AA1EC7D-85E6-42E5-89F3-18E751CD2147} deleted successfully
HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6D2FDA79-2AE1-43B2-92C1-80EF4C15DBD8} deleted successfully
HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77D9B4D4-690B-4115-A833-B8F9146455A4} deleted successfully
HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98562CAB-E545-4A91-8EBD-1CB7E2C85020} deleted successfully
HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9E9490F3-CF83-451A-ABBA-B04B88948C4E} deleted successfully
HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB4FA293-568D-4081-9B7B-4884AACBBCAE} deleted successfully
HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B87317DB-5F36-457F-BD99-8B4262E1EEA4} deleted successfully
HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C160A7CA-F231-4DA5-ADB6-F3B69DB4C4} deleted successfully
HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} deleted successfully
HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9F4E55B-1C6-4C23-8021-58D99937CE5} deleted successfully
HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EA1391F5-A757-4751-A5D5-804C8D7E52FB} deleted successfully
HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9E7EA9E-281D-4886-8A6-2239E834CEB} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} deleted successfully
HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\0cffxtbr@Maps4PC_0c.com deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\[email protected] deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\[email protected] deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater13.2.0 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater13.2.0 deleted successfully
==== Deleting Files \ Folders ======================
C:\Program Files\Babylon not found
C:\PROGRA~2\23405448 deleted
C:\Users\Owner\AppData\Local\SwvUpdater deleted
C:\Program Files\Photo Notifier and Animation Creator deleted
C:\Program Files\RegGenie deleted
C:\Program Files\Yahoo! deleted
C:\Program Files\IB Updater deleted
C:\Program Files\globalUpdate deleted
C:\Program Files\Common Files\AVG Secure Search deleted
C:\extensions.sqlite deleted
C:\extensions.ini deleted
C:\prefs.js deleted
C:\found.000 deleted
C:\Users\Owner\AppData\Roaming\OpenCandy deleted
C:\PROGRA~2\Yahoo! deleted
C:\PROGRA~2\Yahoo! Companion deleted
C:\PROGRA~2\FreeWorldApp deleted
C:\PROGRA~2\Kromtech deleted
C:\PROGRA~2\Uniblue\DriverScanner deleted
C:\PROGRA~2\YTD Video Downloader deleted
C:\PROGRA~2\Uniblue deleted
C:\PROGRA~2\InstallMate deleted
C:\Users\Owner\AppData\Local\Kromtech deleted
C:\Users\Owner\AppData\Local\globalUpdate deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader deleted
C:\Users\Owner\AppData\LocalLow\AVGTOOLBAR deleted
C:\Users\Owner\AppData\LocalLow\Yahoo! deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\Reimage.ini deleted
C:\Windows\system32\Tasks\LaunchSignup deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Users\Public\Desktop\YTD Video Downloader.lnk deleted
C:\Users\Owner\AiRoboForm-cnetc.exe deleted
C:\Users\Owner\PS_AIO_C4200_NonNet_Full_Win_WW_130_140.exe deleted
C:\Users\Owner\RoboForm-Setup-cnetc (2).exe deleted
C:\Users\Owner\RoboForm-Setup-cnetc.exe deleted
"C:\PROGRA~2\e800f8586a510d8a\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.20141111000821" deleted
"C:\PROGRA~2\e800f8586a510d8a\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.20141120112408" deleted
"C:\PROGRA~2\e800f8586a510d8a\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}.20141111000834" deleted
"C:\PROGRA~2\e800f8586a510d8a\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141111000732" deleted
"C:\PROGRA~2\e800f8586a510d8a" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [11/02/2014 10:06 AM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [11/02/2014 10:06 AM]
==== Fake Chromium Profiles Check ======================
Fake profile C:\Users\Administrator\AppData\Local\Torch deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Administrator\AppData\Local\Chromatic Browser deleted
Fake profile C:\Users\Guest\AppData\Local\Torch deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Guest\AppData\Local\Chromatic Browser deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Torch deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser deleted
Fake profile C:\Users\Owner\AppData\Local\Torch deleted
Fake profile C:\Users\Owner\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Owner\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Owner\AppData\Local\Chromatic Browser deleted
==== Chromium Look ======================
Google Chrome Version: 38.0.2125.111 (Possible outdated, latest Stable version: 39.0.2171.99)
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
edmgmpmklgfbohogafcfobonnkogchec - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx[10/10/2013 11:20 AM]
pnlccmojcmeohlpggmfnbbiapkmbliob - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx[04/12/2014 02:05 AM]
Google Docs - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Flash Saving - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlbemabjbfhjcccahjioenmkgimjbbkd
Motive Extension - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec
Hola Better Internet - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
Shopping Helper - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlcphjankhppgohedpkjonpadimhaoof
Google Wallet - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GoSave - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkgheilfbfelchagijdhnkimfpjgeep
Gmail - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
RoboForm - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob
==== Chromium Fix ======================
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlcphjankhppgohedpkjonpadimhaoof deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlcphjankhppgohedpkjonpadimhaoof deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlbemabjbfhjcccahjioenmkgimjbbkd deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlbemabjbfhjcccahjioenmkgimjbbkd_0.localstorage deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkgheilfbfelchagijdhnkimfpjgeep deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com.au/"
"Search Page"="http://feed.snapdo.c...te={installDate}"
"Search Bar"="http://feed.snapdo.c...te={installDate}"
"Use Search Asst"="yes"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://feed.snapdo.c...te={installDate}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://feed.snapdo.c...te={installDate}"
"SearchAssistant"="http://feed.snapdo.c...te={installDate}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft....k/?LinkId=54896"
"Search Bar"="http://go.microsoft....k/?LinkId=54896"
"Start Page"="http://google.com.au/"
"Use Search Asst"="no"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft....k/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn...st/srchasst.htm"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{B157E6A5-6063-4608-85AB-AA683985F058}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.co...?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/...&q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.co...g}&sourceid=ie7"
{B157E6A5-6063-4608-85AB-AA683985F058} Google Url="https://www.google.c...?q={searchTerms}"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_ROC_NT deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt deleted successfully
==== Empty IE Cache ======================
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=196 folders=73 280372088 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Owner\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Owner\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on Wed 14/01/2015 at 16:05:40.15 ======================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
Ran by Owner (administrator) on OWNER-PC on 14-01-2015 16:13:57
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Ashampoo Development GmbH & Co. KG) C:\Program Files\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
(IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\IncMail.exe
(IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\ImApp.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4915200 2008-02-13] (Realtek Semiconductor)
HKLM\...\Run: [telstra_McciTrayApp] => C:\Program Files\telstra\Toolkit\pcTrayApp.exe [1992192 2013-07-15] (Alcatel-Lucent)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Ashampoo WinOptimizer Live-Tuner2] => C:\Program Files\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner2.exe [3516808 2014-06-16] (Ashampoo Development GmbH & Co. KG)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-754179056-1382982999-2036298953-1000\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-12-04] (Siber Systems)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: dfboottime \??\C:\Windows\System32\dfboottime.cfgautocheck autochk *
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.au/
SearchScopes: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> DefaultScope {B157E6A5-6063-4608-85AB-AA683985F058} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...&q={searchTerms}
SearchScopes: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> {B157E6A5-6063-4608-85AB-AA683985F058} URL = https://www.google.c...?q={searchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @Maps4PC_0c.com/Plugin -> C:\Program Files\Maps4PC_0c\bar\1.bin\NP0cStub.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 -> C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin: @veetle.com/vbp;version=0.9.17 -> C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKU\S-1-5-21-754179056-1382982999-2036298953-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-02-01]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-02-11]
FF HKU\S-1-5-21-754179056-1382982999-2036298953-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-16]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-26]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-26]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-26]
CHR Extension: (Motive Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2014-06-26]
CHR Extension: (Hola Better Internet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-09-01]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-16]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-26]
CHR Extension: (RoboForm) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-07-24]
CHR HKLM\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx [2013-10-10]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-15]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-09-01] ()
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [1554728 2007-11-26] (Nero AG)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [369152 2013-07-15] (Alcatel-Lucent) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-14] ()
