Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I have a virus and can't run antivirus etc :( [Solved]


  • This topic is locked This topic is locked

#1
Damon(V)

Damon(V)

    Member

  • Member
  • PipPip
  • 87 posts

Hi,

 

I realised I have a virus after logging into my net banking an "authorization" page came up asking for credit card details :(

I'm on XP but in a very similar boat to martin999 here: http://www.geekstogo...moval-programs/

I have tried various things, safe mode, system restore has no points. AVG won't run, Avast won't run, Malwarebytes won't install.  I also have run scans of the HDD attached by USB to my spare PC and although both Avast and AVG found issues neither fixed the problem.

I do have p2p stuff on my pc, a lot of it is older, I'm reasonably cautious but I understand the issues and risks.

I'm hoping someone can please help?

Regards,

 

Damon

FRST Scan:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Work 2 (administrator) on COMPUTER on 14-03-2015 09:17:53
Running from C:\Documents and Settings\Work 2\Desktop
Loaded Profiles: Work 2 & User2 & Administrator (Available profiles: Work 2 & User2 & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lavasoft AB) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(InterVideo Inc.) C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(O&O Software GmbH) C:\WINDOWS\system32\oodag.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files\TVersity\Media Server\MediaServer.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Wireless Service) C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
(D-Link) C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Hostless Modem\Telstra USB+Wi-Fi\CheckNDISPort_df.exe
(PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
(Google Inc.) C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\dwwin.exe
(Google Inc.) C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BVRPLiveUpdate] => C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRPSO~1\MOTORO~1\LIVEUP~1\LISTOF~1.DAT
HKLM\...\Run: [ANIWZCS2Service] => C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [49152 2007-01-19] (Wireless Service)
HKLM\...\Run: [D-Link D-Link Wireless G DWA-110] => C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe [1675264 2008-04-15] (D-Link)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-23] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-23] (Intel Corporation)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16855552 2007-10-25] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2503704 2015-03-06] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [273544 2011-07-14] (RealNetworks, Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [CheckNDISPort_df] => C:\Program Files\Hostless Modem\Telstra USB+Wi-Fi\CheckNDISPort_df.exe [442696 2012-09-21] ()
HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2122824 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\Run: [Google Update] => C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-22] (Google Inc.)
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31090792 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\Run: [GoogleChromeAutoLaunch_3DFCF6B2AEB445B8DC09B36EA9332B3A] => C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\MountPoints2: {12ed4923-8c89-11e4-9a6b-001e8cd6744c} - D:\AutoRun.exe
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\MountPoints2: {15fe27ef-80d3-11de-9878-00240110331d} - WDSetup.exe
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\MountPoints2: {3b2f7023-ea98-11e1-9999-001e8cd6744c} - G:\Install_Nokia_Ovi_Suite.exe
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\MountPoints2: {4c61e554-5e6e-11e0-98ed-00240110331d} - G:\AutoRun.exe
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\MountPoints2: {4c61e555-5e6e-11e0-98ed-001e8cd6744c} - G:\AutoRun.exe
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\MountPoints2: {782b5184-51b0-11e4-9a62-001e8cd6744c} - F:\RunClubSanDisk.exe
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\MountPoints2: {f3b1f293-1bea-11e0-98c0-001e8cd6744c} - H:\AutoRun.exe
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\MountPoints2: {f3b1f295-1bea-11e0-98c0-001e8cd6744c} - H:\AutoRun.exe
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\DOCUME~1\WORK2~1\Desktop\rkill.scr
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Work 2\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Work 2\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Work 2\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Work 2\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * OODBSlsdeleteC:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restartsdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
URLSearchHook: HKU\S-1-5-21-1343024091-1326574676-725345543-1006 - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
URLSearchHook: HKU\S-1-5-21-1343024091-1326574676-725345543-1006 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Documents and Settings\Work 2\Local Settings\Application Data\Vuze_Remote\prxtbVuz2.dll (ClientConnect Ltd.)
URLSearchHook: [S-1-5-21-1343024091-1326574676-725345543-500] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1343024091-1326574676-725345543-1006 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={3B5967ED-C431-421B-AAE6-69DBD5F74162}&mid=d8a3ba98391547d0ba12d157ca329dbf-07f81eec18de6d7910be4bfd46ba7efe7bc681f3&lang=en&ds=AVG&pr=fr&d=2012-10-29 19:45:55&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1343024091-1326574676-725345543-1006 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2504091
SearchScopes: HKU\S-1-5-21-1343024091-1326574676-725345543-1006 -> {F02EF4DB-5280-4E91-B854-AA0795C93A5A} URL = http://au.search.yah...p={searchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll No File
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15] (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10] (Adobe Systems Incorporated)
BHO: EWPBrowseObject Class -> {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} -> C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.3.0.885\AVG Secure Search_toolbar.dll [2015-03-06] (AVG Secure Search)
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
BHO: Vuze Remote Toolbar -> {ba14329e-9550-4989-b3f2-9732e92d17cc} -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Vuze_Remote\prxtbVuz2.dll [2014-09-23] (ClientConnect Ltd.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
BHO: YTD Toolbar -> {F3FEE66E-E034-436a-86E4-9690573BEE8A} -> C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll [2012-07-26] (Spigot, Inc.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll No File
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09] ()
Toolbar: HKLM - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll [2012-07-26] (Spigot, Inc.)
Toolbar: HKLM - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Documents and Settings\Work 2\Local Settings\Application Data\Vuze_Remote\prxtbVuz2.dll [2014-09-23] (ClientConnect Ltd.)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.3.0.885\AVG Secure Search_toolbar.dll [2015-03-06] (AVG Secure Search)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
Toolbar: HKU\S-1-5-21-1343024091-1326574676-725345543-1006 -> Vuze Remote Toolbar - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Documents and Settings\Work 2\Local Settings\Application Data\Vuze_Remote\prxtbVuz2.dll [2014-09-23] (ClientConnect Ltd.)
Toolbar: HKU\S-1-5-21-1343024091-1326574676-725345543-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-1343024091-1326574676-725345543-1006 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [2007-08-27] (Logitech Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-03-06] (AVG Secure Search)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Work 2\Application Data\Mozilla\Firefox\Profiles\9fauh4ap.default
FF DefaultSearchEngine.US: Google
FF Keyword.URL: hxxp://flybuys.search.adlux.com/search/?utm_source=adlux&utm_medium=cpc&ourmark=3&q=
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*'))%20%7B%20return%20'PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @abr.gov.au/KeyMgmtPlugin -> C:\Program Files\ABR\Plug-In\bin\npAUSkeyPlugin.dll [2012-10-25] (Commonwealth Government of Australia)
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-06-10] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll No File
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-21] (CANON INC.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-21] (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-15] (VideoLAN)
FF Plugin HKU\S-1-5-21-1343024091-1326574676-725345543-1006: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Work 2\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-1343024091-1326574676-725345543-1006: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Work 2\Application Data\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-1343024091-1326574676-725345543-1006: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-1343024091-1326574676-725345543-1006: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Work 2\Application Data\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Work 2\Application Data\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF SearchPlugin: C:\Documents and Settings\Work 2\Application Data\Mozilla\Firefox\Profiles\9fauh4ap.default\searchplugins\search-to-earn-points.xml [2014-07-05]
FF Extension: Ant Video Downloader - C:\Documents and Settings\Work 2\Application Data\Mozilla\Firefox\Profiles\9fauh4ap.default\Extensions\[email protected] [2015-03-07]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Documents and Settings\Work 2\Application Data\Mozilla\Firefox\Profiles\9fauh4ap.default\Extensions\[email protected] [2015-03-07]
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Documents and Settings\Work 2\Application Data\Mozilla\Firefox\Profiles\9fauh4ap.default\Extensions\[email protected] [2014-11-22]
FF Extension: NetVideoHunter - C:\Documents and Settings\Work 2\Application Data\Mozilla\Firefox\Profiles\9fauh4ap.default\Extensions\[email protected] [2015-03-04]
FF Extension: Youtube Downloader - 4K Download - C:\Documents and Settings\Work 2\Application Data\Mozilla\Firefox\Profiles\9fauh4ap.default\Extensions\[email protected] [2015-03-07]
FF Extension: EPUBReader - C:\Documents and Settings\Work 2\Application Data\Mozilla\Firefox\Profiles\9fauh4ap.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-02-13]
FF Extension: FireFTP - C:\Documents and Settings\Work 2\Application Data\Mozilla\Firefox\Profiles\9fauh4ap.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-01-16]
FF Extension: DownloadHelper - C:\Documents and Settings\Work 2\Application Data\Mozilla\Firefox\Profiles\9fauh4ap.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-07]
FF Extension: Vuze Remote  - C:\Documents and Settings\Work 2\Application Data\Mozilla\Firefox\Profiles\9fauh4ap.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2015-01-15]
FF Extension: Add to Amazon Wish List Button - C:\Documents and Settings\Work 2\Application Data\Mozilla\Firefox\Profiles\9fauh4ap.default\Extensions\[email protected] [2012-10-31]
FF Extension: YouTube Video and Audio Downloader - C:\Documents and Settings\Work 2\Application Data\Mozilla\Firefox\Profiles\9fauh4ap.default\Extensions\[email protected] [2014-03-06]
FF Extension: ProxMate - C:\Documents and Settings\Work 2\Application Data\Mozilla\Firefox\Profiles\9fauh4ap.default\Extensions\[email protected] [2014-03-06]
FF Extension: QR Decoder - C:\Documents and Settings\Work 2\Application Data\Mozilla\Firefox\Profiles\9fauh4ap.default\Extensions\[email protected] [2012-11-04]
FF Extension: Rainbow - C:\Documents and Settings\Work 2\Application Data\Mozilla\Firefox\Profiles\9fauh4ap.default\Extensions\[email protected] [2012-03-18]
FF Extension: Tile Tabs - C:\Documents and Settings\Work 2\Application Data\Mozilla\Firefox\Profiles\9fauh4ap.default\Extensions\[email protected] [2011-08-11]
FF Extension: RSS Ticker - C:\Documents and Settings\Work 2\Application Data\Mozilla\Firefox\Profiles\9fauh4ap.default\Extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}.xpi [2012-12-28]
FF Extension: Mobile Barcoder - C:\Documents and Settings\Work 2\Application Data\Mozilla\Firefox\Profiles\9fauh4ap.default\Extensions\{A5C87640-F7CF-11DA-974D-0800200C9A66}.xpi [2012-11-04]
FF Extension: Modify Headers - C:\Documents and Settings\Work 2\Application Data\Mozilla\Firefox\Profiles\9fauh4ap.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2012-03-27]
FF Extension: Easy YouTube Video Downloader - C:\Documents and Settings\Work 2\Application Data\Mozilla\Firefox\Profiles\9fauh4ap.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012-10-30]
FF Extension: flybuys Toolbar - C:\Documents and Settings\Work 2\Application Data\Mozilla\Firefox\Profiles\9fauh4ap.default\Extensions\{d8c4975b-9e4b-4574-b5ab-67fe58455a95}.xpi [2012-12-01]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\18.3.0.885
FF Extension: AVG Security Toolbar - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\18.3.0.885 [2015-03-06]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.nutritionforliving.com.au/wp-login.php?redirect_to=http%3A%2F%2Fwww.nutritionforliving.com.au%2Fwp-admin%2Fplugins.php&reauth=1", "hxxp://www.veganspeaks.com.au/wp-login.php?redirect_to=http%3A%2F%2Fwww.veganspeaks.com.au%2Fwp-admin%2Fnetwork%2Fplugins.php%3Ferror%3Dtrue%26main%3Dtrue%26plugin_status%3Dall%26paged%3D1%26s%3D&reauth=1"
CHR Profile: C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Dualless) - C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bgdpkilkheacbboffppjgceiplijhfpd [2014-05-15]
CHR Extension: (Tab Resize - split screen layouts) - C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkpenclhmiealbebdopglffmfdiilejc [2014-05-15]
CHR Extension: (Tab Scissors) - C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdochbecpfdpjobpgnacnbepkgcfhoek [2014-05-15]
CHR Extension: (Share link via email) - C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejdbkikfbnnhmachnnomjfgjbgkcnjkb [2014-05-16]
CHR Extension: (Dual View Split Screen) - C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmdbkgponhaodlapckmpicgahloncdog [2014-05-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Chrome Reader) - C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lojpenhmoajbiciapkjkiekmobleogjc [2012-08-13]
CHR Extension: (Hangouts) - C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-08-02]
CHR Extension: (AVG Security Toolbar) - C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-10-30]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR Extension: (Vuze Remote) - C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk [2012-10-08]
CHR Extension: (Google Reader) - C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm [2012-08-13]
CHR Extension: (Send Link by Email or Gmail) - C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\plcgkgghkdfgfhiidfjkhmainebgmklf [2014-05-16]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.1.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2014-01-09]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [ojpijjmpahflnipadmlpgbjmagmjchkk] - C:\Documents and Settings\Work 2\Local Settings\Application Data\CRE\ojpijjmpahflnipadmlpgbjmagmjchkk.crx [2012-09-20]
CHR HKU\S-1-5-21-1343024091-1326574676-725345543-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ojpijjmpahflnipadmlpgbjmagmjchkk] - C:\Documents and Settings\Work 2\Local Settings\Application Data\CRE\ojpijjmpahflnipadmlpgbjmagmjchkk.crx [2012-09-20]
StartMenuInternet: chrome.exe - C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aawservice; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [561152 2007-06-05] (Lavasoft AB) [File not signed]
S2 ANIWZCSdService; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [49152 2007-01-19] (Wireless Service) [File not signed]
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S3 idsvc; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [741376 2006-10-30] (Microsoft Corporation) [File not signed]
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2918008 2007-01-05] (Symantec Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2008-01-16] (Hewlett-Packard) [File not signed]
R2 O&O Defrag; C:\WINDOWS\system32\oodag.exe [1050120 2007-05-11] (O&O Software GmbH)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-01-16] (Hewlett-Packard) [File not signed]
S2 PS3 Media Server; C:\Program Files\PS3 Media Server\win32\service\wrapper.exe [366872 2011-05-17] (Tanuki Software, Ltd.)
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-05-19] ()
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TVersityMediaServer; C:\Program Files\TVersity\Media Server\MediaServer.exe [1249064 2011-07-30] ()
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [67056 2007-03-03] (Ulead Systems, Inc.)