S3 WO_LiveService; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe [885096 2013-03-06] ()
R2 WO_LiveService2; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe [223624 2014-06-16] ()
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 2WIREPCP; C:\Windows\System32\DRIVERS\2WirePCP.sys [60768 2007-03-23] (2Wire, Inc.)
R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [32896 2011-11-28] (AnvSoft Inc.) [File not signed]
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [26984 2012-11-05] (AVG Technologies)
S3 gdrv; C:\Windows\gdrv.sys [16608 2010-02-01] (Windows ® 2000 DDK provider)
S4 InCDfs; C:\Windows\System32\drivers\InCDFs.sys [118952 2007-11-26] (Nero AG)
R1 InCDPass; C:\Windows\System32\drivers\InCDPass.sys [36776 2007-11-26] (Nero AG)
R1 incdrm; C:\Windows\System32\drivers\InCDRm.sys [38440 2007-11-26] (Nero AG)
R2 LiveTuner2PM; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner32.sys [14088 2014-03-20] ()
R2 LiveTunerPM; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor32.sys [12696 2011-03-08] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2013-07-15] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2013-07-15] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2010-02-03] (Duplex Secure Ltd.)
S3 U2800Vid; C:\Windows\System32\DRIVERS⠀Vid.sys [347904 2009-08-19] (Compro Technology, Inc.)
S3 cpuz134; \??\C:\Users\Owner\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
U3 DfSdkS; No ImagePath
R1 MpKsl46e192bc; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{164A6549-EF70-4AE4-8082-A5E0057C8640}\MpKsl46e192bc.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S2 UI5IFS; \??\C:\Program Files\Ashampoo\Ashampoo UnInstaller 5\IFS32.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-14 16:13 - 2015-01-14 16:14 - 00016281 _____ () C:\Users\Owner\Desktop\FRST.txt
2015-01-14 16:13 - 2015-01-14 16:14 - 00000000 ____D () C:\FRST
2015-01-14 16:12 - 2015-01-14 16:13 - 01115648 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2015-01-14 16:04 - 2015-01-14 16:04 - 00000328 _____ () C:\Windows\PFRO.log
2015-01-14 16:02 - 2015-01-14 15:48 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-01-14 15:50 - 2015-01-14 16:05 - 00018827 _____ () C:\zoek-results.log
2015-01-14 15:48 - 2015-01-14 16:01 - 00000000 ____D () C:\zoek_backup
2015-01-14 15:47 - 2015-01-14 15:47 - 01295360 _____ () C:\Users\Owner\Downloads\zoek.exe
2015-01-14 02:35 - 2015-01-14 03:23 - 00059268 _____ () C:\Users\Owner\Desktop\Extras.Txt
2015-01-14 02:34 - 2015-01-14 03:22 - 00074628 _____ () C:\Users\Owner\Desktop\OTL.Txt
2015-01-14 02:28 - 2015-01-14 02:28 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2015-01-14 01:54 - 2015-01-14 01:54 - 00401920 _____ (Farbar) C:\Users\Owner\Desktop\MiniToolBox.exe
2015-01-14 01:54 - 2015-01-14 01:54 - 00017870 _____ () C:\Users\Owner\Desktop\Result.txt
2015-01-13 02:46 - 2015-01-14 16:05 - 00095712 _____ () C:\Windows\setupact.log
2015-01-13 02:46 - 2015-01-13 02:46 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-12 05:50 - 2015-01-12 05:50 - 05471529 _____ () C:\Users\Owner\NASASpacescapes.themepack
2015-01-12 05:39 - 2015-01-12 05:39 - 11278409 _____ () C:\Users\Owner\Reflections.themepack
2015-01-12 05:37 - 2015-01-12 05:37 - 15166732 _____ () C:\Users\Owner\PanoramicAnimals (1).deskthemepack
2015-01-12 05:36 - 2015-01-12 05:36 - 15166732 _____ () C:\Users\Owner\PanoramicAnimals.deskthemepack
2015-01-12 05:35 - 2015-01-12 05:35 - 14095110 _____ () C:\Users\Owner\ButterfliesMayurKotlikar.themepack
2015-01-12 05:33 - 2015-01-12 05:34 - 15166726 _____ () C:\Users\Owner\IndianWildlifeMayurKotlikar.themepack
2015-01-12 05:32 - 2015-01-12 05:32 - 12097477 _____ () C:\Users\Owner\AfricanWildlife.themepack
2015-01-12 05:29 - 2015-01-12 05:29 - 05410226 _____ () C:\Users\Owner\EscapeHuynhNhuNguyenMinhTruc.themepack
2015-01-10 00:26 - 2015-01-10 00:26 - 00001221 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-01-10 00:16 - 2015-01-10 00:16 - 00002174 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-10 00:16 - 2015-01-10 00:16 - 00002032 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-10 00:16 - 2015-01-10 00:16 - 00002032 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-10 00:16 - 2015-01-10 00:16 - 00000000 ___RD () C:\Users\Owner\OneDrive
2015-01-10 00:16 - 2015-01-10 00:16 - 00000000 ____D () C:\Program Files\Microsoft OneDrive
2015-01-03 10:03 - 2015-01-03 10:03 - 00001241 _____ () C:\Users\Public\Desktop\Ashampoo Burning Studio 15.lnk
2015-01-03 03:22 - 2015-01-03 04:11 - 1012584833 _____ () C:\Users\Owner\Downloads\Billy Elliot Live (2014) DVDRip x264-pong.mp4
2014-12-29 19:49 - 2014-12-29 19:50 - 00001340 _____ () C:\Users\Owner\Documents\cc_20141229_194957.reg
2014-12-28 03:09 - 2014-12-28 03:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Zeoinsight
2014-12-28 03:09 - 2014-12-28 03:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\ZBAnalyticsCore
2014-12-21 20:54 - 2014-12-21 20:54 - 00000013 _____ () C:\Users\Owner\Documents\Family.txt
2014-12-21 01:07 - 2014-12-21 01:07 - 09236757 _____ () C:\Users\Owner\RavensAndCrows.themepack
2014-12-19 13:26 - 2014-12-19 13:27 - 05317104 _____ (Piriform Ltd) C:\Users\Owner\Desktop\ccsetup501.exe
2014-12-18 18:42 - 2014-12-18 18:57 - 00001390 _____ () C:\Users\Owner\Documents\Idol forums post.txt
2014-12-18 14:05 - 2014-12-13 11:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-14 16:12 - 2011-07-16 00:44 - 00018864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 16:12 - 2011-07-16 00:44 - 00018864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 16:11 - 2014-03-16 15:45 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-14 16:09 - 2014-07-16 07:39 - 01144681 _____ () C:\Windows\WindowsUpdate.log
2015-01-14 16:05 - 2014-03-16 15:45 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-14 16:05 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\Comodo
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2015-01-14 16:00 - 2011-07-16 00:48 - 00000000 ____D () C:\Users\Owner
2015-01-14 16:00 - 2010-02-03 01:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2015-01-14 16:00 - 2006-11-02 19:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-14 15:47 - 2013-02-22 11:15 - 00013824 ___SH () C:\Users\Owner\AppData\Thumbs.db
2015-01-14 15:47 - 2013-01-28 10:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\BitComet
2015-01-14 15:24 - 2012-09-01 17:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-14 07:24 - 2012-09-01 17:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-14 07:24 - 2011-12-05 05:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-13 15:55 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-10 04:16 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-10 00:49 - 2010-11-29 10:45 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2015-01-10 00:26 - 2012-01-26 05:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-01-10 00:25 - 2013-02-23 16:13 - 00001294 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-01-10 00:24 - 2012-01-26 05:48 - 00001368 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-01-10 00:23 - 2014-01-21 07:03 - 00002396 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-01-10 00:21 - 2012-01-26 05:41 - 00000000 ____D () C:\Program Files\Windows Live
2015-01-10 00:12 - 2011-04-05 09:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live
2015-01-03 10:16 - 2010-02-02 17:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Ashampoo
2015-01-03 10:16 - 2010-02-02 17:44 - 00000000 ____D () C:\Users\Owner\AppData\Local\ashampoo
2015-01-03 10:03 - 2010-02-02 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2015-01-03 10:02 - 2010-02-02 17:44 - 00000000 ____D () C:\ProgramData\ashampoo
2015-01-03 10:02 - 2010-02-02 17:34 - 00000000 ____D () C:\Program Files\Ashampoo
2015-01-03 03:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-01-03 03:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\registration
2014-12-31 19:13 - 2010-02-02 10:55 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-27 03:47 - 2012-04-25 06:08 - 00000000 ____D () C:\Users\Owner\Downloads\You-Tube
2014-12-26 07:16 - 2014-11-20 15:23 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\TigerPlayer
2014-12-19 13:28 - 2011-07-30 19:29 - 00000000 ____D () C:\Windows\Minidump
2014-12-19 13:27 - 2014-10-28 04:42 - 00000925 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-19 13:27 - 2014-10-28 04:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-15 20:49 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 00:03
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2015 02
Ran by Owner at 2015-01-14 16:15:23
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 4.0 (HKLM\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Any Video Converter 5.7.3 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Any Video Converter Ultimate 4.6.0 (HKLM\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
Ashampoo Burning Studio 14 (HKLM\...\{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1) (Version: 14.0.9 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 15 v.15.0.2 (HKLM\...\{91B33C97-5B38-0A92-D04A-A0F26F3F87D4}_is1) (Version: 15.0.2 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 8.09 (HKLM\...\Ashampoo Burning Studio 8_is1) (Version: 8.0.9 - ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 10 v.10.1.0 (HKLM\...\{4209F371-88D4-AB00-ED2B-D6520C84D9D5}_is1) (Version: 10.01.00 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 11 (HKLM\...\{4209F371-8D72-8119-66FA-897D2D41E27F}_is1) (Version: 11.00.50 - Ashampoo GmbH & Co. KG)
BitComet 1.35 (HKLM\...\BitComet) (Version: 1.35 - CometNetwork)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4200 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
c4200_Help (Version: 82.0.210.000 - Hewlett-Packard) Hidden
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version: - )
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Data Lifeguard Diagnostic for Windows (HKLM\...\{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}) (Version: 1.17 - Western Digital Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1319 - CyberLink Corporation)
Easy Thumbnails (Remove only) (HKLM\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
FLV Player 2.0 (build 25) (HKLM\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
Go PDF Reader (HKLM\...\GoPDFReader) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{14BC5667-22B0-4DC4-8205-597053BBDDC9}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
IncrediMail (Version: 6.3.9.5274 - IncrediMail) Hidden
IncrediMail 2.0 (HKLM\...\IncrediMail) (Version: 6.3.9.5274 - IncrediMail Ltd.)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft OneDrive (HKU\S-1-5-21-754179056-1382982999-2036298953-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MpcStar 5.3 (HKLM\...\MpcStar) (Version: 5.3 - www.mpcstar.com)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Online Toolkit (HKLM\...\telstra) (Version: Toolkitsetup_P11_R04 - Telstra Corporation Ltd.)
Nero 7 Essentials (HKLM\...\{27C0CED3-E9FA-4EA0-96AA-FAECE5F81033}) (Version: 7.03.0824 - Nero AG)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PC DVR-4-Net (HKLM\...\{DA427272-904E-4EC2-BCC8-07B39B8EFA78}) (Version: - )
PhotoMail Maker (Version: 6.0.0.1007 - IncrediMail) Hidden
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3409.a - CyberLink Corporation)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: - )
PS_AIO_Software_min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
RoboForm 7-9-11-5 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-11-5 - Siber Systems)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
SumatraPDF (HKLM\...\SumatraPDF) (Version: 2.4 - Krzysztof Kowalczyk)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - 2Wire (2WIREPCP) Net (03/22/2007 2.0) (HKLM\...\E2D312050E630E0CB2650D738A53820EE8BB1A95) (Version: 03/22/2007 2.0 - 2Wire)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
YouTube Downloader Toolbar v4.6 (HKLM\...\{72A7495B-18CD-4751-AC38-5DBED9C6B1E7}) (Version: 4.6 - Spigot, Inc.) <==== ATTENTION
YTD Video Downloader 3.9.6 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 3.9.6 - GreenTree Applications SRL) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)
==================== Restore Points =========================
10-12-2014 11:22:52 Windows Update
11-12-2014 03:00:35 Windows Update
13-12-2014 03:00:36 Windows Update
15-12-2014 13:35:03 Windows Update
15-12-2014 19:46:30 Windows Update
18-12-2014 19:01:15 Windows Update
22-12-2014 12:42:38 Windows Update
25-12-2014 13:16:14 Windows Update
28-12-2014 03:21:44 Removed PCKeeper
28-12-2014 03:23:45 Removed KromtechAccountService
29-12-2014 09:35:02 Windows Update
01-01-2015 11:47:19 Windows Update
02-01-2015 11:23:33 Windows Update
05-01-2015 14:17:12 Windows Update
09-01-2015 12:35:21 Windows Update
10-01-2015 00:12:21 Windows Live Essentials
10-01-2015 00:17:29 Installed DirectX
10-01-2015 00:18:59 Installed DirectX
10-01-2015 00:19:53 Installed DirectX
10-01-2015 00:21:09 WLSetup
12-01-2015 13:15:04 Windows Update
14-01-2015 15:51:06 zoek.exe restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 18:23 - 2006-09-19 05:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {14FF1700-BA4C-4FC0-A89D-96D97D103D00} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....NNICMJNDJCMKJBJ"
Task: {1C4A8493-30A2-47E5-9BE8-C1D793217A0D} - System32\Tasks\{C7C592A1-4609-49D9-8CAB-B26A0395DBCE} => C:\Program Files\IncrediMail\Bin\IncMail.exe [2014-01-09] (IncrediMail, Ltd.)
Task: {2A6152DF-CE14-42E2-A734-ADCABE9BFF68} - \LaunchSignup No Task File <==== ATTENTION
Task: {4B39CC67-88E0-42F3-9EEB-BE01803A9BA9} - System32\Tasks\{F4C92BD5-C5A1-4437-AAC2-A55EBA33700D} => C:\Program Files\BitComet\BitComet.exe [2013-02-19] (www.BitComet.com)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {5AAA5A20-7549-487C-BE96-659380BEC8CF} - System32\Tasks\{FD4F219C-6A6C-42A0-98BC-394731CBB7B2} => pcalua.exe -a "C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe"
Task: {617C2935-C625-46DD-8FE9-0B7037D31D02} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....IGJKJMIBNKJHIKJ"
Task: {662D36BA-5126-470B-93F1-C778D97D1541} - System32\Tasks\{5D97E633-0979-482E-A862-CD2D354C08F3} => C:\Program Files\PeerBlock\peerblock.exe
Task: {6BB3A965-7E8D-4394-971C-72AEBCD627F0} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-12-04] (Siber Systems)
Task: {6F10174E-7813-4D82-8392-41E4C0F07EC9} - System32\Tasks\{8B5D59BA-6195-43B8-84B0-76396BA7F967} => pcalua.exe -a C:\Users\Owner\Downloads\Applications-programs\wlsetup-web.exe -d C:\Users\Owner\Downloads\Applications-programs
Task: {76121EEE-434C-42DF-AC87-7EB6999EFA2E} - System32\Tasks\Google Update => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {76C99D68-08EF-43FD-9F51-32E57849B17E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {7F86EC89-2379-40C3-BF09-88524471D169} - System32\Tasks\{6ABA9986-39C4-4B3E-93C5-974D78626616} => C:\Program Files\PeerBlock\peerblock.exe
Task: {8988B3B0-EF01-4FC2-8D61-C20A0C40EE29} - System32\Tasks\{EF80D55A-55E2-4909-AFCB-8CC9B9AC6FF5} => pcalua.exe -a D:\AutoRunPro.exe -d D:\
Task: {9235BC52-CEBC-45B2-89BB-39CB3BB856E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {A2A18C4E-47D9-43CF-A655-070DCED2F16C} - System32\Tasks\{BA1F71DD-E433-457D-808E-DEE68AA0A978} => C:\Program Files\PeerBlock\peerblock.exe
Task: {B1F8A19A-F92B-4DDA-BDE6-133E34D8E359} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-13] (Piriform Ltd)
Task: {B3C0CC0A-A52B-43D4-83F9-319AB1AB2F13} - System32\Tasks\{13E4E255-40ED-4E85-A5BB-3CF5AAB139D0} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {B6893B4B-20AA-4829-A509-7ADC1620747B} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {BF95D427-4AA6-4CD3-AFE4-20795D2A668A} - System32\Tasks\{91B9C5A7-30E2-4EF3-A54B-EE275C8D90F3} => C:\Program Files\BitComet\BitComet.exe [2013-02-19] (www.BitComet.com)
Task: {E1F32559-195E-42FB-86A1-B30A0B3D21E2} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {E6A9CD7F-92A6-44C7-82CB-7CD808A2CB5A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {F141A988-0079-4D2B-A455-03886C5FBED7} - System32\Tasks\{A5FB1139-C3BA-43CB-B27B-EF5EF604DBFA} => C:\Program Files\PeerBlock\peerblock.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-02-01 12:20 - 2007-05-14 10:54 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2014-04-15 04:48 - 2014-06-16 08:19 - 00223624 _____ () C:\Program Files\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe
2014-01-09 09:26 - 2014-01-09 09:26 - 00033128 _____ () C:\Program Files\IncrediMail\Bin\IMHttpComm.dll
2014-01-09 09:26 - 2014-01-09 09:26 - 00072104 _____ () C:\Program Files\IncrediMail\Bin\wlessfp1.dll
2014-01-09 09:26 - 2014-01-09 09:26 - 00268712 _____ () C:\Program Files\IncrediMail\Bin\ImLookExU.dll
2012-11-18 17:29 - 2012-11-18 17:29 - 00108448 _____ () C:\Program Files\IncrediMail\Bin\pmc.dll
2014-01-09 09:26 - 2014-01-09 09:26 - 00133544 _____ () C:\Program Files\IncrediMail\Bin\ImComUtlU.dll
2014-01-09 09:26 - 2014-01-09 09:26 - 00080296 _____ () C:\Program Files\IncrediMail\bin\ImAppRU.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:07BF512B
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:BF3D62E7
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Canon IJ Status Monitor Canon iP4500 series.lnk => C:\Windows\pss\Canon IJ Status Monitor Canon iP4500 series.lnk.Startup
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: InCD => C:\Program Files\Nero\Nero 7\InCD\InCD.exe
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: SecurDisc => C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-754179056-1382982999-2036298953-500 - Administrator - Disabled)
Guest (S-1-5-21-754179056-1382982999-2036298953-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-754179056-1382982999-2036298953-1002 - Limited - Enabled)
Owner (S-1-5-21-754179056-1382982999-2036298953-1000 - Administrator - Enabled) => C:\Users\Owner
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/14/2015 04:06:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/14/2015 03:51:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsl5e8e884c.
System Error:
The system cannot find the file specified.
.
Error: (01/13/2015 11:54:24 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
Error: (01/13/2015 11:54:24 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
Error: (01/13/2015 11:54:24 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
Error: (01/13/2015 11:54:24 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
Error: (01/13/2015 03:58:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/13/2015 03:14:09 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
Error: (01/13/2015 03:14:09 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
Error: (01/13/2015 03:14:09 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
System errors:
=============
Error: (01/14/2015 04:05:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd
Error: (01/14/2015 04:04:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Ashampoo Uninstaller 5 FileSystemChanges Driver service failed to start due to the following error:
%%3
Error: (01/14/2015 04:04:53 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Error: (01/14/2015 04:04:45 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Error: (01/14/2015 04:04:45 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Error: (01/14/2015 04:04:40 PM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .
Error: (01/14/2015 04:00:26 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/14/2015 04:00:25 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/14/2015 04:00:25 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/14/2015 04:00:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Microsoft Office Sessions:
=========================
Error: (01/14/2015 04:06:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/14/2015 03:51:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsl5e8e884c.
System Error:
The system cannot find the file specified.
Error: (01/13/2015 11:54:24 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\Nero\Nero 7\InCD\NBHStr.dllC:\Program Files\Nero\Nero 7\InCD\NBHStr.dll2
Error: (01/13/2015 11:54:24 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\Nero\Nero 7\InCD\InCDshx.dllC:\Program Files\Nero\Nero 7\InCD\InCDshx.dll2
Error: (01/13/2015 11:54:24 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\Nero\Nero 7\InCD\InCDUP.dllC:\Program Files\Nero\Nero 7\InCD\InCDUP.dll2
Error: (01/13/2015 11:54:24 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\Nero\Nero 7\InCD\InCDgui.dllC:\Program Files\Nero\Nero 7\InCD\InCDgui.dll2
Error: (01/13/2015 03:58:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/13/2015 03:14:09 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\Nero\Nero 7\InCD\NBHStr.dllC:\Program Files\Nero\Nero 7\InCD\NBHStr.dll2
Error: (01/13/2015 03:14:09 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\Nero\Nero 7\InCD\InCDshx.dllC:\Program Files\Nero\Nero 7\InCD\InCDshx.dll2
Error: (01/13/2015 03:14:09 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\Nero\Nero 7\InCD\InCDUP.dllC:\Program Files\Nero\Nero 7\InCD\InCDUP.dll2
==================== Memory info ===========================
Processor: Intel® Core™2 Duo CPU E8500 @ 3.16GHz
Percentage of memory in use: 59%
Total physical RAM: 2046.49 MB
Available physical RAM: 829.89 MB
Total Pagefile: 4092.98 MB
Available Pagefile: 2558.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.41 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.51 GB) (Free:717.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 31AF88A9)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================