R2 vToolbarUpdater18.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [1802776 2015-03-06] (AVG Secure Search)
S2 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ANIO; C:\WINDOWS\system32\ANIO.SYS [28195 2007-05-12] (Alpha Networks Inc.) [File not signed]
R2 Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [16512 2007-11-16] (Adaptec) [File not signed]
S3 AtcL001; C:\WINDOWS\System32\DRIVERS\atl01_xp.sys [35712 2006-08-22] (Attansic Technology corporation.)
R3 AtcL002; C:\WINDOWS\System32\DRIVERS\l251x86.sys [30720 2007-10-17] (Atheros Communications, Inc.)
S3 AVEO; C:\WINDOWS\System32\DRIVERS\AVEOdcnt.sys [224256 2010-01-21] (AVEO Corp) [File not signed]
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [192792 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-11-02] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-11-02] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-11-02] (HP)
R2 LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [3712 2006-05-25] (Logitech, Inc.) [File not signed]
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35088 2011-02-12] (CACE Technologies, Inc.)
R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [19016 2014-01-14] ()
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [16472 2011-05-06] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [11104 2011-05-06] ()
R3 RT73; C:\WINDOWS\System32\DRIVERS\Dr71WU.sys [459520 2008-01-15] (Ralink Technology, Corp.)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [26844 2006-03-18] (PowerISO Computing, Inc.) [File not signed]
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R1 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R3 teamviewervpn; C:\WINDOWS\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-18] (TeamViewer GmbH)
S3 usbsermptxp; C:\WINDOWS\System32\DRIVERS\usbsermptxp.sys [25600 2007-10-19] (Microsoft Corporation)
S3 BS2561008352; \??\C:\DOCUME~1\WORK2~1\LOCALS~1\Temp\NTFS.sys [X]
S3 Bulk1528; System32\Drivers\Bulk1528.sys [X]
S2 Ca1528av; System32\Drivers\Ca1528av.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-14 09:17 - 2015-03-14 09:18 - 00037680 _____ () C:\Documents and Settings\Work 2\Desktop\FRST.txt
2015-03-14 09:16 - 2015-03-14 09:16 - 01135104 _____ (Farbar) C:\Documents and Settings\Work 2\Desktop\FRST.exe
2015-03-14 09:09 - 2015-03-14 09:16 - 00015032 _____ () C:\WINDOWS\system32\DB2561008352
2015-03-14 08:58 - 2015-03-14 09:00 - 20447072 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Work 2\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-14 08:35 - 2015-03-11 07:26 - 04197016 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
2015-03-14 07:36 - 2015-03-14 07:36 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031415-01.dmp
2015-03-13 07:29 - 2015-03-13 07:29 - 00000000 ____D () C:\Documents and Settings\Work 2\Desktop\FRST-OlderVersion
2015-03-11 07:26 - 2015-03-11 07:26 - 04197016 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Work 2\Desktop\tdsskiller.exe
2015-03-11 07:26 - 2015-03-11 07:26 - 00259584 _____ (OldTimer Tools) C:\Documents and Settings\Work 2\Desktop\OTH.scr
2015-03-11 07:18 - 2015-03-14 09:18 - 00000000 ____D () C:\FRST
2015-03-09 21:10 - 2015-03-09 21:10 - 00000027 _____ () C:\Documents and Settings\User2\Application Data\mbam.context.scan
2015-03-09 21:03 - 2015-03-09 21:03 - 00000000 ____D () C:\Documents and Settings\User2\Local Settings\Application Data\Sun
2015-03-09 21:03 - 2015-03-09 21:03 - 00000000 ____D () C:\Documents and Settings\User2\Application Data\Sun
2015-03-09 20:58 - 2015-03-09 20:58 - 00000000 ____D () C:\Documents and Settings\User2\Local Settings\Application Data\Avg2015
2015-03-09 20:58 - 2015-03-09 20:58 - 00000000 ____D () C:\Documents and Settings\User2\Local Settings\Application Data\AVG Secure Search
2015-03-09 20:58 - 2015-03-09 20:58 - 00000000 ____D () C:\Documents and Settings\User2\Application Data\Real
2015-03-09 20:58 - 2015-03-09 20:58 - 00000000 ____D () C:\Documents and Settings\User2\Application Data\AVG Secure Search
2015-03-09 20:57 - 2015-03-10 05:46 - 00000178 ___SH () C:\Documents and Settings\User2\ntuser.ini
2015-03-09 20:57 - 2015-03-10 05:45 - 00000000 ____D () C:\Documents and Settings\User2\Local Settings\Temp
2015-03-09 20:57 - 2015-03-09 20:57 - 00000796 _____ () C:\Documents and Settings\User2\Start Menu\Programs\Windows Media Player.lnk
2015-03-09 20:57 - 2015-03-09 20:57 - 00000771 _____ () C:\Documents and Settings\User2\Start Menu\Programs\Internet Explorer.lnk
2015-03-09 20:57 - 2015-03-09 20:57 - 00000742 _____ () C:\Documents and Settings\User2\Start Menu\Programs\Outlook Express.lnk
2015-03-09 20:57 - 2015-03-09 20:57 - 00000000 __SHD () C:\Documents and Settings\User2\IETldCache
2015-03-09 20:57 - 2015-03-09 20:57 - 00000000 ___RD () C:\Documents and Settings\User2\Start Menu\Programs\Accessories
2015-03-09 20:57 - 2015-03-09 20:57 - 00000000 ____D () C:\Documents and Settings\User2
2015-03-09 20:57 - 2012-10-13 09:59 - 00000000 ____D () C:\Documents and Settings\User2\Application Data\TuneUp Software
2015-03-09 20:57 - 2011-02-10 15:05 - 00001609 _____ () C:\Documents and Settings\User2\Start Menu\Programs\Remote Assistance.lnk
2015-03-09 20:57 - 2011-01-24 17:49 - 00000000 ____D () C:\Documents and Settings\User2\Application Data\Macromedia
2015-03-09 20:57 - 2007-09-18 11:22 - 00001688 _____ () C:\Documents and Settings\User2\Desktop\Cyberlink PowerDirector.lnk
2015-03-09 20:57 - 2007-09-18 11:22 - 00000000 ____D () C:\Documents and Settings\User2\Start Menu\Programs\Cyberlink PowerDirector
2015-03-09 20:27 - 2015-03-09 20:27 - 04579240 _____ (AVG Technologies) C:\Documents and Settings\Work 2\Desktop\avg_isct_stb_all_2015_5315_cm5.exe
2015-03-09 20:27 - 2015-03-09 20:27 - 04579240 _____ (AVG Technologies) C:\avg_isct_stb_all_2015_5315_cm5.exe
2015-03-09 18:38 - 2015-03-08 13:12 - 05475064 _____ (Avast Software s.r.o.) C:\Documents and Settings\Work 2\Desktop\avast_free_antivirus_setup_online.exe
2015-03-08 13:10 - 2015-03-08 13:12 - 05475064 _____ (Avast Software s.r.o.) C:\avast_free_antivirus_setup_online.exe
2015-03-08 12:57 - 2015-03-08 12:01 - 00451115 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150308-125715.backup
2015-03-08 12:01 - 2015-03-08 11:54 - 00451115 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150308-120131.backup
2015-03-08 11:54 - 2011-03-09 20:01 - 00001216 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150308-115437.backup
2015-03-08 11:45 - 2015-03-08 11:45 - 00000000 ____D () C:\Documents and Settings\Work 2\My Documents\ProcAlyzer Dumps
2015-03-08 11:16 - 2015-03-08 12:26 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2015-03-08 11:15 - 2015-03-11 07:33 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-03-08 10:42 - 2015-03-08 10:43 - 46525608 _____ (Safer-Networking Ltd. ) C:\Documents and Settings\Work 2\Desktop\spybot-2.4.exe
2015-03-08 10:26 - 2015-03-08 10:26 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2015
2015-03-08 10:25 - 2015-03-08 10:25 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2015-03-08 10:24 - 2015-03-14 08:38 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-03-08 10:24 - 2015-03-14 08:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-03-08 10:24 - 2015-03-08 10:25 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-03-08 10:24 - 2012-10-13 09:59 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2015-03-08 10:24 - 2011-02-10 15:05 - 00001609 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2015-03-08 10:24 - 2011-02-10 15:04 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2015-03-08 10:24 - 2011-01-24 17:49 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia
2015-03-08 10:24 - 2007-09-18 11:22 - 00001688 _____ () C:\Documents and Settings\Administrator\Desktop\Cyberlink PowerDirector.lnk
2015-03-08 10:24 - 2007-09-18 11:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Cyberlink PowerDirector
2015-03-08 10:14 - 2015-03-08 10:14 - 04800936 _____ (AVG Technologies) C:\Documents and Settings\Work 2\Desktop\avg_free_stb_all_5751p1_177.exe
2015-03-08 07:00 - 2015-03-08 07:00 - 00065536 _____ () C:\WINDOWS\Minidump\Mini030815-01.dmp
2015-03-07 21:22 - 2015-03-07 21:22 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 9
2015-03-07 09:37 - 2015-03-13 03:59 - 01133868 _____ () C:\WINDOWS\system32\CFG2561008352
2015-03-01 17:46 - 2015-03-01 17:51 - 00828994 _____ () C:\Documents and Settings\Work 2\Desktop\glf.mp4
2015-02-22 12:29 - 2015-02-22 12:29 - 03037217 _____ () C:\Documents and Settings\Work 2\Desktop\Intro to veganism2 Narration.wma
2015-02-22 09:28 - 2015-02-22 09:28 - 00019456 _____ () C:\Documents and Settings\Work 2\Desktop\Intro to veganism.MSWMM
2015-02-22 09:14 - 2015-02-22 09:14 - 00001701 _____ () C:\Documents and Settings\Work 2\Desktop\v.utf
2015-02-22 08:50 - 2015-02-22 08:50 - 00003771 _____ () C:\Documents and Settings\Work 2\Desktop\Do you believe.utf.txt
2015-02-22 08:44 - 2015-02-22 09:06 - 00003771 _____ () C:\Documents and Settings\Work 2\Desktop\Do you believe.txt
2015-02-21 11:30 - 2015-02-21 11:30 - 04535732 _____ () C:\Documents and Settings\Work 2\Desktop\MyPost_Deliveries.mp4
2015-02-15 11:13 - 2015-02-15 11:13 - 00000016 ____H () C:\Documents and Settings\SyncToy_aa29d182-7c79-4e0d-ad30-a891204c8004.dat
2015-02-15 10:06 - 2015-02-15 10:06 - 00007758 _____ () C:\Documents and Settings\Work 2\Desktop\Mix 1.xspf
2015-02-14 12:59 - 2015-02-14 12:59 - 00012110 _____ () C:\Documents and Settings\Work 2\Desktop\Gwen.xspf
2015-02-12 06:43 - 2015-02-15 12:48 - 00000007 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME{7EF6EEBD-2E61-42CD-A876-2028A185E7DF}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-14 09:18 - 2008-10-14 14:28 - 00000000 ____D () C:\Documents and Settings\Work 2\Local Settings\Temp
2015-03-14 08:45 - 2013-01-04 08:24 - 00406408 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-14 08:43 - 2010-03-01 06:36 - 00000000 ____D () C:\Documents and Settings\Work 2\Application Data\Skype
2015-03-14 08:42 - 2011-01-02 10:20 - 00000000 ____D () C:\Program Files\PeerBlock
2015-03-14 08:42 - 2009-10-27 13:28 - 00003284 _____ () C:\WINDOWS\system32\ANIWZCS{ABC6C283-2BF8-45CA-8598-F5669FA7FF12}
2015-03-14 08:41 - 2009-10-27 13:27 - 00000007 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME{ABC6C283-2BF8-45CA-8598-F5669FA7FF12}
2015-03-14 08:41 - 2009-08-04 15:45 - 00000007 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME
2015-03-14 08:41 - 2007-08-08 06:59 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-03-14 08:40 - 2009-03-26 03:00 - 00000260 _____ () C:\WINDOWS\Tasks\WGASetup.job
2015-03-14 08:39 - 2013-06-01 03:12 - 00000350 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-03-14 08:39 - 2013-02-02 09:08 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-14 08:39 - 2011-08-15 15:40 - 00000000 ____D () C:\Program Files\PS3 Media Server
2015-03-14 08:39 - 2011-08-14 18:09 - 00265532 _____ () C:\WINDOWS\system32\TVersityMediaServer.log
2015-03-14 08:39 - 2011-07-14 09:46 - 00000280 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1326574676-725345543-1006.job
2015-03-14 08:39 - 2007-08-10 12:09 - 01159516 _____ () C:\WINDOWS\system32\oodbs.lor
2015-03-14 08:39 - 2007-08-08 06:59 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-14 08:39 - 2007-08-08 02:30 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-03-14 08:39 - 2007-08-08 02:30 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-03-14 08:29 - 2008-10-14 14:28 - 00000278 ___SH () C:\Documents and Settings\Work 2\ntuser.ini
2015-03-14 08:29 - 2007-08-08 06:59 - 00032618 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-14 08:22 - 2011-07-16 20:24 - 00000982 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1326574676-725345543-1006UA.job
2015-03-14 07:36 - 2009-09-15 12:51 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-14 07:36 - 2004-08-04 22:00 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl
2015-03-14 07:35 - 2011-02-11 00:38 - 2138218496 _____ () C:\WINDOWS\MEMORY.DMP
2015-03-13 21:46 - 2010-12-06 20:55 - 00000000 ____D () C:\Documents and Settings\Work 2\Application Data\vlc
2015-03-13 21:39 - 2011-01-02 10:22 - 00000000 ____D () C:\Documents and Settings\Work 2\Application Data\uTorrent
2015-03-13 21:34 - 2012-10-13 10:37 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-13 21:30 - 2013-02-02 09:08 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-13 18:08 - 2012-10-23 07:56 - 00000000 ____D () C:\Documents and Settings\Work 2\Application Data\PriceGong
2015-03-13 08:40 - 2011-10-15 09:13 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-03-13 07:22 - 2011-07-16 20:24 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1326574676-725345543-1006Core.job
2015-03-13 05:45 - 2014-10-24 06:43 - 00000556 _____ () C:\WINDOWS\Tasks\Casper XP Scheduled Copy of Disk 1 to Disk 2.job
2015-03-12 20:14 - 2012-10-07 21:53 - 00000000 ____D () C:\Documents and Settings\Work 2\Application Data\Azureus
2015-03-12 12:46 - 2011-07-14 09:46 - 00000288 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1326574676-725345543-1006.job
2015-03-11 18:00 - 2011-02-10 20:12 - 00000000 ____D () C:\Documents and Settings\Work 2\My Documents\Desktop Temp
2015-03-11 07:08 - 2012-10-07 21:52 - 00000000 ____D () C:\Documents and Settings\Work 2\Local Settings\Application Data\Vuze_Remote
2015-03-11 07:05 - 2010-01-13 15:44 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-03-11 07:05 - 2010-01-13 15:43 - 00000000 ____D () C:\Program Files\Symantec
2015-03-11 07:05 - 2010-01-13 15:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Symantec
2015-03-11 07:04 - 2007-08-08 11:22 - 00000000 ____D () C:\Program Files\ESET
2015-03-11 06:54 - 2012-09-21 07:54 - 00001242 _____ () C:\WINDOWS\wininit.ini
2015-03-11 06:54 - 2007-08-09 11:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-03-10 17:54 - 2013-06-12 19:50 - 00006174 _____ () C:\WINDOWS\setupact.log
2015-03-10 17:54 - 2013-01-11 08:11 - 00511508 _____ () C:\WINDOWS\setupapi.log
2015-03-10 12:41 - 2007-08-09 12:14 - 00000000 ____D () C:\Documents and Settings\Work 2\My Documents\Software
2015-03-10 12:31 - 2008-10-21 16:56 - 00000000 ____D () C:\Documents and Settings\Work 2\My Documents\Shaun Shared
2015-03-10 05:46 - 2014-07-23 19:51 - 00000007 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME{02F3C557-80E4-415C-A588-B850710C9CA3}
2015-03-09 20:57 - 2013-10-16 14:48 - 00002801 _____ () C:\WINDOWS\wmsetup.log
2015-03-08 12:32 - 2015-01-24 17:40 - 00000007 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME{E096EEF9-C664-46EA-AA51-3939B376610F}
2015-03-08 12:01 - 2007-08-08 02:25 - 00000245 ___SH () C:\boot.ini
2015-03-08 11:15 - 2007-08-09 11:10 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2015-03-08 07:23 - 2007-08-08 06:54 - 00000000 ____D () C:\WINDOWS\Registration
2015-03-07 21:24 - 2014-08-09 01:11 - 00000771 _____ () C:\WINDOWS\system32\TeamViewer9_Hooks.log
2015-03-07 18:43 - 2011-10-20 18:37 - 00000000 ____D () C:\WINDOWS\system32\oodag
2015-03-07 18:39 - 2008-10-14 14:34 - 00000000 ____D () C:\Documents and Settings\Work 2\My Documents\Damon
2015-03-07 00:47 - 2012-09-25 22:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2015-03-06 17:28 - 2012-11-09 04:21 - 00000000 ____D () C:\WINDOWS\system32\cache
2015-03-06 17:28 - 2012-10-29 19:45 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2015-03-06 17:28 - 2012-10-29 19:45 - 00000000 ____D () C:\Program Files\AVG Secure Search
2015-03-01 17:52 - 2014-12-19 19:55 - 00000000 ____D () C:\Documents and Settings\Work 2\Desktop\GLF vids
2015-02-22 16:54 - 2011-03-17 21:16 - 00000000 ____D () C:\Documents and Settings\Work 2\Local Settings\Application Data\WMTools Downloaded Files
2015-02-22 16:23 - 2008-12-09 21:14 - 00066048 _____ () C:\Documents and Settings\Work 2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-21 18:16 - 2011-08-14 18:09 - 01024199 _____ () C:\WINDOWS\system32\TVersityMediaServer.log.1
2015-02-21 12:45 - 2010-03-01 06:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2015-02-21 12:44 - 2010-03-01 06:35 - 00000000 ___RD () C:\Program Files\Skype
2015-02-21 11:23 - 2015-01-09 08:08 - 00014251 _____ () C:\Documents and Settings\Work 2\Desktop\Change of Address Jan 2015.xlsx
2015-02-20 17:58 - 2014-06-15 08:18 - 00133632 ___SH () C:\Documents and Settings\Work 2\Desktop\Thumbs.db
2015-02-16 08:03 - 2008-10-14 14:28 - 00000000 ____D () C:\Documents and Settings\Work 2
2015-02-15 11:57 - 2015-02-11 06:43 - 00000007 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME{2E5E5122-B8B0-41BA-84DC-5B12E3F13377}
2015-02-15 11:57 - 2011-02-15 22:43 - 01789952 _____ () C:\Documents and Settings\Work 2\Local Settings\Application Data\filesync.metadata
2015-02-15 11:12 - 2011-02-15 22:43 - 00002259 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\SyncToy 2.0.lnk
2015-02-14 10:08 - 2007-08-08 02:28 - 00605412 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
 
==================== Files in the root of some directories =======
 
2013-06-27 10:13 - 2014-06-28 08:28 - 0003728 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2011-03-30 20:28 - 2011-03-30 20:31 - 0000132 _____ () C:\Documents and Settings\Work 2\Application Data\Adobe BMP Format CS5 Prefs
2011-03-31 11:25 - 2014-02-26 14:35 - 0000132 _____ () C:\Documents and Settings\Work 2\Application Data\Adobe GIF Format CS5 Prefs
2011-07-12 13:40 - 2014-08-10 11:27 - 0000132 _____ () C:\Documents and Settings\Work 2\Application Data\Adobe PNG Format CS5 Prefs
2013-10-20 13:51 - 2014-03-09 11:59 - 0000096 _____ () C:\Documents and Settings\Work 2\Application Data\Camdata.ini
2013-10-20 13:51 - 2014-03-09 11:59 - 0000408 _____ () C:\Documents and Settings\Work 2\Application Data\CamLayout.ini
2013-10-20 13:51 - 2014-03-09 11:59 - 0000408 _____ () C:\Documents and Settings\Work 2\Application Data\CamShapes.ini
2013-10-20 13:51 - 2014-03-09 11:59 - 0004510 _____ () C:\Documents and Settings\Work 2\Application Data\CamStudio.cfg
2011-07-20 14:30 - 2013-11-15 11:49 - 0001456 _____ () C:\Documents and Settings\Work 2\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
2008-12-09 21:14 - 2015-02-22 16:23 - 0066048 _____ () C:\Documents and Settings\Work 2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-02-15 22:43 - 2015-02-15 11:57 - 1789952 _____ () C:\Documents and Settings\Work 2\Local Settings\Application Data\filesync.metadata
2008-10-14 14:29 - 2008-10-14 14:29 - 0000129 _____ () C:\Documents and Settings\Work 2\Local Settings\Application Data\fusioncache.dat
 
ZeroAccess:
C:\Windows\Installer\{0a52bac8-e97c-961b-ec61-eb84061522eb}
C:\Windows\Installer\{0a52bac8-e97c-961b-ec61-eb84061522eb}\@
 
ZeroAccess:
C:\Documents and Settings\Work 2\Local Settings\Application Data\{0a52bac8-e97c-961b-ec61-eb84061522eb}
C:\Documents and Settings\Work 2\Local Settings\Application Data\{0a52bac8-e97c-961b-ec61-eb84061522eb}\@
C:\Documents and Settings\Work 2\Local Settings\Application Data\{0a52bac8-e97c-961b-ec61-eb84061522eb}\U\[email protected]
 
Some content of TEMP:
====================
C:\Documents and Settings\Work 2\Local Settings\Temp\DataCard_Setup.exe
C:\Documents and Settings\Work 2\Local Settings\Temp\ResetDevice.exe
C:\Documents and Settings\Work 2\Local Settings\Temp\_isB15.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Work 2 at 2015-03-14 09:19:07
Running from C:\Documents and Settings\Work 2\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Eset NOD32 antivirus system 2.51 (Enabled - Out of date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM\...\uTorrent) (Version: 3.2.2.28110 - BitTorrent Inc.)
32 Bit HP CIO Components Installer (Version: 2.1.0 - Hewlett-Packard) Hidden
Ad-Aware 2007 (HKLM\...\{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}) (Version: 7.0.1.2 - Lavasoft)
Adobe Acrobat 6.0 Professional - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000001}) (Version: 006.000.000 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\ShockwaveFlash) (Version: 9 - Adobe Systems)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader X (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Amazon Send to Kindle (HKLM\...\SendToKindle) (Version: 1.0.0.192 - Amazon)
ANIO Service (HKLM\...\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}) (Version:  - )
ANIWZCS2 Service (HKLM\...\{4C590030-7469-453E-8589-D15DA9D03F52}) (Version:  - )
Any DVD Cloner Platinum 1.2.0 (HKLM\...\Any DVD Cloner Platinum_is1) (Version:  - dvdsmith.com)
Any Video Converter Professional 5.0.8 (HKLM\...\Any Video Converter Professional_is1) (Version:  - Any-Video-Converter.com)
AnyCAD Viewer 2011 (HKLM\...\{65147B19-6211-43E1-9897-EA6AC44D4E24}) (Version: 2.5.0 - AnyCAD Solution)
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}) (Version: 4.0.0.96 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaConverter 2 (HKLM\...\{33295076-A0D0-49B8-9EA0-A9AB3631CDC8}) (Version:  - ArcSoft)
AsusUpdate (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version:  - )
Attansic Giga Ethernet Utility (HKLM\...\{1F698102-5739-441E-96F0-74F4EA540F06}) (Version: 1.0 - )
Attansic L1 Gigabit Ethernet Driver (HKLM\...\AtcL1) (Version:  - )
AUSkey software 1.4.4 (HKLM\...\{24D37B30-83B4-46A7-A691-30F2FCEAE58E}) (Version: 1.4.4 - ABR)
Australian City Streets Ver 3 (HKLM\...\{F23E8E20-48E0-44C4-87B0-1151FAADF7F0}) (Version: 5.0.0.3 - UBD)
Avanquest update (HKLM\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.12 - Avanquest Software)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4299 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.3.0.885 - AVG Technologies)
Avidemux 2.5 (32-bit) (HKLM\...\Avidemux 2.5) (Version: 2.5.4.7200 - )
AxCrypt (Remove Only) (HKLM\...\AxCrypt) (Version:  - Axon Data)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bullzip PDF Printer 4.0.0.463 (HKLM\...\Bullzip PDF Printer_is1) (Version:  - Bullzip)
Bundled software uninstaller (HKLM\...\bi_uninstaller) (Version:  - ) <==== ATTENTION
calibre (HKLM\...\{8DE7A656-A244-47C6-BB05-D412820FDA3C}) (Version: 0.8.48 - Kovid Goyal)
CamStudio version 2.7 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon iP4300 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300) (Version:  - )
Canon MG2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series) (Version:  - )
Canon MG2100 series On-screen Manual (HKLM\...\Canon MG2100 series On-screen Manual) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version:  - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Setup Utility 2.3 (HKLM\...\Canon Setup Utility 2.3) (Version:  - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )
Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version:  - )
Canon Utilities Easy-PrintToolBox (HKLM\...\Easy-PrintToolBox) (Version:  - )
Casper XP (HKLM\...\{243FA669-BEA1-4FD7-906F-DAF000D6B33A}) (Version: 3.0.224 - Future Systems Solutions, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )
Centrebet.net (HKLM\...\Centrebet Poker.NET) (Version:  - )
CL-Eye Driver (HKLM\...\CL-Eye Driver) (Version: 5.3.0.0341 - Code Laboratories, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation)
ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Core FTP LE (HKLM\...\CoreFTP) (Version:  - )
DaeViewer (HKLM\...\DaeViewer.76CE1EF822E2E36CA97855F1F5AE3A25B8F1B9B8.1) (Version: v1 - UNKNOWN)
DaeViewer (Version: 1 - UNKNOWN) Hidden
DeviceFunctionQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.0 - DivX, Inc.)
DivX Content Uploader (HKLM\...\{D050D7362D214723AD585B541FFB6C11}) (Version: 1.2.1 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 6.5.1 - DivX, Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.0.34 - DivX, LLC)
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.0 - DivX,Inc.)
D-Link Wireless G DWA-110 (HKLM\...\{5F753314-628E-4C13-B8AE-BFA7FD514CBE}) (Version:  - D-Link)
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocumentViewerQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVD-CLONER V5.00 Build 959 (HKLM\...\DVD-CLONER V_is1) (Version:  - )
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version:  - )
e-tax 2011 (HKLM\...\{C078C299-C2C2-4110-A6EF-8D5E66C228DA}) (Version: 11.1.704 - ATO)
e-tax 2012 (HKLM\...\{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}) (Version: 6.0.577 - Australian Taxation Office)
e-tax 2013 (HKLM\...\{FFF14233-FE39-4671-A38E-76FD8F24A879}) (Version: 0.10.558 - Australian Taxation Office)
e-tax 2014 (HKLM\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.10.788 - Australian Taxation Office)
ffdshow [rev 3154] [2009-12-09] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
FileMind QuickFix (HKLM\...\{92789900-80D0-4B61-B742-7897964A69AB}_is1) (Version: Build 4184 - Metability Software)
FileZilla Client 3.5.0 (HKLM\...\FileZilla Client) (Version: 3.5.0 - )
Final Draft 7 (HKLM\...\{78D62D17-D970-42DA-B8CF-5E5576293B33}) (Version: 7.1.1.19 - Final Draft, Inc.)
Free CBR Reader (HKLM\...\{B9240DAE-EFA1-4A0E-824F-17B3F99194F8}) (Version: 1.0.0 - Free Picture Solutions)
Free Convert Audio to iPhone iPod Music Converter 5.8 (HKLM\...\Free Convert Audio to iPhone iPod Music Converter_is1) (Version:  - Xillvideo Software, Inc.)
Free M4a to MP3 Converter 8.0 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free MKV Video2Dvd 3.30 (HKLM\...\Free MKV Video2Dvd 3.30_is1) (Version:  - EffectMatrix, Inc.)
Freecorder 5 (HKLM\...\Freecorder5.11) (Version: 5.11 - Applian Technologies Inc.)
FullDPAppQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Google Chrome (HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript Lite 8.70 (HKLM\...\GPL Ghostscript Lite_is1) (Version:  - )
HL-2130 (HKLM\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HyperSnap 6 (HKLM\...\HyperSnap 6) (Version: 5 - Hyperionics Technology LLC)
ImageMixer for HDD Camcorder (HKLM\...\{44E5B47F-870E-4E38-A458-8A5FC4DCFECF}) (Version: 3.01.001 - PIXELA)
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4543 - )
InterVideo DeviceService (HKLM\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo)
IRAS (HKLM\...\Remote Administration System_is1) (Version:  - )
iTunes (HKLM\...\{29ED20C9-5E15-4969-9279-25BF3727A3DA}) (Version: 10.5.0.142 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java™ 6 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)
Java™ 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Java™ 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.300 - Sun Microsystems, Inc.)
JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Juice 2.2 (HKLM\...\Juice) (Version: 2.2 - Juice Team)
KhalSetup (Version: 3.0.101 - Logitech) Hidden
K-Lite Codec Pack 4.0.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 4.0.0 - )
LightScribe  1.4.124.1 (Version: 1.4.124.1 - http://www.lightscribe.com) Hidden
LiveReg (Symantec Corporation) (HKLM\...\LiveReg) (Version: 2.4.2.2295 - Symantec Corporation)
LiveUpdate 3.2 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.2.0.41 - Symantec Corporation)
Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.52.18 - Logitech, Inc.)
Logitech Harmony Remote Software 7 (HKLM\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.3.2.5 - Logitech)
Logitech SetPoint (HKLM\...\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}) (Version: 3.0 - Logitech)
Macromedia Dreamweaver 8 (HKLM\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)
Macromedia Extension Manager (HKLM\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Macromedia Fireworks 8 (HKLM\...\{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}) (Version: 8.0.0.777 - Macromedia)
Macromedia Flash 8 (HKLM\...\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}) (Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (HKLM\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia)
Macromedia Flash Player 8 (HKLM\...\{885A63EA-382B-4DD4-A755-14809B8557D6}) (Version: 8.0.22.0 - Macromedia)
Magic ISO Maker v5.4 (build 0239) (HKLM\...\Magic ISO Maker v5.4 (build 0239)) (Version:  - )
Mavis Beacon Teaches Typing Platinum 20 (HKLM\...\{58F9D852-9443-4955-A1ED-12C9E0504DD0}) (Version: 20.00.0000 - Broderbund)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Hotfix (KB928366) (HKLM\...\M928366) (Version:  - )
Microsoft .NET Framework 2.0 (HKLM\...\Microsoft .NET Framework 2.0) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.0 (HKLM\...\Microsoft .NET Framework 3.0) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 (x86) (HKLM\...\{A8BD5A60-E843-46DC-8271-ABF20756BE0F}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 (x86) (HKLM\...\{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version:  - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 6.0 (HKLM\...\{067B277E-F94B-4F04-B380-BA967C00377C}_is1) (Version:  - MiniTool Solution Ltd.)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Motorola Driver Installation (HKLM\...\{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}) (Version: 2.7.2 - Motorola Inc.)
Motorola Phone Tools (HKLM\...\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}) (Version: 4.3.5a 10-03-2006 - Avanquest Software)
Motorola Phone Tools (Version: 4.30 - BVRP Software) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB954459) (HKLM\...\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}) (Version: 6.20.1099.0 - Microsoft Corporation)
MYOB Accounting Plus v16 (HKLM\...\InstallShield_{F7655F04-CD42-439C-A47C-2673F0867B0A}) (Version: 16 - MYOB Technology Pty Ltd)
MYOB Accounting Plus v16 (Version: 16 - MYOB Technology Pty Ltd) Hidden
MYOB Accounting Plus v17 (HKLM\...\InstallShield_{89D94B11-4C0A-44E4-A8FA-A6F5BD107043}) (Version: 17.0.0 - MYOB Technology Pty Ltd)
MYOB Accounting Plus v17 (Version: 17.0.0 - MYOB Technology Pty Ltd) Hidden
MYOB Accounting Plus v18.5 (HKLM\...\InstallShield_{60D06F5E-876E-4D0C-B6EE-C1820D61A5B2}) (Version: 18.5.0 - MYOB Technology Pty Ltd)
MYOB Accounting Plus v18.5 (Version: 18.5.0 - MYOB Technology Pty Ltd) Hidden
MYOB ODBC Direct v7 (HKLM\...\InstallShield_{C71F2873-3229-4A9E-A2A2-F14DCBF63F56}) (Version: 7.0.0 - MYOB Technology Pty Ltd)
MYOB ODBC Direct v7 (Version: 7.0.0 - MYOB Technology Pty Ltd) Hidden
MYOB ODBC Direct v9 AUS (HKLM\...\InstallShield_{92FF8F7F-F7AF-4643-AD5E-550E7E243C34}) (Version: 9.0.0 - MYOB Technology Pty Ltd)
MYOB ODBC Direct v9 AUS (Version: 9.0.0 - MYOB Technology Pty Ltd) Hidden
Nero 8 (HKLM\...\{5FCCD531-1B38-4A94-924C-127F722F1033}) (Version: 8.2.89 - Nero AG)
NirSoft VideoCacheView (HKLM\...\NirSoft VideoCacheView) (Version:  - )
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (Version: 3.8.48.0 - Nokia) Hidden
O&O Defrag Professional Edition (HKLM\...\{53480330-E1D1-41CA-B8F8-7F78644F7F50}) (Version: 10.0.1634 - O&O Software GmbH)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PhotoNow! 1.0 (HKLM\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version:  - )
PIXresizer 1.0.9 (HKLM\...\PIXresizer_is1) (Version:  - Bluefive software)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.00.0000 - CyberLink Corp.)
PowerDirector (Version: 6.00.0000 - CyberLink Corp.) Hidden
PowerISO (HKLM\...\PowerISO) (Version:  - )
PS3 Media Server (HKLM\...\PS3 Media Server) (Version: 1.54.0 - PS3 Media Server)
Qtrax 0.2beta (20080125) (HKLM\...\Qtrax 20080125) (Version:  - )
QuarkXPress 7.2 (HKLM\...\{A38048C6-89D1-44EC-BC95-E95DD4A19B5E}) (Version: 7.20.0000 - Quark Inc.)
QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Real Alternative 2.0.2 (HKLM\...\RealAlt_is1) (Version: 2.0.2 - )
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5506 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Remote Control USB Driver (HKLM\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
RIA-Media Viewer (HKLM\...\{275BBB82-18B7-4201-83C4-59ECF0C4C48F}) (Version: 1.4.3 - RIA-Media) <==== ATTENTION
RMVB Converter 1.8 (HKLM\...\{C3BDF1C8-66EF-4A0F-B427-A99E39706F45}_is1) (Version:  - RMVB Codec)
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version:  - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Software (HKLM\...\Samsung Mobile phone USB driver) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 (HKLM\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.2.2.80805 - Samsung Electronics Co., Ltd.)
Samsung PC Studio 3 (Version: 3.0.0.80805 - Samsung Electronics Co., Ltd.) Hidden
Samsung PC Studio 3 USB Driver Installer (HKLM\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
SketchUp 8 (HKLM\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Skype Call Recorder (HKLM\...\{31FDDB24-D8FE-456A-8479-5E0526D5EAAF}) (Version: 0.7.2 - Alexander Nikiforov)
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.3.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.3.0 - SmartSound Software Inc) Hidden
Sony Vegas Movie Studio Platinum 8.0 (HKLM\...\{987B8E44-5E06-48A5-9745-46EB2B8A3CB0}) (Version: 8.0.122 - Sony)
SPCA1528 PC Driver (HKLM\...\{570C2A84-A145-4DF0-AE9D-012584DF09DC}) (Version: 2.2.2.0 - sunplus)
Spell Checker For OE 2.1 (HKLM\...\Spell Checker For OE 2.1) (Version:  - )
StreamTransport version: 1.0.2.2171 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
SyncToy 2.0 (x86) (HKLM\...\{AFDFC350-C142-4790-BE12-8357AECD028F}) (Version: 2.0.100.0 - Microsoft)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.38846 - TeamViewer)
Telstra Online Text Buddy 1.0 (HKLM\...\{DC970EE0-4C92-4CDE-A323-0E2F1552C35E}) (Version: 1.0 - Telstra)
Telstra USB+Wi-Fi Hostless Modem (HKLM\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)
Toolbox (Version: 61.0.163.000 - Hewlett-Packard) Hidden
TubeHunter Ultra (HKLM\...\{366FCBA4-3AB9-4EF1-938E-E7054BEA2E22}) (Version: 1.7.2155 - Neoretix Laboratory)
TVersity Codec Pack 1.7 (HKLM\...\TVersity Codec Pack) (Version: 1.7 - TVersity Inc.)
TVersity Media Server 1.9.7 (HKLM\...\TVersity Media Server) (Version: 1.9.7 - TVersity)
Ulead DVD DiskRecorder 2.1.1 (HKLM\...\{31E1050B-F69F-4A16-8F5A-E44D31901250}) (Version:  - Ulead Systems, Inc.)
Ulead DVD MovieFactory 6 (HKLM\...\InstallShield_{CCC4E428-411E-4605-B515-317D50ABD477}) (Version: 6.0.0 - InterVideo Digital Technology Corporation)
Ulead DVD MovieFactory 6 (Version: 6.0.0 - InterVideo Digital Technology Corporation) Hidden
Ulead MediaStudio Pro 8.0 (HKLM\...\{A6E71574-2126-4E95-816E-32B2411C94BA}) (Version: 8.0 - Ulead Systems, Inc.)
Ulead VideoStudio 11 (HKLM\...\InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}) (Version: 11.0.0.0000 - InterVideo Digital Technology Corporation)
Unload (Version: 6.0.0 - Hewlett-Packard) Hidden
USB2.0 PC Camera (HKLM\...\{417D86A0-89FE-4308-B172-45B74DCE6F8F}) (Version: 1.0.0.7 - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VideoStudio (Version: 11.0.0.0000 - InterVideo Digital Technology Corporation) Hidden
Virgin Mobile (HKLM\...\Virgin Mobile) (Version: 13.001.08.00.261 - Huawei Technologies Co.,Ltd)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.2.0.0 - Azureus Software, Inc.)
Vuze Remote Toolbar (HKLM\...\Vuze_Remote Toolbar) (Version: 6.9.0.16 - Vuze Remote) <==== ATTENTION
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0) (HKLM\...\6194C28A8F62DD817EA1B918E6E46E806A21B452) (Version: 02/23/2007 2.5.0.0 - MobileTop)
Windows Driver Package - MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0) (HKLM\...\65B6FE5418CE28F4D72543FB2D964C3CEC83F161) (Version: 02/23/2007 2.5.0.0 - MobileTop)
Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0036.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Xiph.Org Open Codecs 0.85.17777 (HKLM\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
YTD Toolbar v6.2 (HKLM\...\{BCC315E7-2E8F-4EFD-8A0B-F8F276FE73F2}) (Version: 6.2 - Spigot, Inc.) <==== ATTENTION
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Work 2\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.21.99\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.21.57\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.21.69\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.21.79\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\Application\41.0.2272.89\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Conduit\Community Alerts\Alert.dll (ClientConnect Ltd.)
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Vuze_Remote\prxtbVuz2.dll (ClientConnect Ltd.)
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.21.65\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Vuze_Remote\prxtbVuz2.dll (ClientConnect Ltd.)
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Work 2\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Work 2\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Work 2\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Work 2\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Work 2\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1343024091-1326574676-725345543-1006_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll N (the data entry has 6 more characters).
 