Edited by Naathim, 14 January 2015 - 03:10 AM.
removed italics

#4
Naathim

Posted 14 January 2015 - 02:40 AM

GeekU Minion

Expert
4,568 posts

Thank you very much for your time Naat.

You're welcome
Try to avoid italics wherever possible, it makes reading logs more difficult.

As I told earlier, due to some errors visible, probably a clean Windows install will be needed.

Also your Chrome version has been damaged. A complete reinstallation is necessary, but don't do it before I'll tell you.

Registry Cleaner/System Optimizer Warning

Ashampoo Win Optimizer
CCleaner

I saw this kind of software installed on your machine. I really doubt it will speed up your system, instead (without some Registry knowledge) may do more harm than good. Please read the articles mentioned below for more information:
Microsoft support policy for the use of registry cleaning utilities
Miekiemoes (Microsoft MVP) blog

My advice is to get rid of this program. To do so:

Press the + R on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for each one of them, right-click the entry and click Uninstall.

This is optional, but please bare in mind what I just told you. This type of "tweaking" is able to render a machine unstable.

remove%20outdated.jpg Uninstall some programs

We need to uninstall some programs.

Press the + R on your keyboard at the same time. Type appwiz.cpl and click OK.
Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

YouTube Downloader Toolbar
YTD Video Downloader

Pay special attention when uninstalling, some of the programs may have checkboxes that will either install others instead or ask you to leave them installed!
After completing uninstalls, please manually reboot your machine!

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Press the + R on your keyboard at the same time. Type Notepad and click OK.

Copy the entire content of the codebox below and paste into the Notepad document:

start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Plugin: @Maps4PC_0c.com/Plugin -> C:\Program Files\Maps4PC_0c\bar\1.bin\NP0cStub.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin: @veetle.com/vbp;version=0.9.17 -> C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKU\S-1-5-21-754179056-1382982999-2036298953-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
S3 cpuz134; \??\C:\Users\Owner\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
U3 DfSdkS; No ImagePath
R1 MpKsl46e192bc; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{164A6549-EF70-4AE4-8082-A5E0057C8640}\MpKsl46e192bc.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S2 UI5IFS; \??\C:\Program Files\Ashampoo\Ashampoo UnInstaller 5\IFS32.sys [X]
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\Comodo
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
Task: {2A6152DF-CE14-42E2-A734-ADCABE9BFF68} - \LaunchSignup No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:07BF512B
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:BF3D62E7
EmptyTemp:
end

Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.

#5
Ricky_22

Posted 14 January 2015 - 05:31 AM

Member

Topic Starter
Member
349 posts

Hi Natt, sorry, I've deleted the programs, but I can't get the scan tool to work - it just says "you obviously don't know what to do, so am closing down so you won't damage your system" .... I am totally baffled with this as I have both files in the same folder also the scan tool .... when I put anything in the search, it finds it but then just posts the results on the desk top .......... sorry I'm such a duffer

Ricky

#6
Naathim

Posted 14 January 2015 - 05:38 AM

GeekU Minion

Expert
4,568 posts

No worries Ricky

Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.

In the main box please paste in the following script:

createsrpoint;
process;
services-list;
systemspecs;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;
installedprogs;

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!

#7
Ricky_22

Posted 14 January 2015 - 06:13 AM

Member

Topic Starter
Member
349 posts

^{Thanks Naat ....}

^{Scan results:}

^{Zoek.exe v5.0.0.0 Updated 14-01-2015
Tool run by Owner on Wed 14/01/2015 at 19:55:00.27.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Owner\Downloads\zoek.exe [Scan all users] [Script inserted]}

^{==== Older Logs ======================}

^{C:\zoek-results2015-01-14-080540.log 18827 bytes}

^{==== System Restore Info ======================}

^{14/01/2015 7:58:04 PM Zoek.exe System Restore Point Created Succesfully.}

^{==== Installed Programs ======================}

^{32 Bit HP CIO Components Installer
Acrobat.com
Adobe Acrobat 4.0
Adobe AIR
Adobe Flash Player 16 ActiveX
Adobe Shockwave Player 11.5
AIO_Scan
Any Video Converter 5.7.3
Any Video Converter Ultimate 4.6.0
Ashampoo Burning Studio 14
Ashampoo Burning Studio 15 v.15.0.2
Ashampoo Burning Studio 8.09
BitComet 1.35
BufferChm
C4200
c4200_Help
Canon Easy-WebPrint EX
Canon IJ Scan Utility
Canon MG2500 series MP Drivers
Canon MG2500 series On-screen Manual
Canon My Image Garden
Canon My Image Garden Design Files
Canon My Printer
Canon Quick Menu
CD-LabelPrint
Copy
CustomerResearchQFolder
D3DX10
Data Lifeguard Diagnostic for Windows
Defraggler
Destinations
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
DVD Suite
Easy Thumbnails (Remove only)
eSupportQFolder
Go PDF Reader
Google Chrome
GPBaseService2
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
ImgBurn
IncrediMail
IncrediMail 2.0
Java Auto Updater
Junk Mail filter update
MarketResearch
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Calculator Plus
Microsoft OneDrive
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
MpcStar 5.3
MSVCRT
MSVCRT110
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Online Toolkit
Nero 7 Essentials
neroxml
OCR Software by I.R.I.S. 13.0
PC DVR-4-Net
Photo Common
Photo Gallery
Photo Notifier and Animation Creator
PhotoMail Maker
PowerDVD
PowerProducer
PS_AIO_Software_min
PSSWCORE
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RoboForm 7-9-11-5 (All Users)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
SmartWebPrinting
SolutionCenter
Speccy
Status
SumatraPDF
Toolbox
TrayApp
UnloadSupport
VideoToolkit01
VLC media player
WebReg
Windows 7 Upgrade Advisor
Windows Driver Package - 2Wire (2WIREPCP) Net (03/22/2007 2.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
YouTube Downloader Toolbar v4.6}