==================== Restore Points  =========================
 
09-03-2015 21:36:23 System Checkpoint
10-03-2015 21:56:40 System Checkpoint
11-03-2015 07:05:07 Removed Symantec pcAnywhere.
12-03-2015 07:51:27 System Checkpoint
13-03-2015 08:35:19 System Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 22:00 - 2015-03-08 12:57 - 00451115 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\WINDOWS\TEMP\{D5BE814F-CAC9-4701-ACAB-0D9DCE3CA0F0}.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Casper XP Scheduled Copy of Disk 1 to Disk 2.job => C:\Program Files\Future Systems Solutions\Casper XP\CasperXP.EXE
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1326574676-725345543-1006Core.job => C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1326574676-725345543-1006UA.job => C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1326574676-725345543-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1326574676-725345543-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2012-12-16 12:01 - 2005-03-28 19:13 - 00077824 _____ () C:\WINDOWS\system32\csdlocalmon.dll
2007-06-05 17:17 - 2007-06-05 17:17 - 00520192 _____ () C:\Program Files\Lavasoft\Ad-Aware 2007\Update.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-07-27 22:00 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2007-07-27 22:00 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2007-07-27 22:00 - 2008-04-14 05:42 - 00386048 _____ () C:\WINDOWS\system32\qdvd.dll
2007-07-27 22:00 - 2008-04-14 05:42 - 01288192 _____ () C:\WINDOWS\system32\quartz.dll
2007-07-27 22:00 - 2008-04-14 05:42 - 00192512 _____ () C:\WINDOWS\system32\qcap.dll
2007-09-18 11:23 - 2007-05-19 13:49 - 00272024 _____ () C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2011-07-30 05:31 - 2011-07-30 05:31 - 01249064 _____ () C:\Program Files\TVersity\Media Server\MediaServer.exe
2011-07-14 04:36 - 2011-07-14 04:36 - 00347944 _____ () C:\Program Files\TVersity\Media Server\taglib.dll
2011-07-14 04:36 - 2011-07-14 04:36 - 00225064 _____ () C:\Program Files\TVersity\Media Server\CORE_RL_lcms_.dll
2011-07-14 04:36 - 2011-07-14 04:36 - 00031528 _____ () C:\Program Files\TVersity\Media Server\CORE_RL_xlib_.dll
2011-07-14 04:36 - 2011-07-14 04:36 - 00716584 _____ () C:\Program Files\TVersity\Media Server\log4cxx.dll
2011-07-14 04:35 - 2011-07-14 04:35 - 04534072 _____ () C:\Program Files\TVersity\Media Server\avcodec-52.dll
2011-07-14 04:36 - 2011-07-14 04:36 - 00083768 _____ () C:\Program Files\TVersity\Media Server\avutil-50.dll
2011-07-14 04:36 - 2011-07-14 04:36 - 00313640 _____ () C:\Program Files\TVersity\Media Server\libmp3lame-0.dll
2011-07-14 04:36 - 2011-07-14 04:36 - 00795448 _____ () C:\Program Files\TVersity\Media Server\avformat-52.dll
2011-07-14 04:35 - 2011-07-14 04:35 - 00203064 _____ () C:\Program Files\TVersity\Media Server\swscale-0.dll
2011-07-14 04:36 - 2011-07-14 04:36 - 00509720 _____ () C:\Program Files\TVersity\Media Server\sqlite3.dll
2007-07-27 22:00 - 2008-04-14 05:42 - 01288192 _____ () C:\WINDOWS\system32\QUARTZ.dll
2011-05-23 03:21 - 2011-05-23 03:21 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2007-08-08 11:21 - 2006-12-03 14:53 - 00126464 _____ () C:\Program Files\WinRAR\rarext.dll
2015-03-06 17:28 - 2015-03-06 17:28 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
2015-03-06 17:28 - 2015-03-06 17:28 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\log4cplusU.dll
2009-10-27 13:27 - 2007-12-11 15:36 - 00245760 _____ () C:\WINDOWS\system32\WlanApp.dll
2012-10-29 19:45 - 2015-03-06 17:28 - 02503704 _____ () C:\Program Files\AVG Secure Search\vprot.exe
2015-01-25 10:35 - 2012-09-21 00:16 - 00442696 _____ () C:\Program Files\Hostless Modem\Telstra USB+Wi-Fi\CheckNDISPort_df.exe
2006-10-26 21:30 - 2006-10-26 21:30 - 00065312 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2006-10-27 15:35 - 2006-10-27 15:35 - 00436512 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2006-10-26 13:56 - 2006-10-26 13:56 - 00757008 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2015-03-13 11:24 - 2015-03-07 16:13 - 09279304 _____ () C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\Application\41.0.2272.89\pdf.dll
2014-04-26 08:25 - 2014-02-10 12:44 - 04592128 _____ () C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-26 08:25 - 2014-02-10 12:44 - 00112128 _____ () C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-03-13 11:24 - 2015-03-07 16:13 - 14974280 _____ () C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B946D9EE
AlternateDataStreams: C:\Documents and Settings\Work 2\Desktop\tdsskiller.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aawservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Work 2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-1343024091-1326574676-725345543-1008\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
HKU\S-1-5-21-1343024091-1326574676-725345543-500\Control Panel\Desktop\\Wallpaper -> (None)
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk => C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk => C:\WINDOWS\pss\ImageMixer for HDD Camcorder.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Work 2^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: dskl => C:\DS\dskl.exe
MSCONFIG\startupreg: Easy-PrintToolBox => C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
MSCONFIG\startupreg: Freecorder FLV Service => "C:\Program Files\Freecorder\FLVSrvc.exe" /run
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Hardware Abstraction Layer => "C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
MSCONFIG\startupreg: nod32kui => "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
MSCONFIG\startupreg: OnlineTextBuddy => "C:\Program Files\Telstra\OnlineTextBuddy\OnlineTextBuddy.exe" /quiet
MSCONFIG\startupreg: OODefragTray => C:\WINDOWS\system32\oodtray.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchSettings => "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: SkyTel => SkyTel.EXE
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\real\realplayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: UpdateReminder => C:\Program Files\Eset\UpdateReminder.exe
MSCONFIG\startupreg: UVS11 Preload => C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1343024091-1326574676-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1343024091-1326574676-725345543-1005 - Limited - Enabled)
Guest (S-1-5-21-1343024091-1326574676-725345543-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1343024091-1326574676-725345543-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1343024091-1326574676-725345543-1002 - Limited - Disabled)
User2 (S-1-5-21-1343024091-1326574676-725345543-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\User2
Work 2 (S-1-5-21-1343024091-1326574676-725345543-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Work 2
 
==================== Faulty Device Manager Devices =============
 
Name: Logitech PS/2 Keyboard
Description: Logitech PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: Logitech
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/14/2015 08:43:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 41.0.2272.89, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [chrome.exe!ws!]
 
Error: (03/14/2015 08:42:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 41.0.2272.89, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [chrome.exe!ws!]
 
Error: (03/14/2015 08:38:09 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.
 
Error: (03/14/2015 08:38:09 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.
 
Error: (03/14/2015 08:38:03 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.
 
Error: (03/14/2015 08:38:03 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.
 
Error: (03/14/2015 08:37:58 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.
 
Error: (03/14/2015 08:37:58 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: The server name or address could not be resolved
 
Error: (03/14/2015 08:35:48 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.
 
Error: (03/14/2015 08:35:48 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.
 
 
System errors:
=============
Error: (03/14/2015 08:41:16 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.
 
Error: (03/14/2015 08:39:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SPCA1528 Video Camera Service service failed to start due to the following error: 
%%2
 
Error: (03/14/2015 08:39:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG WatchDog service failed to start due to the following error: 
%%1053
 
Error: (03/14/2015 08:39:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the AVG WatchDog service to connect.
 
Error: (03/14/2015 08:39:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVGIDSAgent service failed to start due to the following error: 
%%1053
 
Error: (03/14/2015 08:39:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect.
 
Error: (03/14/2015 08:39:46 AM) (Source: WMPNetworkSvc) (EventID: 14325) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80004002'. In Windows Media Player, turn off media sharing, and then turn it back on.
 
Error: (03/14/2015 08:38:24 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (03/14/2015 08:33:48 AM) (Source: DCOM) (EventID: 10005) (User: COMPUTER)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (03/14/2015 08:32:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AFD
Avgdiskx
AVGIDSDriverl
AVGIDSShim
Avgldx86
Avgtdix
Fips
i8042prt
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SCDEmu
StarOpen
Tcpip
WS2IFSL
 
 
Microsoft Office Sessions:
=========================
Error: (12/15/2014 05:45:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 805 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error: (09/22/2014 06:46:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2679 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error: (08/11/2014 07:34:18 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3750 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error: (01/31/2014 03:20:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6344 seconds with 1560 seconds of active time.  This session ended with a crash.
 
Error: (10/30/2013 07:36:01 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1401 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error: (10/03/2013 08:42:54 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 711 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error: (09/11/2013 02:18:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/22/2013 03:20:16 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18698 seconds with 2400 seconds of active time.  This session ended with a crash.
 