^{==== Running Processes ======================}

^{C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\IncrediMail\Bin\IncMail.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Users\Owner\Downloads\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k swprv}

^{==== Services(whitelist) ======================
Powered by E Dev}

^{R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe
R2 - [pcCMService] - pcCMService - c:\program files\common files\motive\pccmservice.exe
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\system32\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [AVG Security Toolbar Service] - AVG Security Toolbar Service - c:\program files\avg\avg10\toolbar\toolbarbroker.exe [x]
S3 - [BITCOMET_HELPER_SERVICE] - BitComet Disk Boost Service - c:\program files\bitcomet\tools\bitcometservice.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
S3 - [fsssvc] - Windows Live Family Safety Service - c:\program files\windows live\family safety\fsssvc.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [NBService] - NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 - [NisSrv] - Microsoft Network Inspection - c:\program files\microsoft security client\nissrv.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [InCDsrv] - InCD Helper - c:\program files\nero\nero 7\incd\incdsrv.exe
S4 - [NMIndexingService] - NMIndexingService - c:\program files\common files\ahead\lib\nmindexingservice.exe
S4 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe}

^{==== System Specs ======================}

^{Windows: Windows 7 Home Premium Edition Service Pack 1 (Build 7601)
Memory (RAM): 2047 MB
CPU Info: Intel® Core™2 Duo CPU E8500 @ 3.16GHz
CPU Speed: 3242.7 MHz
Sound Card: Speakers (Realtek High Definiti |
Speakers (AnvSoft Virtual Sound |
Display Adapters: ATI Radeon HD 3400 Series | ATI Radeon HD 3400 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; ViewSonic VX2240w |
Screen Resolution: 1680 X 1050 - 32 bit
Network: Network Present
Network Adapters: Atheros AR5005GS Wireless Network Adapter | Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GH20NS15
Ports: COM1 LPT1
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 931.5GB
Hard Disks - Free: C: 718.4GB
Manufacturer *: Award Software International, Inc.
BIOS Info: AT/AT COMPATIBLE | 06/05/08 | GBT - 42302e31
Time Zone: W. Australia Standard Time
Motherboard *: Gigabyte Technology Co., Ltd. G31M-S2L
Country: Australia
Language: ENA}

^{==== System Specs (Software) ======================}

^{Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 38.0.2125.111
Internet Explorer Version: 11.0.9600.17501
Google Chrome version: 38.0.2125.111
Shockwave Player version: 11.5.7r609}

^{==== Files Recently Created / Modified ======================}

^{====== C:\Windows ====
====== C:\Users\Owner\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
2015-01-14 05:36:07 2AF481C03C0383ADE09FFEDA0C583140 3971512 ----a-w- C:\Windows\System32\ntkrnlpa.exe
2015-01-14 05:36:05 8A289EF0AE709327D6AA9769E108B5A6 3916728 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-14 05:35:57 E284CFD490A1F2E03A8BE0B4C09A3DEE 74240 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-01-14 05:35:55 FD9692A3D31E021207D3C2A9DDDC2BE3 164864 ----a-w- C:\Windows\System32\profsvc.dll
2015-01-14 05:35:53 F115C5CD29E512F18BD7138A094B77E5 242688 ----a-w- C:\Windows\System32\nlasvc.dll
====== C:\Windows\system32\drivers =====
2015-01-14 05:35:46 03F899F521D2AAED1C55008F734DF252 116224 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-01-09 16:16:52 -------- d-----w- C:\Program Files\Microsoft OneDrive
======= C: =====
====== C:\Users\Owner\AppData\Roaming ======
2015-01-14 08:02:07 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2015-01-14 08:02:07 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2015-01-14 08:02:07 -------- d-----w- C:\Users\Default\AppData\Local\Temp
2015-01-14 08:02:07 -------- d-----w- C:\Users\Default User\AppData\Local\Temp
2015-01-14 08:02:06 -------- d-----w- C:\Users\Owner\AppData\Local\Temp
2014-12-27 19:09:19 -------- d-----w- C:\Users\Owner\AppData\Local\Zeoinsight
2014-12-27 19:09:19 -------- d-----w- C:\Users\Owner\AppData\Local\ZBAnalyticsCore
2014-12-25 19:57:54 -------- d-----w- C:\Users\Owner\AppData\Locallow\Apple Computer
====== C:\Users\Owner ======
2015-01-14 11:33:26 AD63F7359ED74F4282D0B8ABA394224E 1115648 ----a-w- C:\Users\Owner\Desktop\FRST.exe
2015-01-13 18:28:23 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Owner\Desktop\OTL.exe
2015-01-13 17:54:04 EB37771FE67C0BE822195BB437AF20A8 401920 ----a-w- C:\Users\Owner\Desktop\MiniToolBox.exe
2015-01-11 21:50:47 5FEFF50001EF3DA1C6533657AB7DF7F1 5471529 ----a-w- C:\Users\Owner\NASASpacescapes.themepack
2015-01-11 21:39:42 D25870BBC77117B6403365327531A4E0 11278409 ----a-w- C:\Users\Owner\Reflections.themepack
2015-01-11 21:37:35 E3674A828AE7B6753841C893BA79402E 15166732 ----a-w- C:\Users\Owner\PanoramicAnimals (1).deskthemepack
2015-01-11 21:36:38 E3674A828AE7B6753841C893BA79402E 15166732 ----a-w- C:\Users\Owner\PanoramicAnimals.deskthemepack
2015-01-11 21:35:15 1E0D4085A319F5B08E9D215F3DCC3D1E 14095110 ----a-w- C:\Users\Owner\ButterfliesMayurKotlikar.themepack
2015-01-11 21:33:41 E6617841544BDEE82A29975DBDAED678 15166726 ----a-w- C:\Users\Owner\IndianWildlifeMayurKotlikar.themepack
2015-01-11 21:32:15 3AB42D1E1466EC1BC8EDADD7720ED001 12097477 ----a-w- C:\Users\Owner\AfricanWildlife.themepack
2015-01-11 21:29:37 2AF5A653F5EDACB422490FC687E745F7 5410226 ----a-w- C:\Users\Owner\EscapeHuynhNhuNguyenMinhTruc.themepack
2015-01-09 16:16:38 -------- d-----r- C:\Users\Owner\OneDrive
2014-12-20 17:07:27 19ED22A248C157CB498C8E7D9906752F 9236757 ----a-w- C:\Users\Owner\RavensAndCrows.themepack}

^{====== C: exe-files ==
2015-01-14 11:33:26 AD63F7359ED74F4282D0B8ABA394224E 1115648 ----a-w- C:\Windows.old\Documents and Settings\Owner\Desktop\FRST.exe
2015-01-14 11:33:26 AD63F7359ED74F4282D0B8ABA394224E 1115648 ----a-w- C:\Users\Owner\Desktop\FRST.exe
2015-01-14 11:04:44 AD63F7359ED74F4282D0B8ABA394224E 1115648 ----a-w- C:\Windows.old\Documents and Settings\Owner\Desktop\New folder\FRST.exe
2015-01-14 11:04:44 AD63F7359ED74F4282D0B8ABA394224E 1115648 ----a-w- C:\Users\Owner\Desktop\New folder\FRST.exe
2015-01-14 10:27:47 AD63F7359ED74F4282D0B8ABA394224E 1115648 ----a-w- C:\Windows.old\Users\Owner\My Documents\default\FRST.exe
2015-01-14 10:27:47 AD63F7359ED74F4282D0B8ABA394224E 1115648 ----a-w- C:\Windows.old\Documents and Settings\Owner\Documents\default\FRST.exe
2015-01-14 10:27:47 AD63F7359ED74F4282D0B8ABA394224E 1115648 ----a-w- C:\Users\Owner\Documents\default\FRST.exe
2015-01-14 05:36:07 2AF481C03C0383ADE09FFEDA0C583140 3971512 ----a-w- C:\Windows\System32\ntkrnlpa.exe
2015-01-14 05:36:05 8A289EF0AE709327D6AA9769E108B5A6 3916728 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-14 05:35:57 E284CFD490A1F2E03A8BE0B4C09A3DEE 74240 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-01-13 18:28:23 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Windows.old\Documents and Settings\Owner\Desktop\OTL.exe
2015-01-13 18:28:23 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Owner\Desktop\OTL.exe
2015-01-13 17:54:04 EB37771FE67C0BE822195BB437AF20A8 401920 ----a-w- C:\Windows.old\Documents and Settings\Owner\Desktop\MiniToolBox.exe
2015-01-13 17:54:04 EB37771FE67C0BE822195BB437AF20A8 401920 ----a-w- C:\Users\Owner\Desktop\MiniToolBox.exe
2015-01-09 16:16:52 B18FF6F1680E0B2E2F2A63AD2F335AA7 6081224 ----a-w- C:\Program Files\Microsoft OneDrive\OneDriveSetup.exe
2015-01-09 16:16:52 B18FF6F1680E0B2E2F2A63AD2F335AA7 6081224 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\13ba58ec1d02c2701\onedrivesetup.exe
2015-01-09 16:16:34 B18FF6F1680E0B2E2F2A63AD2F335AA7 6081224 ----a-w- C:\Windows.old\Users\Owner\Local Settings\Microsoft\SkyDrive\17.0.4035.0328\OneDriveSetup.exe
2015-01-09 16:16:34 B18FF6F1680E0B2E2F2A63AD2F335AA7 6081224 ----a-w- C:\Windows.old\Users\Owner\AppData\Local\Application Data\Microsoft\SkyDrive\17.0.4035.0328\OneDriveSetup.exe
2015-01-09 16:16:34 B18FF6F1680E0B2E2F2A63AD2F335AA7 6081224 ----a-w- C:\Windows.old\Documents and Settings\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\OneDriveSetup.exe
2015-01-09 16:16:34 B18FF6F1680E0B2E2F2A63AD2F335AA7 6081224 ----a-w- C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\OneDriveSetup.exe
2015-01-09 16:16:34 1553313A94B927B65FCD27635BF49866 257224 ----a-w- C:\Windows.old\Users\Owner\Local Settings\Microsoft\SkyDrive\SkyDrive.exe
2015-01-09 16:16:34 1553313A94B927B65FCD27635BF49866 257224 ----a-w- C:\Windows.old\Users\Owner\AppData\Local\Application Data\Microsoft\SkyDrive\SkyDrive.exe
2015-01-09 16:16:34 1553313A94B927B65FCD27635BF49866 257224 ----a-w- C:\Windows.old\Documents and Settings\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
2015-01-09 16:16:34 1553313A94B927B65FCD27635BF49866 257224 ----a-w- C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
2015-01-09 16:16:20 9E419F97E88011FB18B26FAEE9E44FD8 78536 ----a-w- C:\Windows.old\Users\Owner\Local Settings\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveConfig.exe
2015-01-09 16:16:20 9E419F97E88011FB18B26FAEE9E44FD8 78536 ----a-w- C:\Windows.old\Users\Owner\AppData\Local\Application Data\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveConfig.exe
2015-01-09 16:16:20 9E419F97E88011FB18B26FAEE9E44FD8 78536 ----a-w- C:\Windows.old\Documents and Settings\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveConfig.exe
2015-01-09 16:16:20 9E419F97E88011FB18B26FAEE9E44FD8 78536 ----a-w- C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveConfig.exe
2015-01-09 16:10:16 FD16C47494166590F41C2DB1365AD13F 1239752 ----a-w- C:\Windows.old\Documents and Settings\Owner\Downloads\Applications-programs\wlsetup-web.exe
2015-01-09 16:10:16 FD16C47494166590F41C2DB1365AD13F 1239752 ----a-w- C:\Users\Owner\Downloads\Applications-programs\wlsetup-web.exe
=== C: other files ==
2015-01-14 05:35:46 03F899F521D2AAED1C55008F734DF252 116224 ----a-w- C:\Windows\System32\drivers\mrxdav.sys}

^{==== Startup Registry Enabled ======================}

^{[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"}

^{[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"}

^{[HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"}

^{[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"}

^{[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"}

^{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe"
"telstra_McciTrayApp"="C:\Program Files\telstra\Toolkit\pcTrayApp.exe "
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe "
"CanonQuickMenu"="C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"}

^{[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"}

^{==== Startup Registry Disabled ======================}

^{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]}

^{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter]
"command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon"
"hkey"="HKLM"
"item"="CanonMyPrinter"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"}

^{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InCD]
"command"="C:\\Program Files\\Nero\\Nero 7\\InCD\\InCD.exe"
"hkey"="HKLM"
"item"="InCD"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"}

^{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LanguageShortcut]
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"hkey"="HKLM"
"item"="LanguageShortcut"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"}

^{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"hkey"="HKLM"
"item"="NeroFilterCheck"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"}

^{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl]
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"hkey"="HKLM"
"item"="RemoteControl"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"}

^{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SecurDisc]
"command"="C:\\Program Files\\Nero\\Nero 7\\InCD\\NBHGui.exe"
"hkey"="HKLM"
"item"="SecurDisc"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"}

^{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]}

^{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Canon IJ Status Monitor Canon iP4500 series.lnk]
"path"="C:\\Users\\Owner\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Canon IJ Status Monitor Canon iP4500 series.lnk"
"backup"="C:\\Windows\\pss\\Canon IJ Status Monitor Canon iP4500 series.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Windows\\system32\\rundll32.exe C:\\Users\\Owner\\cnmss Canon iP4500 series (Local).dll,SMStarterEntryPoint USB002;Canon iP4500 series;cnmss Canon iP4500 series (Local).dll;Canon IJ Status Monitor Canon iP4500 series.lnk"
"item"="Canon IJ Status Monitor Canon iP4500 series"}

^{[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe"
"Google Update"="\"C:\\Users\\Owner\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"}

^{==== Startup Folders ======================}

^{2014-02-11 02:03:16 2035 ---ha-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk}

^{==== Task Scheduler Jobs ======================}

^{C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [14/01/2015 07:24 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe []}

^{==== Other Scheduled Tasks ======================}

^{"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\Go to RoboForm Install page" [C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....NNICMJNDJCMKJBJ"]
"C:\Windows\system32\tasks\Google Update" [C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\IHUninstallTrackingTASK" [CMD]
"C:\Windows\system32\tasks\Open URL by RoboForm" [C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....IGJKJMIBNKJHIKJ"]
"C:\Windows\system32\tasks\Run RoboForm TaskBar Icon" [C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe]
"C:\Windows\system32\tasks\RunAsStdUser Task for VeohWebPlayer" [C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe]
"C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\system32\tasks\{13E4E255-40ED-4E85-A5BB-3CF5AAB139D0}" [C:\Program Files\Skype\\Phone\Skype.exe]
"C:\Windows\system32\tasks\{5D97E633-0979-482E-A862-CD2D354C08F3}" [C:\Program Files\PeerBlock\peerblock.exe]
"C:\Windows\system32\tasks\{6ABA9986-39C4-4B3E-93C5-974D78626616}" [C:\Program Files\PeerBlock\peerblock.exe]
"C:\Windows\system32\tasks\{91B9C5A7-30E2-4EF3-A54B-EE275C8D90F3}" [C:\Program Files\BitComet\BitComet.exe]
"C:\Windows\system32\tasks\{A5FB1139-C3BA-43CB-B27B-EF5EF604DBFA}" [C:\Program Files\PeerBlock\peerblock.exe]
"C:\Windows\system32\tasks\{BA1F71DD-E433-457D-808E-DEE68AA0A978}" [C:\Program Files\PeerBlock\peerblock.exe]
"C:\Windows\system32\tasks\{C7C592A1-4609-49D9-8CAB-B26A0395DBCE}" [C:\Program Files\IncrediMail\Bin\IncMail.exe]
"C:\Windows\system32\tasks\{F4C92BD5-C5A1-4437-AAC2-A55EBA33700D}" [C:\Program Files\BitComet\BitComet.exe]}

^{==== Firefox Extensions Registry ======================}

^{[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [11/02/2014 10:06 AM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [11/02/2014 10:06 AM]}

^{==== Chromium Look ======================}

^{Google Chrome Version: 38.0.2125.111 (Possible outdated, latest Stable version: 39.0.2171.99)}

^{HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
edmgmpmklgfbohogafcfobonnkogchec - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx[10/10/2013 11:20 AM]
pnlccmojcmeohlpggmfnbbiapkmbliob - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx[04/12/2014 02:05 AM]}

^{Google Docs - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Motive Extension - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec
Hola Better Internet - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
Google Wallet - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
RoboForm - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob}

^{==== IE Start and Search Settings ======================}

^{[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com.au/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{B157E6A5-6063-4608-85AB-AA683985F058}"}

^{==== All HKCU SearchScopes ======================}

^{HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.co...?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/...&q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.co...g}&sourceid=ie7"
{B157E6A5-6063-4608-85AB-AA683985F058} Google Url="https://www.google.c...?q={searchTerms}"}

^{==== C:\zoek_backup content ======================}

^{C:\zoek_backup (files=196 folders=73 280372088 bytes)}

^{==== EOF on Wed 14/01/2015 at 20:00:46.47 ======================}

#8
Naathim

Posted 14 January 2015 - 06:34 AM

GeekU Minion

Expert
4,568 posts

I am concerned because ZOEK doesn't want to show me what I'd like to.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
Press Scan button and wait.
The tool will produce a logfile on your desktop named FRST.txt.