Error: (06/19/2013 09:13:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 19942 seconds with 2100 seconds of active time.  This session ended with a crash.
 
Error: (05/21/2013 10:04:09 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1611 seconds with 780 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 90%
Total physical RAM: 2039.07 MB
Available physical RAM: 194.04 MB
Total Pagefile: 4970.38 MB
Available Pagefile: 2963.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.76 MB
 
==================== Drives ================================
 
Drive c: (Main) (Fixed) (Total:931.51 GB) (Free:2.99 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: C8188012)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 


  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts

Hello Damon,

Welcome to Geekstogo.

Firstly

Please uninstall the following adware programs:

Bundled software uninstaller
RIA-Media Viewer
Vuze Remote Toolbar
YTD Toolbar v6.2

Step 2

FRST reports two Anti-virus programs running on your machine.

Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You may end up with little or no protection.

Please uninstall either of:

AVG AntiVirus Free Edition
Or
Eset NOD32 antivirus system 2.51

As Eset is out of date you should either update it or uninstall that one.

Next

Open notepad.

Please copy the contents of the code box below.

To do this highlight (click in the box and press Ctrl + A) the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
 

HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\MountPoints2: {12ed4923-8c89-11e4-9a6b-001e8cd6744c} - D:\AutoRun.exe
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\MountPoints2: {15fe27ef-80d3-11de-9878-00240110331d} - WDSetup.exe
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\MountPoints2: {3b2f7023-ea98-11e1-9999-001e8cd6744c} - G:\Install_Nokia_Ovi_Suite.exe
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\MountPoints2: {4c61e554-5e6e-11e0-98ed-00240110331d} - G:\AutoRun.exe
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\MountPoints2: {4c61e555-5e6e-11e0-98ed-001e8cd6744c} - G:\AutoRun.exe
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\MountPoints2: {782b5184-51b0-11e4-9a62-001e8cd6744c} - F:\RunClubSanDisk.exe
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\MountPoints2: {f3b1f293-1bea-11e0-98c0-001e8cd6744c} - H:\AutoRun.exe
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\MountPoints2: {f3b1f295-1bea-11e0-98c0-001e8cd6744c} - H:\AutoRun.exe
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\DOCUME~1\WORK2~1\Desktop\rkill.scr
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
URLSearchHook: HKU\S-1-5-21-1343024091-1326574676-725345543-1006 - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
URLSearchHook: HKU\S-1-5-21-1343024091-1326574676-725345543-1006 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Documents and Settings\Work 2\Local Settings\Application Data\Vuze_Remote\prxtbVuz2.dll (ClientConnect Ltd.)
URLSearchHook: [S-1-5-21-1343024091-1326574676-725345543-500] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1343024091-1326574676-725345543-1006 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2504091
SearchScopes: HKU\S-1-5-21-1343024091-1326574676-725345543-1006 -> {F02EF4DB-5280-4E91-B854-AA0795C93A5A} URL = http://au.search.yah...p={searchTerms}
Toolbar: HKLM - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll [2012-07-26] (Spigot, Inc.)
Toolbar: HKLM - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Documents and Settings\Work 2\Local Settings\Application Data\Vuze_Remote\prxtbVuz2.dll [2014-09-23] (ClientConnect Ltd.)
Toolbar: HKU\S-1-5-21-1343024091-1326574676-725345543-1006 -> Vuze Remote Toolbar - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Documents and Settings\Work 2\Local Settings\Application Data\Vuze_Remote\prxtbVuz2.dll [2014-09-23] (ClientConnect Ltd.)
Toolbar: HKU\S-1-5-21-1343024091-1326574676-725345543-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF Extension: Vuze Remote  - C:\Documents and Settings\Work 2\Application Data\Mozilla\Firefox\Profiles\9fauh4ap.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2015-01-15]
F Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR Extension: (Vuze Remote) - C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk [2012-10-08]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.1.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - No Path Or update_url value
S3 BS2561008352; \??\C:\DOCUME~1\WORK2~1\LOCALS~1\Temp\NTFS.sys [X]
C:\DOCUME~1\WORK2~1\LOCALS~1\Temp\NTFS.sys
ZeroAccess:
C:\Windows\Installer\{0a52bac8-e97c-961b-ec61-eb84061522eb}
C:\Windows\Installer\{0a52bac8-e97c-961b-ec61-eb84061522eb}\@
ZeroAccess:
C:\Documents and Settings\Work 2\Local Settings\Application Data\{0a52bac8-e97c-961b-ec61-eb84061522eb}
C:\Documents and Settings\Work 2\Local Settings\Application Data\{0a52bac8-e97c-961b-ec61-eb84061522eb}\@
C:\Documents and Settings\Work 2\Local Settings\Application Data\{0a52bac8-e97c-961b-ec61-eb84061522eb}\U\[email protected]
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\WINDOWS\TEMP\{D5BE814F-CAC9-4701-ACAB-0D9DCE3CA0F0}.exe <==== ATTENTION
C:\WINDOWS\TEMP\{D5BE814F-CAC9-4701-ACAB-0D9DCE3CA0F0}.exe
CMD: ipconfig /flushdns
EmptyTemp:

This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Please download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

TDSSKiller-main.jpg


  • Then click on Change parameters in TDSSKiller.
  • Another window will appear.
  • Check all boxes then click OK.
  • Click the Start Scan button.

tdss_3.jpg


  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

tdss_4.jpg


  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
tdss_5.jpg
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

So when you return please post

  • Fixlog.txt
  • TDSSKiller log.txt

 


  • 1

#3
Damon(V)

Damon(V)

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts

Hi emeraldnzl,

 

Thank you for your help, much appreciated.

I'm not sure if FRST completed properly as an error box came up but I have the log.

TDSSKiller did not run, nothing happened when I clicked run.


 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Work 2 at 2015-03-14 18:04:18 Run:1
Running from C:\Documents and Settings\Work 2\Desktop
Loaded Profiles: Work 2 (Available profiles: Work 2 & User2 & Administrator)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\MountPoints2: {12ed4923-8c89-11e4-9a6b-001e8cd6744c} - D:\AutoRun.exe
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\MountPoints2: {15fe27ef-80d3-11de-9878-00240110331d} - WDSetup.exe
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\MountPoints2: {3b2f7023-ea98-11e1-9999-001e8cd6744c} - G:\Install_Nokia_Ovi_Suite.exe
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\MountPoints2: {4c61e554-5e6e-11e0-98ed-00240110331d} - G:\AutoRun.exe
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\MountPoints2: {4c61e555-5e6e-11e0-98ed-001e8cd6744c} - G:\AutoRun.exe
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\MountPoints2: {782b5184-51b0-11e4-9a62-001e8cd6744c} - F:\RunClubSanDisk.exe
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\MountPoints2: {f3b1f293-1bea-11e0-98c0-001e8cd6744c} - H:\AutoRun.exe
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...\MountPoints2: {f3b1f295-1bea-11e0-98c0-001e8cd6744c} - H:\AutoRun.exe
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\DOCUME~1\WORK2~1\Desktop\rkill.scr
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
URLSearchHook: HKU\S-1-5-21-1343024091-1326574676-725345543-1006 - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
URLSearchHook: HKU\S-1-5-21-1343024091-1326574676-725345543-1006 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Documents and Settings\Work 2\Local Settings\Application Data\Vuze_Remote\prxtbVuz2.dll (ClientConnect Ltd.)
URLSearchHook: [S-1-5-21-1343024091-1326574676-725345543-500] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1343024091-1326574676-725345543-1006 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2504091
SearchScopes: HKU\S-1-5-21-1343024091-1326574676-725345543-1006 -> {F02EF4DB-5280-4E91-B854-AA0795C93A5A} URL = http://au.search.yah...p={searchTerms}
Toolbar: HKLM - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll [2012-07-26] (Spigot, Inc.)
Toolbar: HKLM - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Documents and Settings\Work 2\Local Settings\Application Data\Vuze_Remote\prxtbVuz2.dll [2014-09-23] (ClientConnect Ltd.)
Toolbar: HKU\S-1-5-21-1343024091-1326574676-725345543-1006 -> Vuze Remote Toolbar - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Documents and Settings\Work 2\Local Settings\Application Data\Vuze_Remote\prxtbVuz2.dll [2014-09-23] (ClientConnect Ltd.)
Toolbar: HKU\S-1-5-21-1343024091-1326574676-725345543-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF Extension: Vuze Remote  - C:\Documents and Settings\Work 2\Application Data\Mozilla\Firefox\Profiles\9fauh4ap.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2015-01-15]
F Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR Extension: (Vuze Remote) - C:\Documents and Settings\Work 2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk [2012-10-08]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.1.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - No Path Or update_url value
S3 BS2561008352; \??\C:\DOCUME~1\WORK2~1\LOCALS~1\Temp\NTFS.sys [X]
C:\DOCUME~1\WORK2~1\LOCALS~1\Temp\NTFS.sys
ZeroAccess:
C:\Windows\Installer\{0a52bac8-e97c-961b-ec61-eb84061522eb}
C:\Windows\Installer\{0a52bac8-e97c-961b-ec61-eb84061522eb}\@
ZeroAccess:
C:\Documents and Settings\Work 2\Local Settings\Application Data\{0a52bac8-e97c-961b-ec61-eb84061522eb}
C:\Documents and Settings\Work 2\Local Settings\Application Data\{0a52bac8-e97c-961b-ec61-eb84061522eb}\@
C:\Documents and Settings\Work 2\Local Settings\Application Data\{0a52bac8-e97c-961b-ec61-eb84061522eb}\U\[email protected]
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\WINDOWS\TEMP\{D5BE814F-CAC9-4701-ACAB-0D9DCE3CA0F0}.exe <==== ATTENTION
C:\WINDOWS\TEMP\{D5BE814F-CAC9-4701-ACAB-0D9DCE3CA0F0}.exe
CMD: ipconfig /flushdns
EmptyTemp:
*****************
 
HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => Value was restored successfully.
"HKU\S-1-5-21-1343024091-1326574676-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12ed4923-8c89-11e4-9a6b-001e8cd6744c}" => Key deleted successfully.
HKCR\CLSID\{12ed4923-8c89-11e4-9a6b-001e8cd6744c} => Key not found. 
"HKU\S-1-5-21-1343024091-1326574676-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15fe27ef-80d3-11de-9878-00240110331d}" => Key deleted successfully.
HKCR\CLSID\{15fe27ef-80d3-11de-9878-00240110331d} => Key not found. 
"HKU\S-1-5-21-1343024091-1326574676-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b2f7023-ea98-11e1-9999-001e8cd6744c}" => Key deleted successfully.
HKCR\CLSID\{3b2f7023-ea98-11e1-9999-001e8cd6744c} => Key not found. 
"HKU\S-1-5-21-1343024091-1326574676-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c61e554-5e6e-11e0-98ed-00240110331d}" => Key deleted successfully.
HKCR\CLSID\{4c61e554-5e6e-11e0-98ed-00240110331d} => Key not found. 
"HKU\S-1-5-21-1343024091-1326574676-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c61e555-5e6e-11e0-98ed-001e8cd6744c}" => Key deleted successfully.
HKCR\CLSID\{4c61e555-5e6e-11e0-98ed-001e8cd6744c} => Key not found. 
"HKU\S-1-5-21-1343024091-1326574676-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{782b5184-51b0-11e4-9a62-001e8cd6744c}" => Key deleted successfully.
HKCR\CLSID\{782b5184-51b0-11e4-9a62-001e8cd6744c} => Key not found. 
"HKU\S-1-5-21-1343024091-1326574676-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3b1f293-1bea-11e0-98c0-001e8cd6744c}" => Key deleted successfully.
HKCR\CLSID\{f3b1f293-1bea-11e0-98c0-001e8cd6744c} => Key not found. 
"HKU\S-1-5-21-1343024091-1326574676-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3b1f295-1bea-11e0-98c0-001e8cd6744c}" => Key deleted successfully.
HKCR\CLSID\{f3b1f295-1bea-11e0-98c0-001e8cd6744c} => Key not found. 
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\Control Panel\Desktop\\SCRNSAVE.EXE => Value was restored successfully.
"HKU\S-1-5-21-1343024091-1326574676-725345543-1006\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}" => Key deleted successfully.
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} => Value not found.
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} => Value not found.

  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts

Yes it's a nasty infection and that fix was only partially successful.

Leave the TDSSKiller one for now. :)

Let's try FRST again

Open notepad.

Please copy the contents of the code box below.

To do this highlight (click in the box and press Ctrl + A) the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
 

HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
S3 BS2561008352; \??\C:\DOCUME~1\WORK2~1\LOCALS~1\Temp\NTFS.sys [X]
unlock:C:\DOCUME~1\WORK2~1\LOCALS~1\Temp\NTFS.sys
C:\DOCUME~1\WORK2~1\LOCALS~1\Temp\NTFS.sys
ZeroAccess:
C:\Windows\Installer\{0a52bac8-e97c-961b-ec61-eb84061522eb}
C:\Windows\Installer\{0a52bac8-e97c-961b-ec61-eb84061522eb}\@
ZeroAccess:
C:\Documents and Settings\Work 2\Local Settings\Application Data\{0a52bac8-e97c-961b-ec61-eb84061522eb}
C:\Documents and Settings\Work 2\Local Settings\Application Data\{0a52bac8-e97c-961b-ec61-eb84061522eb}\@
C:\Documents and Settings\Work 2\Local Settings\Application Data\{0a52bac8-e97c-961b-ec61-eb84061522eb}\U\[email protected]
EmptyTemp:

This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 


  • 0

#5
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts

Further to my last post.

 

Getting late here and I am signing off now.

 

I will catch you tomorrow morning my time. :)


  • 0

#6
Damon(V)

Damon(V)

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts

Thank you! Here's the log.

Cheers,

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Work 2 at 2015-03-14 19:21:09 Run:2
Running from C:\Documents and Settings\Work 2\Desktop
Loaded Profiles: Work 2 (Available profiles: Work 2 & User2 & Administrator)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
S3 BS2561008352; \??\C:\DOCUME~1\WORK2~1\LOCALS~1\Temp\NTFS.sys [X]
unlock:C:\DOCUME~1\WORK2~1\LOCALS~1\Temp\NTFS.sys
C:\DOCUME~1\WORK2~1\LOCALS~1\Temp\NTFS.sys
ZeroAccess:
C:\Windows\Installer\{0a52bac8-e97c-961b-ec61-eb84061522eb}
C:\Windows\Installer\{0a52bac8-e97c-961b-ec61-eb84061522eb}\@
ZeroAccess:
C:\Documents and Settings\Work 2\Local Settings\Application Data\{0a52bac8-e97c-961b-ec61-eb84061522eb}
C:\Documents and Settings\Work 2\Local Settings\Application Data\{0a52bac8-e97c-961b-ec61-eb84061522eb}\@
C:\Documents and Settings\Work 2\Local Settings\Application Data\{0a52bac8-e97c-961b-ec61-eb84061522eb}\U\[email protected]
EmptyTemp:
*****************
 
HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => Value was restored successfully.
HKU\S-1-5-21-1343024091-1326574676-725345543-1006\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key not found. 
BS2561008352 => Service deleted successfully.
"C:\DOCUME~1\WORK2~1\LOCALS~1\Temp\NTFS.sys" => Not found.
"C:\DOCUME~1\WORK2~1\LOCALS~1\Temp\NTFS.sys" => File/Directory not found.
ZeroAccess: => Error: No automatic fix found for this entry.
C:\Windows\Installer\{0a52bac8-e97c-961b-ec61-eb84061522eb} => Moved successfully.
"C:\Windows\Installer\{0a52bac8-e97c-961b-ec61-eb84061522eb}\@" => File/Directory not found.
ZeroAccess: => Error: No automatic fix found for this entry.
C:\Documents and Settings\Work 2\Local Settings\Application Data\{0a52bac8-e97c-961b-ec61-eb84061522eb} => Moved successfully.
"C:\Documents and Settings\Work 2\Local Settings\Application Data\{0a52bac8-e97c-961b-ec61-eb84061522eb}\@" => File/Directory not found.
"C:\Documents and Settings\Work 2\Local Settings\Application Data\{0a52bac8-e97c-961b-ec61-eb84061522eb}\U\[email protected]" => File/Directory not found.
EmptyTemp: => Removed 1.2 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 19:23:20 ====

  • 0

#7
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts

Okay let's try TDSSKiller again. :)


  • 0

#8
Damon(V)

Damon(V)

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts

TDSSKiller still won't run :(


  • 0

#9
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts

Let's try this then:
 
Please download Rkill by Grinler and save it to your desktop.