Please include its content in your next reply.

Scan with Gmer

This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.

Please download GMER by Gmer and save the file to your desktop.
It will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

Right-click on randomly named icon and select Run as Administrator to start the tool.
It is very important that you do not use your computer while Gmer is running!
Gmer will open to the Rootkit/Malware tab and perform an automatic quick scan.
If you receive a warning about rootkit activity and are asked to fully scan your system click NO!

When the pre-scan is completed, please do the following:

Please check in the Quick scan box.
Please uncheck the IAT/EAT and Show All.
Click Scan.
If you see a rootkit warning window click OK.
When the scan is finished, Save the results to your desktop as gmer.log.

Please include the content of this file in your next reply.
Don't forget to re-enable previously switched-off protection software!

If you encounter any problems, try running GMER in Safe Mode.

If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning.

#9
Ricky_22

Posted 14 January 2015 - 07:10 AM

Member

Topic Starter
Member
349 posts

Thanks

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
Ran by Owner (administrator) on OWNER-PC on 14-01-2015 20:42:02
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\IncMail.exe
(IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\ImApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4915200 2008-02-13] (Realtek Semiconductor)
HKLM\...\Run: [telstra_McciTrayApp] => C:\Program Files\telstra\Toolkit\pcTrayApp.exe [1992192 2013-07-15] (Alcatel-Lucent)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-754179056-1382982999-2036298953-1000\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-12-04] (Siber Systems)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: dfboottime \??\C:\Windows\System32\dfboottime.cfgautocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.au/
SearchScopes: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> DefaultScope {B157E6A5-6063-4608-85AB-AA683985F058} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...&q={searchTerms}
SearchScopes: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> {B157E6A5-6063-4608-85AB-AA683985F058} URL = https://www.google.c...?q={searchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @Maps4PC_0c.com/Plugin -> C:\Program Files\Maps4PC_0c\bar\1.bin\NP0cStub.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 -> C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin: @veetle.com/vbp;version=0.9.17 -> C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKU\S-1-5-21-754179056-1382982999-2036298953-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-02-01]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-02-11]
FF HKU\S-1-5-21-754179056-1382982999-2036298953-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-16]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-26]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-26]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-26]
CHR Extension: (Motive Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2014-06-26]
CHR Extension: (Hola Better Internet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-09-01]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-16]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-26]
CHR Extension: (RoboForm) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-07-24]
CHR HKLM\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx [2013-10-10]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [1554728 2007-11-26] (Nero AG)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [369152 2013-07-15] (Alcatel-Lucent) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-14] ()
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [X]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 2WIREPCP; C:\Windows\System32\DRIVERS\2WirePCP.sys [60768 2007-03-23] (2Wire, Inc.)
R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [32896 2011-11-28] (AnvSoft Inc.) [File not signed]
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [26984 2012-11-05] (AVG Technologies)
S3 gdrv; C:\Windows\gdrv.sys [16608 2010-02-01] (Windows ® 2000 DDK provider)
S4 InCDfs; C:\Windows\System32\drivers\InCDFs.sys [118952 2007-11-26] (Nero AG)
R1 InCDPass; C:\Windows\System32\drivers\InCDPass.sys [36776 2007-11-26] (Nero AG)
R1 incdrm; C:\Windows\System32\drivers\InCDRm.sys [38440 2007-11-26] (Nero AG)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2013-07-15] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2013-07-15] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2010-02-03] (Duplex Secure Ltd.)
S3 U2800Vid; C:\Windows\System32\DRIVERS⠀Vid.sys [347904 2009-08-19] (Compro Technology, Inc.)
S3 cpuz134; \??\C:\Users\Owner\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
U3 DfSdkS; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S2 UI5IFS; \??\C:\Program Files\Ashampoo\Ashampoo UnInstaller 5\IFS32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 20:42 - 2015-01-14 20:42 - 00015277 _____ () C:\Users\Owner\Desktop\FRST.txt
2015-01-14 19:33 - 2015-01-14 19:04 - 01115648 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2015-01-14 19:21 - 2015-01-14 19:22 - 00000000 ____D () C:\Users\Owner\Desktop\New folder
2015-01-14 18:55 - 2015-01-14 19:18 - 00000232 _____ () C:\Users\Owner\Desktop\Search.txt
2015-01-14 18:31 - 2015-01-14 19:06 - 00030775 _____ () C:\Users\Owner\Desktop\Addition.txt
2015-01-14 17:03 - 2015-01-14 17:03 - 00001327 _____ () C:\Users\Owner\Documents\GEEKS.txt
2015-01-14 16:13 - 2015-01-14 20:42 - 00000000 ____D () C:\FRST
2015-01-14 16:04 - 2015-01-14 17:43 - 00000902 _____ () C:\Windows\PFRO.log
2015-01-14 15:50 - 2015-01-14 20:00 - 00030255 _____ () C:\zoek-results.log
2015-01-14 15:48 - 2015-01-14 16:01 - 00000000 ____D () C:\zoek_backup
2015-01-14 15:47 - 2015-01-14 19:51 - 01295360 _____ () C:\Users\Owner\Downloads\zoek.exe
2015-01-14 13:36 - 2014-12-12 13:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 13:36 - 2014-12-12 13:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 13:35 - 2014-12-19 10:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 13:35 - 2014-12-19 09:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 13:35 - 2014-12-12 01:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 13:35 - 2014-12-06 11:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 02:28 - 2015-01-14 02:28 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2015-01-14 01:54 - 2015-01-14 01:54 - 00401920 _____ (Farbar) C:\Users\Owner\Desktop\MiniToolBox.exe
2015-01-13 02:46 - 2015-01-14 18:07 - 00255232 _____ () C:\Windows\setupact.log
2015-01-13 02:46 - 2015-01-13 02:46 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-12 05:50 - 2015-01-12 05:50 - 05471529 _____ () C:\Users\Owner\NASASpacescapes.themepack
2015-01-12 05:39 - 2015-01-12 05:39 - 11278409 _____ () C:\Users\Owner\Reflections.themepack
2015-01-12 05:37 - 2015-01-12 05:37 - 15166732 _____ () C:\Users\Owner\PanoramicAnimals (1).deskthemepack
2015-01-12 05:36 - 2015-01-12 05:36 - 15166732 _____ () C:\Users\Owner\PanoramicAnimals.deskthemepack
2015-01-12 05:35 - 2015-01-12 05:35 - 14095110 _____ () C:\Users\Owner\ButterfliesMayurKotlikar.themepack
2015-01-12 05:33 - 2015-01-12 05:34 - 15166726 _____ () C:\Users\Owner\IndianWildlifeMayurKotlikar.themepack
2015-01-12 05:32 - 2015-01-12 05:32 - 12097477 _____ () C:\Users\Owner\AfricanWildlife.themepack
2015-01-12 05:29 - 2015-01-12 05:29 - 05410226 _____ () C:\Users\Owner\EscapeHuynhNhuNguyenMinhTruc.themepack
2015-01-10 00:26 - 2015-01-10 00:26 - 00001221 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-01-10 00:16 - 2015-01-10 00:16 - 00002174 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-10 00:16 - 2015-01-10 00:16 - 00002032 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-10 00:16 - 2015-01-10 00:16 - 00002032 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-10 00:16 - 2015-01-10 00:16 - 00000000 ___RD () C:\Users\Owner\OneDrive
2015-01-10 00:16 - 2015-01-10 00:16 - 00000000 ____D () C:\Program Files\Microsoft OneDrive
2015-01-03 10:03 - 2015-01-03 10:03 - 00001241 _____ () C:\Users\Public\Desktop\Ashampoo Burning Studio 15.lnk
2015-01-03 03:22 - 2015-01-03 04:11 - 1012584833 _____ () C:\Users\Owner\Downloads\Billy Elliot Live (2014) DVDRip x264-pong.mp4
2014-12-29 19:49 - 2014-12-29 19:50 - 00001340 _____ () C:\Users\Owner\Documents\cc_20141229_194957.reg
2014-12-28 03:09 - 2014-12-28 03:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Zeoinsight
2014-12-28 03:09 - 2014-12-28 03:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\ZBAnalyticsCore
2014-12-21 20:54 - 2014-12-21 20:54 - 00000013 _____ () C:\Users\Owner\Documents\Family.txt
2014-12-21 01:07 - 2014-12-21 01:07 - 09236757 _____ () C:\Users\Owner\RavensAndCrows.themepack
2014-12-18 18:42 - 2014-12-18 18:57 - 00001390 _____ () C:\Users\Owner\Documents\Idol forums post.txt
2014-12-18 14:05 - 2014-12-13 11:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 20:24 - 2012-09-01 17:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-14 20:11 - 2014-03-16 15:45 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-14 19:53 - 2013-01-28 10:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\BitComet
2015-01-14 19:39 - 2014-07-16 07:39 - 01256029 _____ () C:\Windows\WindowsUpdate.log
2015-01-14 18:58 - 2013-11-19 09:51 - 00000000 ____D () C:\Users\Owner\Documents\default
2015-01-14 18:15 - 2011-07-16 00:44 - 00018864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 18:15 - 2011-07-16 00:44 - 00018864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 18:08 - 2014-03-16 15:45 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-14 18:07 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 18:05 - 2014-11-20 11:29 - 00033792 ___SH () C:\Users\Owner\AppData\Roaming\Thumbs.db
2015-01-14 18:04 - 2010-02-02 17:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Ashampoo
2015-01-14 17:52 - 2010-04-20 20:16 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-14 17:26 - 2010-02-02 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2015-01-14 17:10 - 2013-08-16 03:10 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 17:06 - 2011-08-12 14:59 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\Comodo
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2015-01-14 16:00 - 2011-07-16 00:48 - 00000000 ____D () C:\Users\Owner
2015-01-14 16:00 - 2010-02-03 01:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2015-01-14 16:00 - 2006-11-02 19:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-14 15:47 - 2013-02-22 11:15 - 00013824 ___SH () C:\Users\Owner\AppData\Thumbs.db
2015-01-14 07:24 - 2012-09-01 17:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-14 07:24 - 2011-12-05 05:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-13 15:55 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-10 04:16 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-10 00:49 - 2010-11-29 10:45 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2015-01-10 00:26 - 2012-01-26 05:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-01-10 00:25 - 2013-02-23 16:13 - 00001294 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-01-10 00:24 - 2012-01-26 05:48 - 00001368 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-01-10 00:23 - 2014-01-21 07:03 - 00002396 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-01-10 00:21 - 2012-01-26 05:41 - 00000000 ____D () C:\Program Files\Windows Live
2015-01-10 00:12 - 2011-04-05 09:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live
2015-01-03 10:16 - 2010-02-02 17:44 - 00000000 ____D () C:\Users\Owner\AppData\Local\ashampoo
2015-01-03 10:02 - 2010-02-02 17:44 - 00000000 ____D () C:\ProgramData\ashampoo
2015-01-03 10:02 - 2010-02-02 17:34 - 00000000 ____D () C:\Program Files\Ashampoo
2015-01-03 03:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-01-03 03:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\registration
2014-12-31 19:13 - 2010-02-02 10:55 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-27 03:47 - 2012-04-25 06:08 - 00000000 ____D () C:\Users\Owner\Downloads\You-Tube
2014-12-26 07:16 - 2014-11-20 15:23 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\TigerPlayer
2014-12-19 13:28 - 2011-07-30 19:29 - 00000000 ____D () C:\Windows\Minidump
2014-12-15 20:49 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-14 00:03

==================== End Of Log ============================

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-01-14 21:03:20
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EADS-00M2B0 rev.01.00A01 931.51GB
Running: ykpj3cp4.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kgloapow.sys

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRequestWaitReplyPort + 14A5                                                   82E3EA15 1 Byte [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                       82E78372 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                     section is writeable [0x90231000, 0x331A84, 0xE8000020]

---- Devices - GMER 2.1 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@D0A4B9F8 1252

---- EOF - GMER 2.1 ----

I had no problems or requests (rookit) from this scan

#10
Naathim

Posted 14 January 2015 - 07:15 AM

GeekU Minion

Expert
4,568 posts

Please try to repeat the instructions below. The problem is that you have probably pressed the wrong button. You need to press Fix after saving the script as fixlog.txt

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Press the

+ R on your keyboard at the same time. Type Notepad and click OK.

Copy the entire content of the codebox below and paste into the Notepad document:

start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Plugin: @Maps4PC_0c.com/Plugin -> C:\Program Files\Maps4PC_0c\bar\1.bin\NP0cStub.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin: @veetle.com/vbp;version=0.9.17 -> C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKU\S-1-5-21-754179056-1382982999-2036298953-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
S3 cpuz134; \??\C:\Users\Owner\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
U3 DfSdkS; No ImagePath
R1 MpKsl46e192bc; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{164A6549-EF70-4AE4-8082-A5E0057C8640}\MpKsl46e192bc.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S2 UI5IFS; \??\C:\Program Files\Ashampoo\Ashampoo UnInstaller 5\IFS32.sys [X]
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\Comodo
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
Task: {2A6152DF-CE14-42E2-A734-ADCABE9BFF68} - \LaunchSignup No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:07BF512B
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:BF3D62E7
EmptyTemp:
end

Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.

#11
Ricky_22

Posted 14 January 2015 - 07:44 AM

Member

Topic Starter
Member
349 posts

Worked okay this time lol -

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-01-2015 02
Ran by Owner at 2015-01-14 21:35:02 Run:1
Running from C:\Users\Owner\Desktop\FRST
Loaded Profile: Owner (Available profiles: Owner)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
FF Plugin: @Maps4PC_0c.com/Plugin -> C:\Program Files\Maps4PC_0c\bar\1.bin\NP0cStub.dll No File
FF Plugin: @tools.google.com/Google
Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin: @veetle.com/vbp;version=0.9.17 -> C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKU\S-1-5-21-754179056-1382982999-2036298953-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
S3 cpuz134; \??\C:\Users\Owner\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
U3 DfSdkS; No ImagePath
R1 MpKsl46e192bc; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{164A6549-EF70-4AE4-8082-A5E0057C8640}\MpKsl46e192bc.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5;
\??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S2 UI5IFS; \??\C:\Program Files\Ashampoo\Ashampoo UnInstaller 5\IFS32.sys [X]
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\Comodo
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2015-01-14 16:00 - 2014-11-11 00:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
Task: {2A6152DF-CE14-42E2-A734-ADCABE9BFF68} - \LaunchSignup No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:07BF512B
AlternateDataStreams:
C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:BF3D62E7
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key not found.
"HKLM\Software\MozillaPlugins\@Maps4PC_0c.com/Plugin" => Key deleted successfully.
HKLM\Software\MozillaPlugins\FF Plugin: @tools.google.com/Google => Key not found.
FF Plugin: @tools.google.com/Google not found.
Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File => Error: No automatic fix found for this entry.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1" => Key deleted successfully.
"HKU\S-1-5-21-754179056-1382982999-2036298953-1000\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1" => Key deleted successfully.
C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll not found.
cpuz134 => Service deleted successfully.
DfSdkS => Service deleted successfully.
MpKsl46e192bc => Service not found.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
\??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] => Error: No automatic fix found for this entry.
UI5IFS => Service deleted successfully.
C:\Users\Owner\AppData\Local\Comodo => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Google => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Comodo => Moved successfully.
C:\Users\Guest\AppData\Local\Google => Moved successfully.
C:\Users\Guest\AppData\Local\Comodo => Moved successfully.
C:\Users\Administrator\AppData\Local\Google => Moved successfully.
C:\Users\Administrator\AppData\Local\Comodo => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A6152DF-CE14-42E2-A734-ADCABE9BFF68}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A6152DF-CE14-42E2-A734-ADCABE9BFF68}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
C:\ProgramData\Temp => ":07BF512B" ADS removed successfully.
AlternateDataStreams: => Error: No automatic fix found for this entry.
Could not move "C:\ProgramData\Temp:0B4227B4" => Scheduled to move on reboot.
C:\ProgramData\Temp => ":BF3D62E7" ADS removed successfully.
EmptyTemp: => Removed 12.7 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-14 21:39:32)<=

"C:\ProgramData\Temp:0B4227B4" => File could not move.

==== End of Fixlog 21:39:32 ====

#12
Naathim

Posted 14 January 2015 - 07:47 AM

GeekU Minion

Expert
4,568 posts

Not everything went so smoothly.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

#13
Ricky_22

Posted 14 January 2015 - 07:56 AM

Member

Topic Starter
Member
349 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
Ran by Owner (administrator) on OWNER-PC on 14-01-2015 21:50:46
Running from C:\Users\Owner\Desktop\FRST 1
Loaded Profile: Owner (Available profiles: Owner)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\IncMail.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\ImApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.au/
SearchScopes: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> DefaultScope {B157E6A5-6063-4608-85AB-AA683985F058} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...&q={searchTerms}
SearchScopes: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> {B157E6A5-6063-4608-85AB-AA683985F058} URL = https://www.google.c...?q={searchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 -> C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-02-01]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-02-11]
FF HKU\S-1-5-21-754179056-1382982999-2036298953-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3