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • When the scan is finished Notepad will open with rKill log. Please copy and past that in your reply.
  • Note: rKill.txt log can also be found on your desktop.
     
     
    Do not reboot the computer, or use it for any other action until we have analyzed the log and decided on what route to take. :)

  • 0

#10
Damon(V)

Damon(V)

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts

None of the first 3 RKill's worked, the 4th one came up with a 404 error.


  • 0

Advertisements


#11
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts

Okay, before we move onto some other options try running TDSSKiller from Safe Mode.

 

Boot into Safe Mode:

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, tap F8 continually.
3) Instead of Windows loading as normal, a menu should appear
4) Select the option, to run Windows in Safe Mode.

 

 

PS On another note, I should tell you that Cyclone Pam is heading our way and should beginning hitting us in a few hours. If I can't get back to you, you will know why lol.
 

 


  • 0

#12
Damon(V)

Damon(V)

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts

No go in safe mode either.


Yes my mother and grandmother are over there, I hope everyone get's through it ok, good luck with it.


  • 0

#13
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts

 

Yes my mother and grandmother are over there, I hope everyone get's through it ok, good luck with it.

 

Usually they dissipate by the time they reach us in the North of NZ. This one though is supposedly stronger than most.

 

With luck it won't be too bad. What generally happens is some power lines somewhere get blown down or damaged and we lose power... no electricity, no internet lol.

 

Turning to your machines problem.

 

We still have some options.

 

One that can often get around blocking by Malware is this one. Before we go to other options or to our fall back position of the Recovery Environment let's try it.

 

Edit: Try it first in Normal mode. If that doesn't work then try Safe Mode.

 

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
 

  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you.  Please include the C:\ComboFix.txt in your next reply.


  • 0

#14
Damon(V)

Damon(V)

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts

ComboFix came up saying that both AVG and Nod32 were active. I can't find either of them anywhere on my pc. Combo fix ran regardless (I couldn't stop it :) ).

 

ComboFix 15-03-14.03 - Work 2 15/03/2015   8:24.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2039.1183 [GMT 10:00]
Running from: c:\documents and settings\Work 2\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Eset NOD32 antivirus system 2.51 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Work 2\My Documents\~WRL1248.tmp
c:\documents and settings\Work 2\My Documents\~WRL1872.tmp
c:\documents and settings\Work 2\My Documents\~WRL1918.tmp
c:\documents and settings\Work 2\My Documents\~WRL2091.tmp
c:\documents and settings\Work 2\My Documents\~WRL2846.tmp
c:\documents and settings\Work 2\My Documents\~WRL3007.tmp
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\kb893803v2_wxp.cat
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00003
c:\windows\$msi31uninstall_kb893803v2$\reg00004
c:\windows\$msi31uninstall_kb893803v2$\reg00005
c:\windows\$msi31uninstall_kb893803v2$\reg00006
c:\windows\$msi31uninstall_kb893803v2$\reg00007
c:\windows\$msi31uninstall_kb893803v2$\reg00008
c:\windows\$msi31uninstall_kb893803v2$\reg00009
c:\windows\$msi31uninstall_kb893803v2$\reg00010
c:\windows\$msi31uninstall_kb893803v2$\reg00011
c:\windows\$msi31uninstall_kb893803v2$\reg00012
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\msdownld.tmp
c:\windows\system32\Cache
c:\windows\system32\Cache\1eff8bf870c77bd3.fb
c:\windows\system32\Cache\238e7a238af7c070.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2a3281d874510baf.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\389c5cfa17d71ffa.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3da1a0ac5e14ac06.fb
c:\windows\system32\Cache\5593449403e48f17.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\7583d379a532d554.fb
c:\windows\system32\Cache\8184c0bca0c4d25f.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\984e0ab75273d58e.fb
c:\windows\system32\Cache\999cb508fc951a8c.fb
c:\windows\system32\Cache\a602c1afc6359728.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\accca040b468a3a8.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c12f859fe2ddbe98.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\c64e66b6bdef1a69.fb
c:\windows\system32\Cache\d0531774287766cd.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\ea143b7a6844283d.fb
c:\windows\system32\Cache\ef6befe565901ea5.fb
c:\windows\system32\Cache\f2bf864c1aa8c376.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Cache\f99a871c0a031fc2.fb
c:\windows\system32\SET102.tmp
c:\windows\system32\SET107.tmp
c:\windows\system32\SET154.tmp
c:\windows\UA000080.DLL
.
.

  • 0

#15
Damon(V)

Damon(V)

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
(((((((((((((((((((((((((   Files Created from 2015-02-14 to 2015-03-14  )))))))))))))))))))))))))))))))
.
.
2015-03-14 04:00 . 2015-03-14 05:55 -------- d-----w- C:\AdwCleaner
2015-03-10 21:18 . 2015-03-14 09:25 -------- d-----w- C:\FRST
2015-03-09 10:57 . 2015-03-09 10:57 -------- d-----w- c:\documents and settings\User2
2015-03-09 10:27 . 2015-03-09 10:27 4579240 ----a-w- C:\avg_isct_stb_all_2015_5315_cm5.exe
2015-03-08 03:10 . 2015-03-08 03:12 5475064 ----a-w- C:\avast_free_antivirus_setup_online.exe
2015-03-08 01:15 . 2015-03-14 07:56 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2015-03-08 00:24 . 2015-03-08 00:25 -------- d-----w- c:\documents and settings\Administrator
2015-03-06 23:36 . 2015-03-06 23:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Identities
2015-03-06 23:34 . 2015-03-06 23:34 -------- d-----w- c:\program files\Common Files\Microsoft
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-06 20:34 . 2012-04-02 07:41 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-06 20:34 . 2011-06-12 04:21 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-06 20:34 . 2015-02-06 20:34 5059760 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\documents and settings\Work 2\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\documents and settings\Work 2\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\documents and settings\Work 2\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\documents and settings\Work 2\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2014-01-14 2122824]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-01-23 31090792]
"GoogleChromeAutoLaunch_3DFCF6B2AEB445B8DC09B36EA9332B3A"="c:\documents and settings\Work 2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2015-03-07 809288]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-02-19 5503768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Wireless G DWA-110"="c:\program files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe" [2008-04-15 1675264]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-01 254336]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-13 273544]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2014-12-17 3667472]
"CheckNDISPort_df"="c:\program files\Hostless Modem\Telstra USB+Wi-Fi\CheckNDISPort_df.exe" [2012-09-20 442696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0OODBS\0c:\progra~1\AVG\AVG2015\avgrsx.exe /sync /restart\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer for HDD Camcorder.lnk
backup=c:\windows\pss\ImageMixer for HDD Camcorder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Work 2^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Work 2\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 02:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-10 02:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 17:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-21 18:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 02:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-26 21:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]
2010-06-10 03:42 2621440 ------r- c:\program files\Browny02\Brother\BrStMonW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-03-14 17:09 2565520 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2011-08-04 07:06 1612920 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2006-10-17 01:20 398944 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2014-10-22 06:05 107912 ----atw- c:\documents and settings\Work 2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 14:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 11:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 06:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 08:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2006-05-09 23:48 94208 ----a-w- c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 19:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 04:21 2213160 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 04:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnlineTextBuddy]
2005-04-07 04:13 839680 ----a-w- c:\program files\Telstra\OnlineTextBuddy\OnlineTextBuddy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2007-05-10 16:08 2512392 ----a-w- c:\windows\system32\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 08:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-10-11 03:04 1826816 ----a-r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-01 23:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 03:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-07-13 23:45 273544 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
2007-03-03 04:12 341488 ----a-w- c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Documents and Settings\\Work 2\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\Work 2\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\SkypeCallRecorder\\SkypeCallRecorder.exe"=
"c:\\Documents and Settings\\Work 2\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgemcx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [9/17/2012 6:58 PM 154904]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8/9/2012 1:56 PM 230680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [8/10/2012 4:52 AM 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [9/25/2013 8:57 PM 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [6/17/2014 4:17 PM 192792]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [8/10/2012 4:52 AM 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/12/2012 11:47 AM 192792]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/12/2012 11:47 AM 200984]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [8/20/2007 12:14 PM 3712]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/12/2011 7:23 AM 35088]
R2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [3/7/2015 9:21 PM 5249808]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [1/2/2011 10:20 AM 19016]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [3/11/2010 7:17 PM 25088]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [12/18/2014 9:54 AM 3432976]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [12/18/2014 9:45 AM 298080]
S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys --> c:\windows\system32\Drivers\Ca1528av.sys [?]
S2 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [5/17/2011 5:25 PM 366872]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/2/2015 7:45 PM 315488]
S2 vToolbarUpdater18.3.0;vToolbarUpdater18.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [?]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [8/8/2007 7:09 AM 35712]
S3 AVEO;USB2.0 PC Camera;c:\windows\system32\drivers\AVEOdcnt.sys [1/26/2011 2:48 PM 224256]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [7/30/2013 4:27 PM 245760]
S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys --> c:\windows\system32\Drivers\Bulk1528.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [1/12/2011 5:20 PM 113280]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys --> c:\windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [1/23/2014 5:12 PM 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [1/23/2014 5:12 PM 8576]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [8/16/2011 11:09 AM 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [8/16/2011 11:09 AM 11104]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PBFILTER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 20:34]
.
2015-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 02:34]
.
2015-03-14 c:\windows\Tasks\Casper XP Scheduled Copy of Disk 1 to Disk 2.job
- c:\program files\Future Systems Solutions\Casper XP\CasperXP.EXE [2007-08-08 04:34]
.
2015-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-01 23:08]
.
2015-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-01 23:08]
.
2015-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1326574676-725345543-1006Core.job
- c:\documents and settings\Work 2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-16 06:05]
.
2015-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1326574676-725345543-1006UA.job
- c:\documents and settings\Work 2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-16 06:05]
.
2015-03-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1326574676-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 00:47]
.
2015-03-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1326574676-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 00:47]
.
2015-03-14 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-25 12:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
TCP: DhcpNameServer = 192.168.0.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-BVRPLiveUpdate - c:\program files\Avanquest update\Engine\Setup.exe
MSConfigStartUp-dskl - c:\ds\dskl.exe
MSConfigStartUp-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
MSConfigStartUp-nod32kui - c:\program files\Eset\nod32kui.exe
MSConfigStartUp-UpdateReminder - c:\program files\Eset\UpdateReminder.exe
AddRemove-Freecorder5.11 - c:\program files\Freecorder\uninstall.exe
AddRemove-Microsoft .NET Framework 2.0 - c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-15 08:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC90C}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC90D}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC90E}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC90F}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC912}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC913}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC914}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC915}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC916}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC918}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC919}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC91B}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC91C}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC91D}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC91E}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC91F}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC920}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC921}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC922}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC923}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC924}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC925}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC926}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC927}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC928}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC929}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC92A}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC92B}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC92C}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC92D}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC92E}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC92F}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC930}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC931}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC932}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC933}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC934}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC935}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC936}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC937}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC938}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC939}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC93A}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC93B}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC93D}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC93E}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC93F}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC940}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC941}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Formats\{6FDDC324-4E03-4BFE-B185-3D77768DC942}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\InProcServer32]
@DACL=(02 0000)
@="wmphoto.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}\Patterns]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A2735BEC-46BC-4082-99B9-F459F2E783FF}]
@DACL=(02 0000)
@="Nero MP3 Encoder"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a2822eff-6489-4459-861b-8806ac465a01}]
@DACL=(02 0000)
@="NMHDSPluginDevicesMyComputer Class"
"AppID"="{F7CA8AF7-6AD6-410B-B770-0E6223E9DDEF}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a2b9f980-e9b1-473a-af7e-0a864b060710}]
@DACL=(02 0000)
@="NMDSUriAccessProviderGetObjectThumbnail Class"
"AppID"="{5B6B7FA0-1598-46B0-A586-96DA77C19844}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A2C59623-BA04-42DF-AB69-3853430C7DD4}]
@DACL=(02 0000)
@="VST EIO"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A354BD60-4C0A-11d3-B561-00A0C92E6848}]
@DACL=(02 0000)
@="DataObject Class"
"AppID"="{3D62E9A1-D243-11D2-B561-00A0C92E6848}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A38B883C-1682-497E-97B0-0A3A9E801682}]
@DACL=(02 0000)
"ManualSafeSave"="1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A3DD4F92-658A-410F-84FD-6FBBBEF2FFFE}]
@DACL=(02 0000)
@="Internet Options"
"InfoTip"="@c:\\WINDOWS\\system32\\inetcpl.cpl,-4313"
"LocalizedString"="@c:\\WINDOWS\\system32\\inetcpl.cpl,-4312"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A42D5816-2C1B-4C00-BB0A-B4A0E9E322B6}]
@Class="REG_SZ"
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A438687F-0BA2-4B04-9760-CB2FDB19E32E}]
@DACL=(02 0000)
@="NCTeletextPidInfo Class"
"AppID"="{A3DABA07-89B0-4C1C-90E3-B70F956FD8FA}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A4741943-6C4B-4cf7-BF44-A0F4207D1330}]
@DACL=(02 0000)
@="IE Property Set Storage In Memory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A524E396-3310-400c-A346-8B835B6E44E2}]
@DACL=(02 0000)
@="NOSMarketingRegistration Class"
"AppID"="{FCCD4F86-3FED-4968-BC86-2159D3E1018D}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A55803CC-4D53-404c-8557-FD63DBA95D24}]
@DACL=(02 0000)
@="WPDShextAutoplay"
"AppID"="{A55803CC-4D53-404c-8557-FD63DBA95D24}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A55974C4-FBA1-4BD0-A93E-9EA842DAB865}]
@Class="REG_SZ"
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A60E4D06-B66D-4AB3-9F06-380239F09F43}]
@DACL=(02 0000)
@="AudioEffectLibrary.DistortionPage"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A6247D2A-C8F9-423B-A3D9-88D3BE59D6B5}]
@DACL=(02 0000)
@="Nero Video Controls Property Page"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a65786fa-926f-4ef3-9aa6-0aa28074f26d}]
@DACL=(02 0000)
@="NMBAppGlobals Class"
"AppID"="{3D261FC4-4BE7-41A7-BA15-DB9FC39E3792}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A67E7FC3-833A-4D1F-B959-5D17C8098779}]
@DACL=(02 0000)
@="ILXShareLog Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A6B222AB-A5EA-4899-B230-084657EDDC7D}]
@DACL=(02 0000)
@="Browser Thread State"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a709a741-be5b-4770-b56f-e0fa82a20a3f}]
@DACL=(02 0000)
@="NMHDSPluginMovies Class"
"AppID"="{F7CA8AF7-6AD6-410B-B770-0E6223E9DDEF}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A76E25F7-3D1C-42E7-B6FA-0DD11C884740}]
@DACL=(02 0000)
@="General"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a861a366-0c7a-484b-9116-f366bf0fa23f}]
@DACL=(02 0000)
@="BurnProgressWindow Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A8792A31-F385-493C-A893-40F64EB45F6E}]
@Class="REG_SZ"
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a8a7eb46-fa1c-449a-9bb0-d6bdcddab9cb}]
@DACL=(02 0000)
@="NMSearc0DataFeedFactory Class"
"AppID"="{5B6B7FA0-1598-46B0-A586-96DA77C19844}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A8F6550E-EEF4-4A19-B1F4-052404F217AC}]
@Class="REG_SZ"
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A92C2CFB-37ED-425D-9179-472A0D85E551}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a9a286c2-3cf5-4b20-95df-3099f642863c}]
@DACL=(02 0000)
@="SurroundLED Class"
"AppID"="{6C9A9A5F-CF69-4D76-8DDC-55C552340928}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a9b0528c-e8f1-4bb1-926d-a2bf7d87c411}]
@DACL=(02 0000)
@="NMBAppGlobalSettingsParentalControl Class"
"AppID"="{3D261FC4-4BE7-41A7-BA15-DB9FC39E3792}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A9C2CEBF-36DC-40A3-92E6-ED59FDD9D20D}]
@DACL=(02 0000)
@="SONY Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a9e32835-244e-4159-8bc6-c7f7e2759d28}]
@DACL=(02 0000)
@="NMCFPropertyValueCompoundValidator Class"
"AppID"="{44B7557A-465A-41DB-B2DD-6CD1BB58C800}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A9F5348E-6581-4D82-A23B-86C649544BF0}]
@DACL=(02 0000)
@="ArcSoft AAC Setting"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA0AF823-B0D0-40c7-AE77-F13B14D9FFAE}]
@DACL=(02 0000)
@="Toolbar Extension for Bands"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA274BF6-E29B-4BD0-881F-217333F0215F}]
@DACL=(02 0000)
@="CAudioClipServer Object"
"AppID"=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA2E3476-56ED-473C-85A2-27C1B04D724D}]
@DACL=(02 0000)
@="Nero Audible Decoder"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA49CC5B-F871-4E04-AA59-72120508145B}]
@DACL=(02 0000)
@="AudioEffectLibrary.DistortionPlugIn"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA4B69AD-D5E4-4BDD-8795-DA7EB3CFCE82}]
@DACL=(02 0000)
@="Additive Blend"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA5A7816-727A-471A-88EC-8D41B74199D2}]
@Class="REG_SZ"
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA7E2086-CB55-11D2-8094-00104B1F9838}]
@DACL=(02 0000)
@="InstallShield setup object wrapper"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA7E2087-CB55-11D2-8094-00104B1F9838}]
@DACL=(02 0000)
@="InstallShield setup object wrapper"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA7E3C50-864C-4604-BC04-8B0B76E637F6}]
@DACL=(02 0000)
"SpecVersion"="1.0.0.0"
"Version"="1.0.0.0"
"Vendor"="{F0E749CA-EDEF-4589-A73A-EE0E626A2A2B}"
"MetadataFormat"="{326556A2-F502-4354-9CC0-8E3F48EAF6B5}"
"RequiresFullStream"=dword:00000000
"SupportsPadding"=dword:00000000
"Author"="Microsoft"
"FriendlyName"="App13 Reader"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA8A3797-9E53-4C06-9891-875430FD3219}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA94DCC2-B8B0-4898-B835-000AABD74393}]
@DACL=(02 0000)
"Version"="1.0.0.0"
"SpecVersion"="1.0.0.0"
"Vendor"="{F0E749CA-EDEF-4589-A73A-EE0E626A2A2B}"
"MetadataFormat"="{7B08A675-91AA-481B-A798-4DA94908613B}"
"RequiresFullStream"=dword:00000000
"SupportsPadding"=dword:00000000
"Author"="Microsoft"
"FriendlyName"="XMP Alt Reader"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AAC2B978-266D-48ae-AA28-60A3EBB872D0}]
@DACL=(02 0000)
@="IE RSS FeedFolder Tasks"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AADE03FE-7BB6-4312-981D-E9F6DAAA3D75}]
@DACL=(02 0000)
@="ULXDiscScriptWriter Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AAF4F5A6-00ED-4766-B0D0-0F12451D944C}]
@DACL=(02 0000)
@="AudioEffectLibrary.PitchBenderPlugIn"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ab1858a0-2591-44c6-b978-7617773ab464}]
@DACL=(02 0000)
@="NMBCFactory Class"
"AppID"="{3E0C78AE-A3A5-49A6-8D3F-63AD6C80EBA0}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AB31E903-FFE4-4091-ABE6-E69CA1D629EE}]
@DACL=(02 0000)
@="MeltDown"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AB9DB457-1171-4D1F-99C1-63F6811ED440}]
@DACL=(02 0000)
@="Audio Mixer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ABA1523B-38A2-40AE-B3EC-C467FE1608E1}]
@DACL=(02 0000)
@="Supertwirl"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC092426-DA6F-4A3D-A440-6E770ABBB000}]
@DACL=(02 0000)
@="NCSystemConfiguration Class"
"AppID"="{A3DABA07-89B0-4C1C-90E3-B70F956FD8FA}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC1682C6-78B4-4C0A-9D8C-D131F3068D2A}]
@DACL=(02 0000)
@="AudioEffectLibrary.StereoProcessorPlugIn"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC4CE3CB-E1C1-44CD-8215-5A1665509EC2}]
@DACL=(02 0000)
"Author"="Microsoft"
"ColorManagementVersion"="1.0.0.0"
"ContainerFormat"="{57A37CAA-367A-4540-916B-F183C5093A4B}"
"FileExtensions"=".wdp"
"FriendlyName"="WMPhoto Encoder"
"MimeTypes"="image/vnd.ms-photo"
"SpecVersion"="1.0.0.0"
"SupportAnimation"=dword:00000000
"SupportChromakey"=dword:00000000
"SupportLossless"=dword:00000001
"SupportMultiframe"=dword:00000001
"Vendor"="{F0E749CA-EDEF-4589-A73A-EE0E626A2A2B}"
"Version"="1.0.0.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC8BF71E-E41F-4FE7-B58C-E4AC3555C0BF}]
@DACL=(02 0000)
@="DirectBurnSource Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ACE52D03-E5CD-4b20-82FF-E71B11BEAE1D}]
@DACL=(02 0000)
@="Shell Name Space ListView"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AD47916A-A2EB-48F7-9ACA-221790DA98CC}]
@DACL=(02 0000)
@="BackWeb Client Files Access"
"AppID"="{AD47916A-A2EB-48F7-9ACA-221790DA98CC}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{adc8513c-d58e-4d29-a6ab-7d5ea44562c4}]
@DACL=(02 0000)
@="UpConversionTransform Class"
"AppID"="{015A4199-B904-4E9B-B7FD-8870A290569E}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{addea488-e976-492e-a67e-7354821794d2}]
@DACL=(02 0000)
@="NMDSOpenAsDirectoryHandlerZip Class"
"AppID"="{5B6B7FA0-1598-46B0-A586-96DA77C19844}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{adfab5ce-4211-44b5-b96e-1c6d98dca47f}]
@DACL=(02 0000)
@="NMDSDirAccProviderGetObjectMetaData Class"
"AppID"="{5B6B7FA0-1598-46B0-A586-96DA77C19844}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AE9D09AC-6BDA-424F-837E-C2DA8B3FE49B}]
@DACL=(02 0000)
@="NeSoundSwitch About"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AEC62F69-4A9A-4FFC-8528-7B57E3DFB1A0}]
@Class="REG_SZ"
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AED51F91-EBE9-4344-84A6-D116C4EC40D8}]
@DACL=(02 0000)
@="ULXDVDAudioCompiler Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AEF4E74F-7767-4FED-B4A8-2F9A0A713D26}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AF0996A6-75B5-457D-B417-49B5FBF97E73}]
@DACL=(02 0000)
@="InstallShield InstallDriver String Table"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AF24EC63-B3F1-41FE-8A22-84DAB1A2E3FF}]
@DACL=(02 0000)
@="Horizontal Fade"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AF56508B-F0FF-49D7-A94C-33C0D13CD25E}]
@DACL=(02 0000)
@="Nero Scout Language"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AF68A860-C2F9-4E8C-8312-4A85B09DCBDD}]
@DACL=(02 0000)
@="Zooming Text"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{af6fcf1c-07a3-44bf-9b4b-641a73efc7ba}]
@DACL=(02 0000)
@="NMBAppGlobalEventManager Class"
"AppID"="{3D261FC4-4BE7-41A7-BA15-DB9FC39E3792}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AF822D48-6DA7-4688-85F9-9BD73EDE0CFC}]
@DACL=(02 0000)
@="Vertical Blur"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AFA59C71-0C58-462B-A906-005CD8CAB090}]
@DACL=(02 0000)
@="AudioEffectLibrary.NoiseReductionPlugIn"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AFAB506E-0531-4B35-B24C-ABD2D8B725A1}]
@DACL=(02 0000)
@="VideoCrossfade"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AFD62485-400B-42BC-9672-568012C88ACB}]
@DACL=(02 0000)
@="Rotate"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B06E521D-B3C9-4FD1-9018-B24D60589F34}]
@DACL=(02 0000)
@="NeroCoverEdFilter Class"
"AppID"="{7975C0BF-88A1-44AD-A292-4C20D698550C}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B0A800B3-AE28-4251-820A-54C47EA8533C}]
@DACL=(02 0000)
@="ULXDiscScriptWriter_XML Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B0A9727A-0896-4985-AE46-0F4891FC027F}]
@DACL=(02 0000)
@="Fuzzy Smooth"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b110f611-91fd-4e5a-8ea0-31f12fbc2254}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B11212BD-A797-4459-B8A7-5C9E7F49E1D0}]
@DACL=(02 0000)
@="IE OLE Document Property Handler"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B14D4AA1-A59B-4FEC-B6DE-15CD9FF6C801}]
@DACL=(02 0000)
@="ULXISO9660Parser Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b1568afb-068a-4992-8968-b3b941561faf}]
@DACL=(02 0000)
@="NMUI Streaming Drawing Engine Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B1D31C8E-FAC0-4E08-B350-279BFAF3F0CB}]
@DACL=(02 0000)
@="AudioEffectLibrary.ModulationPage"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B1EBFC28-C9BD-47A2-8D33-B948769777A7}]
@DACL=(02 0000)
"Version"="1.0.0.0"
"SpecVersion"="1.0.0.0"
"Vendor"="{F0E749CA-EDEF-4589-A73A-EE0E626A2A2B}"
"MetadataFormat"="{537396C6-2D8A-4BB6-9BF8-2F0A8E2A3ADF}"
"RequiresFullStream"=dword:00000001
"SupportsPadding"=dword:00000001
"Author"="Microsoft"
"FriendlyName"="Ifd Writer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B21A20C8-B807-4795-996A-EB86DC7F56CF}]
@DACL=(02 0000)
@="ULXBDParser Class"
"AppID"="{8E781F9A-A63D-4F08-8A41-0E0C5C0B00BA}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B232B7E5-94A4-44E3-8759-CD4490619FAB}]
@DACL=(02 0000)
@="ILXShareLog Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B2BF1F99-6825-4D09-BE10-AB205E299B2E}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B31C5FAE-961F-415b-BAF0-E697A5178B94}]
@DACL=(02 0000)
@="IE Microsoft Multiple AutoComplete List Container"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B32BC53D-0CD9-4D68-8BD8-C4D4050C6654}]
@DACL=(02 0000)
@="Typewriter Text"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B32F4002-BB27-45FF-AF4F-06631C1E8DAD}]
@Class="REG_SZ"
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B34093CE-D636-437D-BC03-B53ECA20DDF5}]
@DACL=(02 0000)
@="NMCdRipDiscAccessFactory Class"
"AppID"="{95B8D609-BC19-4221-A047-F94757910455}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b35354ff-7e4a-46a4-bf69-4d92c3d7787b}]
@DACL=(02 0000)
@="NMUIResourceLoaderHarddisk Class"
"AppID"="{3A5C0833-DCDC-4475-A9C0-FA742C18D9D5}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B415BA29-CDC8-4202-89F8-A9046145DC70}]
@DACL=(02 0000)
@="Config Class"
"AppID"="{E3E65E5B-5E91-49DE-9A79-770889AEECA2}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}]
@DACL=(02 0000)
@="WinRAR"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B4282392-EB00-4326-92E3-8CC0A02B9C8D}]
@DACL=(02 0000)
@="udfVolumeInfo Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B4346D2E-E989-49B1-B3AB-4506028194C6}]
@DACL=(02 0000)
@="DiscSource Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B43E6609-D589-4F81-A300-9EC6A272039C}]
@Class="REG_SZ"
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B4DE1A0A-7110-4D8F-9ECC-587B047AE6F0}]
@Class="REG_SZ"
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b512f94e-18af-4a79-b775-8945fcf1fedb}]
@DACL=(02 0000)
@="NMBAppPluginMediaBrowserVideo Class"
"AppID"="{4E505BB4-9521-4DDE-8F82-336604ADF01B}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B54E85D9-FE23-499F-8B88-6ACEA713752B}]
@DACL=(02 0000)
"ContainerFormat"="{163BCC30-E2E9-4F0B-961D-A3E9FDB788A3}"
"Vendor"="{F0E749CA-EDEF-4589-A73A-EE0E626A2A2B}"
"Version"="1.0.0.0"
"SpecVersion"="1.0.0.0"
"ColorManagementVersion"="1.0.0.0"
"MimeTypes"="image/tiff,image/tif"
"FileExtensions"=".tiff,.tif"
"SupportAnimation"=dword:00000000
"SupportChromakey"=dword:00000001
"SupportLossless"=dword:00000001
"SupportMultiframe"=dword:00000001
"Author"="Microsoft"
"FriendlyName"="TIFF Decoder"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B5926F16-C9F1-4821-915D-064C1BC3F558}]
@DACL=(02 0000)
@="LBD_MANGR Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b59512ac-8211-4472-a55b-f4e462ab6722}]
@DACL=(02 0000)
@="Slider Class"
"AppID"="{6C9A9A5F-CF69-4D76-8DDC-55C552340928}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B5B38D71-EE16-4F1F-BCDB-B5229AA34755}]
@DACL=(02 0000)
@="NCAudioPidInfo Class"
"AppID"="{A3DABA07-89B0-4C1C-90E3-B70F956FD8FA}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B5C8B898-0074-459F-B700-860D4651EA14}]
@DACL=(02 0000)
"Version"="1.0.0.0"
"SpecVersion"="1.0.0.0"
"Vendor"="{F0E749CA-EDEF-4589-A73A-EE0E626A2A2B}"
"MetadataFormat"="{ED686F8E-681F-4C8B-BD41-A8ADDBF6B3FC}"
"RequiresFullStream"=dword:00000001
"SupportsPadding"=dword:00000001
"Author"="Microsoft"
"FriendlyName"="Interop Reader"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B5EBAFB9-253E-4A72-A744-0762D2685683}]
@DACL=(02 0000)
"Version"="1.0.0.0"
"SpecVersion"="1.0.0.0"
"Vendor"="{F0E749CA-EDEF-4589-A73A-EE0E626A2A2B}"
"MetadataFormat"="{568D8936-C0A9-4923-905D-DF2B38238FBC}"
"FixedSize"=dword:00000001
"SupportsPadding"=dword:00000000
"RequiresFullStream"=dword:00000000
"Author"="Microsoft"
"FriendlyName"="Chunk tEXt Writer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B6327404-9294-4C38-AD35-E074641CE7E6}]
@DACL=(02 0000)
@="NOSMyNeroRegistration Class"
"AppID"="{2A385E8B-5598-4227-A850-5FDD9697E2BA}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}]
@DACL=(02 0000)
@="Tab Property Page Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B6913798-10BF-430C-A26F-E6DEE22EB9BA}]
@DACL=(02 0000)
@="WMEncoderAgent Class"
"AppID"="{75EF9314-0B57-4A58-A255-4DD5F41520D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B6AF959B-17D1-449A-AA86-447F7AE3E2EC}]
@DACL=(02 0000)
@="Grayscale"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B6C70017-D66B-435A-B534-56971D9DC17B}]
@DACL=(02 0000)
@="Light edges"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b6cd4a6f-7555-4e3a-b7ed-e50a9b4c14ab}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b6e03708-c84b-452f-ab80-07d1218641a0}]
@DACL=(02 0000)
@="NMBActionPluginPlayXRTVideo Class"
"AppID"="{4E505BB4-9521-4DDE-8F82-336604ADF01B}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B6E1ED43-EF40-469f-9273-076A1B33A5F8}]
@DACL=(02 0000)
@="NOSWeb Class"
"AppID"="{D32D6B65-38E6-4756-81ED-68AC9994D7B1}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b6e385e4-89fb-4274-992d-a8edddd05030}]
@DACL=(02 0000)
@="NMBAppPluginMediaBrowserHandle Class"
"AppID"="{4E505BB4-9521-4DDE-8F82-336604ADF01B}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B70B4695-CC3C-4B76-B20C-AB991E00B771}]
@DACL=(02 0000)
@="NCLnb Class"
"AppID"="{A3DABA07-89B0-4C1C-90E3-B70F956FD8FA}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B71FB6D6-F646-48E9-87EC-1CB81066B359}]
@DACL=(02 0000)
@="AudioEffectLibrary.EqualizerPage"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B7509D6F-85EE-11d0-AF7D-00C04FD8DC02}]
@DACL=(02 0000)
@="PDF File Persistent Handler"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B8887594-5107-460E-9336-15DB7B340524}]
@DACL=(02 0000)
@="ILdvdSubPicStreamEffect Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B94384BE-1434-42C8-A7C5-7DADD5CF4D2E}]
@DACL=(02 0000)
@="Sparkle"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B97537A4-8308-484C-AAE0-823C6BE17840}]
@DACL=(02 0000)
@="3D - Horizontal Spinning Strokes"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B992D196-B642-4B27-86CA-B87EE66FDF96}]
@DACL=(02 0000)
@="Burn In"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B9B9F083-2B04-452A-8691-83694AC1037B}]
@DACL=(02 0000)
@="LogiExt Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B9E594F3-1362-43D3-9328-9014F52DF7E4}]
@DACL=(02 0000)
@="AudioEffectLibrary.DeesserPlugIn"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b9f8ac3e-0f71-11d2-b72c-00c04fb6bd3d}]
@DACL=(02 0000)
@="%PlugIn_IBasicAudio%"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ba012a6a-e58d-48aa-8c6e-6338561e1539}]
@DACL=(02 0000)
@="InvokeTest Class"
"AppID"="{5B6B7FA0-1598-46B0-A586-96DA77C19844}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BA11F969-397A-4146-AC96-236C3D76711D}]
@DACL=(02 0000)
@="DivX Subtitle Decoder"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ba1709eb-6de5-48ff-8443-1b51629cf8aa}]
@DACL=(02 0000)
@="NMBAppGlobalSettingsTV_Card Class"
"AppID"="{3D261FC4-4BE7-41A7-BA15-DB9FC39E3792}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ba4d8a48-57dd-467a-9d99-503908714996}]
@DACL=(02 0000)
@="ControlUpdate Class"
"AppID"="{015A4199-B904-4E9B-B7FD-8870A290569E}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BA8FA0D6-C5F1-4492-A25F-078FB704DE99}]
@DACL=(02 0000)
@="AudioEffectLibrary.StereoProcessorPage"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BB0EDC32-1939-4004-AE58-B310B14D0946}]
@DACL=(02 0000)
@="Splash"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{bb107ba8-c685-48a7-bc43-1ed8f6c1677a}]
@DACL=(02 0000)
@="PlayLoopedButton Class"
"AppID"="{6C9A9A5F-CF69-4D76-8DDC-55C552340928}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BB32FBED-A8CC-41A8-8A15-3F6D5E3D25C7}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BB37EFA1-7BA6-437D-99AA-16E023451DE2}]
@DACL=(02 0000)
@="ULXDiscCompiler Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{bb58849b-79e4-4607-9f20-8e41626db623}]
@DACL=(02 0000)
@="NMBAction Class"
"AppID"="{4E505BB4-9521-4DDE-8F82-336604ADF01B}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC07DA8B-262D-42DD-BE69-1090E3D61479}]
@DACL=(02 0000)
@="NeroSearchFilterModificationTime Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC08386A-9952-40CD-BA50-9541D64A4B4E}]
@Class="REG_SZ"
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC0FDBFF-1075-4E6B-ABB6-70DF437EDB25}]
@DACL=(02 0000)
@="Mirror: Horizontal"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC198A31-AD6F-4475-AE87-537A050EA53F}]
@DACL=(02 0000)
@="ArcSoft Realtime Capture Encoder Filter"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC198A32-AD6F-4475-AE87-537A050EA53F}]
@DACL=(02 0000)
@="ArcSoft Realtime Capture Encoder Setting"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC29A660-30E3-11d0-9E69-00C04FD7C15B}]
@DACL=(02 0000)
@="WDM Streaming VPE Property Set Interface Handler"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC5C2E00-D852-47EF-B170-60B095D16586}]
@Class="REG_SZ"
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC91CA41-D7BA-4EAB-A416-0469496CBA3C}]
@DACL=(02 0000)
@="DXBridge.DXPropSheet"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{bc91ed21-e702-44e5-aa88-9f2f70e986c6}]
@DACL=(02 0000)
@="UserDlgHandler Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC939A5D-2009-4A06-A97B-2FF7CF7D9D0D}]
@DACL=(02 0000)
@="AudioEffectLibrary.SurroundReverbPlugIn"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BD198FBE-F48F-4B2F-98A2-49E30BA3BB3E}]
@Class="REG_SZ"
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BD20C278-FA54-4F7D-8930-1ED3CEF2C1E5}]
@DACL=(02 0000)
@="SubPicTimerStream Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BD25C9E9-DD7C-4ECC-8DF8-C526BB751C45}]
@DACL=(02 0000)
@="NBCalendar Control 3"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BD351036-74A1-4904-AB72-5625C8E9CB18}]
@DACL=(02 0000)
@="DCdBuilder Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BD51FC13-DF3E-4DF5-93F7-0B2CA9D86B0C}]
@Class="REG_SZ"
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BD606F29-5B18-4FAF-9853-7F02CCE1E853}]
@DACL=(02 0000)
@="EIO Manager"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{bd87748e-31c3-4224-9f2e-3374671e85f7}]
@DACL=(02 0000)
@="NMVideoContentHandler Class"
"AppID"="{5BB9749E-DD3F-459F-8865-64A208D020EA}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BD8C6EB6-9190-4A6E-AD56-9FB41F9491BA}]
@DACL=(02 0000)
@="ArcSoft MP4Muxer Setting"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BDB77E7A-D94E-4ccc-9B73-F7DBB4FFED97}]
@DACL=(02 0000)
@="NMTTranscode0DirectShowDefaultSessionFactoryInProc Class"
"AppID"="{29EB903B-19F4-4F20-959A-87AD70EFD39B}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}]
@DACL=(02 0000)
@="Microsoft Tabbed Dialog Control 6.0 (SP5)"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BDC9B245-12B2-44C6-A884-5C0B5075F53E}]
@DACL=(02 0000)
@="BackWeb Client Files Access Via Directory"
"AppID"="{BDC9B245-12B2-44C6-A884-5C0B5075F53E}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BE27DE18-F318-41B2-AFCC-F28702278684}]
@DACL=(02 0000)
@="AudioEffectLibrary.VoiceTweakerPage"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{be63d0b5-b390-491f-9b21-8dd9a8fa4bba}]
@DACL=(02 0000)
@="NMBAppGlobalSettingsFavouriteTransitions Class"
"AppID"="{3D261FC4-4BE7-41A7-BA15-DB9FC39E3792}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{be948da6-a8e7-4c66-ab0c-3015fce93e00}]
@DACL=(02 0000)
@="TransformGUIConnect Class"
"AppID"="{015A4199-B904-4E9B-B7FD-8870A290569E}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEE5207B-14CC-4435-A763-E389A1405E66}]
@DACL=(02 0000)
@="ULXDVDStream Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BF27441E-CDCD-4659-AEBE-06F6E069714E}]
@DACL=(02 0000)
@="Screen Capture Filter Task Page"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BF3128DD-55B8-11D4-8ED4-00E07D815373}]
@DACL=(02 0000)
@="MBProgressBar.ProgressBar"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BF3128E6-55B8-11D4-8ED4-00E07D815373}]
@DACL=(02 0000)
@="MBProgressBar.pagGeneral"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BF36E503-6CF5-4B18-9B59-A91868AA2237}]
@DACL=(02 0000)
@="Nero FilterInfo Properties"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{bf404da2-7d3b-11d3-b9e5-00c04f79e399}]
@DACL=(02 0000)
@="RstrProgress Class"
"AppID"="{4E5C175A-7DB9-11D3-B9E5-00C04F79E399}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BF53F2AF-4E62-4986-BA1B-ECC1816BFDB7}]
@DACL=(02 0000)
@="LdsStmRead Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BF61440A-CE30-44EB-A854-44426449D21D}]
@DACL=(02 0000)
@="Straight Scroller"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BF8C5A0F-C6DA-44A5-915E-B07D47295EB3}]
@DACL=(02 0000)
@="AudioEffectLibrary.MultiTapDelayPlugIn"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BF90FB01-D663-4421-8F5F-9B83C3606B9A}]
@Class="REG_SZ"
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}]
@DACL=(02 0000)
@="IE Shell Rebar BandSite"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BFCB490B-B2A4-401D-AEE1-C0CDB1474DD1}]
@DACL=(02 0000)
@="Nero Scout Control"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BFCB965B-580B-45F3-B13D-A2329DEDFC03}]
@DACL=(02 0000)
@="Popping Characters"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c0275218-f46e-4597-9a6b-9c3bd0755628}]
@DACL=(02 0000)
@="NMCFStringStringDictionary Class"
"AppID"="{44B7557A-465A-41DB-B2DD-6CD1BB58C800}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c04936b1-c7ca-4bb9-9d60-74841fbb3893}]
@DACL=(02 0000)
@="NMDSUriAccessProviderGetObjectMetaData Class"
"AppID"="{5B6B7FA0-1598-46B0-A586-96DA77C19844}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c04f1516-2630-48c5-986d-7a84f4ead92f}]
@DACL=(02 0000)
@="BrowseButton Class"
"AppID"="{6C9A9A5F-CF69-4D76-8DDC-55C552340928}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C071C982-2EB2-4D3A-9821-E4B31B0142C8}]
@DACL=(02 0000)
@="Scheme Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c17bc5f7-ba71-46be-88e2-6b7b04e1740b}]
@DACL=(02 0000)
@="NMHDSPluginRadioChannels Class"
"AppID"="{F7CA8AF7-6AD6-410B-B770-0E6223E9DDEF}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C17CABB2-D4A3-47D7-A557-339B2EFBD4F1}]
@DACL=(02 0000)
"Vendor"="{F0E749CA-EDEF-4589-A73A-EE0E626A2A2B}"
"FriendlyName"="N-Channel Format Converter"
"Version"="1.0.0.0"
"SpecVersion"="1.0.0.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c18d5e87-12b4-46a3-ae40-67cf39bc6758}]
@DACL=(02 0000)
@="WinFX Bootstrapper for .xps"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C21B45B8-5D76-4575-BA27-54823098C491}]
@DACL=(02 0000)
@="IE Microsoft Docking Bar Property Bag"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C2316705-49F3-46a6-B178-FD617FA235D8}]
@DACL=(02 0000)
@="LmpgInfo Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C27BB47A-8823-4613-8C32-ADEBB5959985}]
@Class="REG_SZ"
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C2A17604-1C2D-4096-BC73-7A2FD9B2FFAB}]
@DACL=(02 0000)
@="Mirror: Vertical"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C2A723EC-9C68-42C6-9BEA-52D103661409}]
@DACL=(02 0000)
@="NMBGMonitorControl Class"
"AppID"="{9485CA40-B927-4F13-8D97-D36ACBFE6B9E}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c2bfc7d6-fb81-478d-a590-d428533751d5}]
@DACL=(02 0000)
@="NMSSEffect0AnimationFactory Class"
"AppID"="{0A399995-8A84-484A-8A58-1492BF805F91}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C2BFE331-6739-4270-86C9-493D9A04CD38}]
@DACL=(02 0000)
@="DisplayConfig Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c2c4f00a-720e-4389-aeb9-e9c4b0d93c6f}]
@DACL=(02 0000)
@="InformationCardElementBehaviorFactory Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C2C99FA5-CA27-4ee2-804D-04E0054414C0}]
@DACL=(02 0000)
@="BackWeb ClientExt Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C2D44141-7563-11D5-8C11-0050BA17CEE2}]
@DACL=(02 0000)
@="CyberLink Load Image Property"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C2F1EEE2-9120-459C-8089-F54C9E15B886}]
@DACL=(02 0000)
@="ULXDirectCD Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C332C124-340D-4430-AA0D-C75602876FCC}]
@DACL=(02 0000)
@="CUIPower Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c3bd2e3f-45c6-45f6-94ab-2706b0f185a1}]
@DACL=(02 0000)
@="NMHDSPluginDevicesDV Class"
"AppID"="{F7CA8AF7-6AD6-410B-B770-0E6223E9DDEF}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C447080C-D0C3-48AE-B31E-BB3E93591C69}]
@DACL=(02 0000)
@="WMEnc DV Timecode Reader"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C4534263-0195-4053-9294-E913443A5F8D}]
@DACL=(02 0000)
@="NeroRCManager Class"
"AppID"="{CB0CCC20-210B-454E-88F8-0BDAD40A4060}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C47B04A8-266F-4977-9EA7-C1F9580E38F7}]
@DACL=(02 0000)
@="NMDSUriAccessProviderSetObjectThumbnail Class"
"AppID"="{5B6B7FA0-1598-46B0-A586-96DA77C19844}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C482F15A-1498-4AE8-94A9-4DE5E58DFEBF}]
@DACL=(02 0000)
@="Nero Scout Cleanup"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C48DEE99-A419-47B9-878D-586DB7A42775}]
@DACL=(02 0000)
@="AudioEffectLibrary.ReanaloguePage"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c49a347e-3469-4c86-9811-5b98106178fa}]
@DACL=(02 0000)
@="NMFullTextRtfExtractor Class"
"AppID"="{2394E7B8-EA93-4731-B99D-F747EDC8DCFA}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C4B8CA0E-4270-4C7A-B0E3-0B9F0F0A336F}]
@Class="REG_SZ"
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C4EB6B0E-D072-4FA1-915A-3F60A18D1A3A}]
@DACL=(02 0000)
@="Vertical Flipping Characters"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C50CD0A8-3818-4942-8480-E5D988BA65AC}]
@DACL=(02 0000)
@="NOSWebDirectory Class"
"AppID"="{D32D6B65-38E6-4756-81ED-68AC9994D7B1}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C5799BF6-11A3-484A-9897-0B3CD4828F6D}]
@DACL=(02 0000)
@="Acid"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C5C4B2C9-D6A0-4865-B947-F718BD8070B6}]
@DACL=(02 0000)
@="Arcsoft WMV/ASF Splitter"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C5C99024-3A99-4097-AD4E-79C25FFF1C46}]
@DACL=(02 0000)
@="ControlDeviceMapper.ControlMapper"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C5E265B5-7573-4CC8-A316-ED0522CD6C60}]
@Class="REG_SZ"
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C5F9370B-E232-464F-BE29-A885B1248193}]
@DACL=(02 0000)
@="ArcSoft H.264 Splitter"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C5FACC37-F8C4-4849-8AAB-1553CDAEB59B}]
@DACL=(02 0000)
@="Duotone"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C5FEF23A-14D1-431A-93FF-BD45376FF6AB}]
@DACL=(02 0000)
@="AudioEffectLibrary.DummyEffect"
.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP