Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Bluescreen problem [Solved]


  • This topic is locked This topic is locked

#1
utcol2

utcol2

    Member

  • Member
  • PipPip
  • 47 posts

Recently I have been having problems with bluescreens occurring randomly. I think it may be because a forum I often browse is known to be running on a server infected with malware (supposed to redirect your browser to some inappropriate websites, although I run noscript on firefox, so the redirect is stopped). The forum admins insist that it is safe to browse, especially with noscript running on firefox, and whenever I have run malwarebytes since their server has been infected, nothing has been detected.

 

However, I still get these random bluescreens, and I also suspect that when Antivir tries to update, no updates are ever downloaded.

 

Thanks for your help in advance. :)

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04
Ran by kir (administrator) on PC on 17-04-2015 01:24:01
Running from C:\Users\kir\Desktop
Loaded Profiles: kir (Available profiles: kir)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Windows\System32\CTSVCCDA.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
(Absolute Software Corp.) C:\Windows\System32\rpcnet.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SigmaTel, Inc.) C:\Windows\sttray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-17] (Synaptics, Inc.)
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [638976 2007-04-03] (Chicony)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [56080 2007-04-11] (Logitech Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Windows\sttray.exe [303104 2007-01-30] (SigmaTel, Inc.)
HKLM\...\Run: [AdobeCS4ServiceManager] => C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-01] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [40072 2007-05-04] (soft thinks)
HKLM\...\Command Processor:  <======= ATTENTION
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\Run: [] => [X]
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\RunOnce: [Adobe Speed Launcher] => 1429228666
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\MountPoints2: {aa505fb2-82b7-11df-b7dd-00197edfd759} - F:\Startme.exe
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\InprocServer32: [Default-pngfilt]  <==== ATTENTION!

HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
Startup: C:\Users\kir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.google...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.google...q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...s=PTB&M=M-6821b
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {B832163C-FC7D-4766-916D-D0727C113D57} URL = http://www.google.co...age={startPage}
SearchScopes: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000 -> {105D2601-A980-4C49-B0BF-B1E2B030E357} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000 -> {B832163C-FC7D-4766-916D-D0727C113D57} URL = http://www.google.co...age={startPage}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-15] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll [2008-02-20] (Zeon Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-15] (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll [2008-02-20] (Zeon Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: {142DC14B-63E4-453E-8B4B-AE36A52BF049} http://appdown.naver.../NLiveCastX.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} http://ac100web.lse....ull/awswaxf.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.3.0.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: {FE9CE737-7BA6-451D-A4E0-EB4599D46FD6} http://www.melon.com...eXInstaller.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: https://www.google.c...p_VGOOU0AWlooFA
FF Keyword.URL: https://uk.search.ya...370D20140714&p=
FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Content Uploader\npUpload.dll [2007-09-28] (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-05-16] ( )
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files\Sony\Media Go\npmediago.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3409986712-3818737891-1182124187-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\kir\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2011-03-02] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3409986712-3818737891-1182124187-1000: electronicarts.com/GameFacePlugin -> C:\Users\kir\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2010-12-13] (Electronic Arts)
FF Plugin HKU\S-1-5-21-3409986712-3818737891-1182124187-1000: sony.com/MediaGoDetector -> C:\Program Files\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2008-09-19] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-03-05] (Apple Inc.)
FF SearchPlugin: C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\searchplugins\siteadvisor.xml [2007-12-21]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-01-21]
FF Extension: Segurança do navegador Avira - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\[email protected] [2015-04-01]
FF Extension: Chromifox Basic - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\[email protected] [2010-03-10]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-06-08]
FF Extension: FoxyTunes - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2012-03-24]
FF Extension: EPUBReader - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-03-20]
FF Extension: Full Flat - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E} [2010-01-30]
FF Extension: QuickRestart - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD} [2010-01-30]
FF Extension: NoScript - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-01]
FF Extension: Adblock Plus - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-04-05]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-04-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-01]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2008-07-27]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-05]

Chrome:
=======
CHR DefaultSearchKeyword: Default -> google.co.uk
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-08]
CHR Extension: (Google Docs) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-08]
CHR Extension: (Google Drive) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-08]
CHR Extension: (YouTube) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-08]
CHR Extension: (Google Search) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-08]
CHR Extension: (Google Sheets) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-08]
CHR Extension: (SiteAdvisor) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-01-08]
CHR Extension: (Avira Browser Safety) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-08]
CHR Extension: (Bookmark Manager) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-08]
CHR Extension: (Gmail) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-08]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-02-08]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files\Sony\Media Go\MediaGoDetector.crx" [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [815352 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1004032 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2015-02-19] (McAfee, Inc.)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [144672 2008-02-27] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1943832 2015-03-11] (IBM Corp.)
R2 rpcnet; C:\Windows\system32\rpcnet.exe [69792 2014-06-04] (Absolute Software Corp.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-02] (Intel Corporation)
S3 AF05BDA; C:\Windows\System32\drivers\AF05BDA.sys [117376 2007-09-18] (AfaTech                  )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 BUFADPT; C:\Windows\system32\BUFADPT.SYS [11008 2007-01-11] (BUFFALO INC.) [File not signed]
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [78848 2014-11-18] (Intel  Corporation)
S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28688 2007-04-11] (Logitech, Inc.)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R1 RapportBuka; C:\Windows\system32\drivers\RapportBuka.sys [390528 2010-02-27] (Trusteer Ltd.) [File not signed]
R1 RapportCerberus_80128; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80128.sys [472152 2015-02-24] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2015-03-11] (IBM Corp.)
S3 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208856 2015-03-11] (IBM Corp.)
S3 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2015-03-11] (IBM Corp.)
S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [83336 2007-04-03] (MCCI Corporation)
S3 s116mdfl; C:\Windows\System32\DRIVERS\s116mdfl.sys [15112 2007-04-03] (MCCI Corporation)
S3 s116mdm; C:\Windows\System32\DRIVERS\s116mdm.sys [108680 2007-04-03] (MCCI Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [650240 2007-01-30] (SigmaTel, Inc.)
S3 tapvpn; C:\Windows\System32\DRIVERS\tapvpn.sys [27136 2008-01-23] (The OpenVPN Project) [File not signed]
S3 u2kg54l; C:\Windows\System32\DRIVERS\u2kg54l.sys [863288 2007-04-02] (Atheros Communications, Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [11776 2007-04-14] (Chicony Electronics Co., Ltd.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\kir\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-17 01:24 - 2015-04-17 01:25 - 00029330 _____ () C:\Users\kir\Desktop\FRST.txt
2015-04-17 01:22 - 2015-04-17 01:23 - 01137152 _____ (Farbar) C:\Users\kir\Desktop\FRST.exe
2015-04-17 00:51 - 2015-04-17 00:57 - 00009634 _____ () C:\Windows\WindowsUpdate.log
2015-04-17 00:49 - 2015-04-17 00:49 - 00000310 _____ () C:\Windows\PFRO.log
2015-04-16 17:44 - 2015-04-16 17:44 - 00345034 _____ () C:\Users\kir\Desktop\my_fake_wedding_red_dress_ink_numbered_paperback__.epub
2015-04-09 14:33 - 2015-04-09 14:33 - 00625459 _____ () C:\Users\kir\Desktop\bed_of_roses_daisy_waugh_.epub
2015-04-07 19:25 - 2015-04-07 19:25 - 00490070 _____ () C:\Users\kir\Desktop\the_precious_one_de_los_santos_marisa.epub
2015-04-07 19:24 - 2015-04-07 19:24 - 00275269 _____ () C:\Users\kir\Desktop\silver_wedding_binchy_maeve.epub
2015-04-07 19:22 - 2015-04-07 19:22 - 00419998 _____ () C:\Users\kir\Desktop\tara_road_binchy_maeve.epub
2015-04-07 19:21 - 2015-04-07 19:21 - 00495294 _____ () C:\Users\kir\Desktop\what_a_girl_wants_kelk_lindsey.epub
2015-04-05 17:31 - 2015-04-05 17:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-17 01:24 - 2014-06-02 03:01 - 00000000 ____D () C:\FRST
2015-04-17 01:22 - 2011-04-26 13:13 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-17 01:21 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-17 01:21 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-17 00:57 - 2011-04-26 13:13 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-17 00:52 - 2007-03-20 00:01 - 00017408 _____ () C:\Windows\system32\rpcnetp.exe
2015-04-17 00:49 - 2014-05-16 13:42 - 00017408 _____ () C:\Windows\system32\rpcnetp.dll
2015-04-17 00:49 - 2007-03-20 00:07 - 00069792 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2015-04-17 00:49 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-17 00:48 - 2014-06-02 03:09 - 00000000 ____D () C:\AdwCleaner
2015-04-17 00:36 - 2008-06-12 15:40 - 00000000 ____D () C:\Windows\Minidump
2015-04-16 06:13 - 2007-06-29 18:52 - 00007460 _____ () C:\Windows\bthservsdp.dat
2015-04-16 06:13 - 2006-11-02 14:01 - 00032552 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-15 18:13 - 2012-04-11 09:45 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 18:13 - 2011-06-21 17:25 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-14 22:18 - 2011-11-28 21:41 - 00000000 ____D () C:\Users\kir\Documents\Lib Stuff
2015-04-14 18:29 - 2013-09-18 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-04-09 14:38 - 2014-09-12 16:15 - 00000000 ____D () C:\Users\kir\Desktop\New Folder
2015-04-09 14:26 - 2014-12-28 19:12 - 00000000 ____D () C:\Users\kir\Desktop\New Folder (2)
2015-04-08 14:48 - 2015-02-09 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-08 14:48 - 2014-08-07 15:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-08 14:47 - 2012-10-17 00:44 - 00000000 ____D () C:\Program Files\Avira
2015-04-05 21:16 - 2012-04-26 01:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-05 16:42 - 2014-07-08 16:45 - 00000080 _____ () C:\Users\kir\Desktop\gn.txt
2015-04-04 23:01 - 2015-02-23 19:52 - 00000000 ____D () C:\Users\kir\Desktop\m
2015-04-03 16:39 - 2015-01-08 18:55 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-01 15:05 - 2012-10-17 00:50 - 00000000 ____D () C:\Users\kir\AppData\Roaming\Avira
2015-04-01 15:03 - 2012-10-17 00:44 - 00000000 ____D () C:\ProgramData\Avira
2015-03-26 19:31 - 2007-09-22 16:16 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-26 01:02 - 2014-12-02 23:17 - 00000453 _____ () C:\Users\kir\Desktop\RenewDates.txt
2015-03-24 20:02 - 2014-04-16 16:36 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

==================== Files in the root of some directories =======

2011-08-30 19:17 - 2011-08-30 19:17 - 0000268 ___RH () C:\Users\kir\AppData\Roaming\Trumpet Section
2011-08-30 19:18 - 2011-08-30 19:18 - 0000268 ___RH () C:\Users\kir\AppData\Roaming\Tuner
2011-08-30 19:18 - 2011-08-30 19:18 - 0000268 ___RH () C:\Users\kir\AppData\Roaming\URLs
2007-09-05 17:47 - 2009-09-09 18:03 - 0000412 _____ () C:\Users\kir\AppData\Roaming\wklnhst.dat
2009-01-10 19:46 - 2013-07-29 18:28 - 0006648 _____ () C:\Users\kir\AppData\Local\d3d9caps.dat
2007-09-05 17:43 - 2013-02-01 17:08 - 0079872 _____ () C:\Users\kir\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-10-07 20:39 - 2009-05-05 21:48 - 0000600 _____ () C:\Users\kir\AppData\Local\PUTTY.RND
2012-02-03 07:07 - 2012-02-03 07:07 - 0003774 _____ () C:\ProgramData\114la.ico
2007-12-02 18:51 - 2013-05-22 20:51 - 0002137 _____ () C:\ProgramData\hpzinstall.log
2011-08-30 19:18 - 2011-08-30 19:18 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2011-08-30 19:17 - 2011-08-30 19:17 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2011-08-30 19:18 - 2011-08-30 19:18 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2011-08-30 19:17 - 2011-08-30 19:17 - 0000268 ___RH () C:\ProgramData\User Pictures
2011-08-30 19:18 - 2011-08-30 19:18 - 0000268 ___RH () C:\ProgramData\Utilities
2011-08-30 19:18 - 2011-08-30 19:18 - 0000268 ___RH () C:\ProgramData\Vocal Transformer

Files to move or delete:
====================
C:\Windows\Tasks\{0CB00D08-A61A-4182-96EC-B43D9BB2AC7A}.job
C:\Windows\Tasks\{86B3E4E6-B77B-4110-A9D8-BCFC436CCC79}.job
C:\Windows\Tasks\{F800DEF9-BE9B-4A49-B488-98FD495915BB}.job


Some content of TEMP:
====================
C:\Users\kir\AppData\Local\Temp\avgnt.exe
C:\Users\kir\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-17 00:58

==================== End Of Log ============================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-04-2015 04
Ran by kir at 2015-04-17 01:26:12
Running from C:\Users\kir\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe InDesign CS4 (HKLM\...\Adobe_1710d324011afc3e7658e969025f4ba) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AIO_Scan (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.1 - Auslogics Software Pty Ltd)
Avira (HKLM\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
C4380_Help (Version: 90.0.189.000 - Hewlett-Packard) Hidden
C5200 (Version: 100.0.206.000 - Hewlett-Packard) Hidden
C5200_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Camera Assistant Software for Gateway (HKLM\...\{39098402-3F7A-4257-A4AE-FC1181D1B40B}) (Version: 1.7.022.0430 - Chicony Electronics Co.,Ltd.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‪Canon Inc.‬)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.01 - Canon Inc.)
Canon MG4200 series On-screen Manual (HKLM\...\Canon MG4200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG4200 series User Registration (HKLM\...\Canon MG4200 series User Registration) (Version:  - Canon Inc.‎)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Chinese Simplified Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-2447-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Chinese Traditional Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-2448-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Copy (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Creative Removable Disk Manager (HKLM\...\Creative Removable Disk Manager) (Version:  - )
Creative System Information (HKLM\...\SysInfo) (Version:  - )
Crystal Ball (HKLM\...\{2967D5BC-740B-4422-B019-5560DA932F15}) (Version: 11.1.63.0 - Crystal Ball)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
Dia (remove only) (HKLM\...\Dia) (Version:  - )
DocProc (Version: 10.0.0.0 - Hewlett-Packard) Hidden
EA SPORTS Gameface Browser Plugin 1.3.1.0 (HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\EA SPORTS Gameface Browser Plugin) (Version: 1.3.1.0 - Electronic Arts)
Far Cry (Patch 1.4) (Version: 1.00.0000 - Ubisoft) Hidden
Fax (Version: 100.0.187.000 - Hewlett-Packard) Hidden
GanttProject (HKLM\...\GanttProject) (Version:  - )
GanttProject 2.0.9 (HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\GanttProject 2.0.9) (Version:  - GanttProject Team)
Gateway Recovery Center Installer (HKLM\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.027 - Gateway)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photosmart All-In-One Driver Software 10.0 Rel .2 (HKLM\...\{20B30DC1-E423-4939-B51D-05C58B0F9BBB}) (Version: 10.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
iPhone Configuration Utility (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180000}) (Version: 8.0.0 - Oracle Corporation)
K-Lite Mega Codec Pack 10.0.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.0.5 - )
Kotor Tool (HKLM\...\Kotor Tool) (Version:  - )
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Maple 11 (HKLM\...\Maple 11) (Version: 11.0.0.0 - Maplesoft)
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
Media Go (HKLM\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)
Media Go Network Downloader (HKLM\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.12.106.06300 (HKLM\...\{073B10F3-AD7B-4083-FDE4-EF552EA7362D}) (Version: 2.12.106.06300 - Sony)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version:  - )
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0080 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Moto Contacts Tool (HKLM\...\{018C7ADA-ED29-413F-BE57-2200A0FEFC06}) (Version: 1.00.0007 - Motorola)
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\Move Networks Player - IE) (Version:  - )
Mozilla Firefox 37.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 37.0.1 (x86 en-GB)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Server 4.1 (HKLM\...\{FF2705ED-8734-417D-A854-4EA3F679CCC5}) (Version: 4.1.22 - MySQL AB)
Network Play System (Patching) (HKLM\...\Network Play System (Patching)) (Version:  - )
Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.4.49.0 - Nokia)
Nokia Suite (Version: 3.4.49.0 - Nokia) Hidden
Nuance PDF Professional 5 (HKLM\...\{20ECF3EE-4F7B-40ED-98E7-8CA63FC69F14}) (Version: 5.00.3233 - Nuance Communications, Inc)
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PanoStandAlone (Version: 100.0.170.000 - Hewlett-Packard) Hidden
PC Connectivity Solution (HKLM\...\{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}) (Version: 12.0.17.0 - Nokia)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
PlayStation®Network Downloader (HKLM\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.03.00126 - Sony Computer Entertainment Inc.)
PlayStation®Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 3.2.11.09227 - Sony Computer Entertainment Inc.)
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
PS_AIO_02_ProductContext (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapport (Version: 3.5.1404.84 - Trusteer) Hidden
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
Scansoft PDF Professional (Version:  - ) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Sony Ericsson Device Data (Version: 1.0.32 - Sony Ericsson) Hidden
Sony Ericsson Drivers (Version: 1.0.28 - Sony Ericsson) Hidden
Sony Ericsson PC Suite (HKLM\...\{D6BF6477-8369-489F-8DE6-3731F4B88560}) (Version: 2.10.46 - )
Sony Ericsson PC Suite (Version: 2.10.37 - Sony Ericsson) Hidden
Sony PC Companion 2.10.197 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
Status (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.3.0 - Synaptics)
System Requirements Lab for Intel (HKLM\...\{EFE3D683-903C-4B58-AB8F-C68C69F33758}) (Version: 4.5.3.0 - Husdawg, LLC)
The Sims Livin' it up (HKLM\...\{49D4FCCF-45D6-11D4-8F73-0050DA0F6297}) (Version:  - )
The Sims Makin' Magic (HKLM\...\{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}) (Version:  - )
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1404.84 - Trusteer)
Unity Web Player (HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Service (HKLM\...\Update Service) (Version: 2.10.7.15 - Sony Ericsson Mobile Communications AB)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software 6.0.1.4900 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4900 -  )
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
ZEN Vision:M Series Media Explorer (HKLM\...\ZEN Vision:M Series Media Explorer) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00BB2764-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{067B4B81-B1EC-489F-B111-940EBDC44EBE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{0E890F83-5F79-11D1-9043-00C04FD9189D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{1DCB3A00-33ED-11D3-8470-00C04F79DBC0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{22D6F312-B0F6-11D0-94AB-0080C74C7E95}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{25BAAD81-3560-11D3-8471-00C04F79DBC0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F4CF-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F4F5-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{30C3B080-30FB-11D0-B724-00AA006C1A01}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3484F78F-F8CE-4CF3-914F-10F1A76BF0D5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{385A91BC-1E8A-4E4A-A7A6-F4FC1E6CA1BD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3F30C968-480A-4C6C-862D-EFC0897BB84B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4063BE15-3B08-470D-A0D5-B37161CFFD69}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\kir\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4657278A-411B-11D2-839A-00C04FD918D0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4CB26C03-FF93-11D0-817E-0000F87557DB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4DB26476-6787-4046-B836-E8412A9E8A27}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4FD2A832-86C8-11D0-8FCA-00C04FD9189D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{527C9A9B-B9A2-44B0-84F9-F0DC11C2BCFB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{5C4094D7-4213-4C40-9E33-16A2D2D69EF2}\InprocServer32 -> C:\Program Files\Sony\PlayStation Store\StoreDrmUtility.dll (Sony Computer Entertainment Inc.)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{5DC5B31E-0C28-4679-B8D8-32CF2F9BACED}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6263C176-0876-4B04-8DE0-44AB74489D72}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6935DB93-21E8-4CCC-BEB9-9FE3C77A297A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6A01FDA0-30DF-11D0-B724-00AA006C1A01}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6BF52A52-394A-11D3-B153-00C04F79FAA6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6E8D4A20-310C-11D0-B79A-00AA003767A7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{77F419AA-771A-45FF-AC66-7567FA3243D3}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{77F7F122-20B0-4117-A2FB-059D1FC88256}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{7D9070AB-371A-4614-A964-D21BDFE1030B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{81397204-F51A-4571-8D7B-DC030521AABD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{85E94D25-0712-47ED-8CDE-B0971177C6A1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{875CB1A1-0F29-45DE-A1AE-CFB4950D0B78}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{8E85D0CE-DEAF-4EA1-9410-FD1A2105CEB5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{8F170678-2A97-4D59-89A1-7A0A71C1B677}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{9B8C4620-2C1A-11D0-8493-00A02438AD48}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{A7EE7F34-3BD1-427F-9231-F941E9B7E1FE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{AB968F1E-E20B-403A-9EB8-72EB0EB6797E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{ADC6CB82-424C-11D2-952A-00C04FA34F05}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{C206F324-BB45-4765-93FF-3BCA7306FF2E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> C:\Windows\system32\actxprxy.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CBD32ACD-3033-5DC4-AF3E-A32955785032}\InprocServer32 -> C:\Users\kir\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CD8743A1-3736-11D0-9E69-00C04FD7C15B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CE292861-FC88-11D0-9E69-00C04FD7C15B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{D1FE6762-FC48-11D0-883A-3C8B00C10000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{DF2FCE13-25EC-45BB-9D4C-CECD47C2430C}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E03E85B0-7BE3-4000-BA98-6C13DE9FA486}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E1F1A0B8-BEEE-490D-BA7C-066C40B5E2B9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Users\kir\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E3E478D6-A2F2-4791-89A3-21F5C78DC3EC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Users\kir\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Users\kir\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{FCC152B7-F372-11D0-8E00-00C04FD7C08B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Users\kir\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InprocServer32 -> No File Path

==================== Restore Points  =========================

01-04-2015 16:13:01 Scheduled Checkpoint
04-04-2015 02:05:08 Windows Update
05-04-2015 16:49:10 Scheduled Checkpoint
07-04-2015 20:07:31 Scheduled Checkpoint
08-04-2015 01:42:55 Windows Update
08-04-2015 15:49:02 Scheduled Checkpoint
10-04-2015 15:05:33 Scheduled Checkpoint
11-04-2015 01:22:51 Windows Update
12-04-2015 02:57:29 Installed Chinese Simplified Fonts Support For Adobe Reader X.
14-04-2015 18:28:43 Installed Rapport
15-04-2015 01:42:34 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2007-09-08 12:48 - 00178248 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1    babe.the-killer.bz
127.0.0.1    www.babe.the-killer.bz
127.0.0.1    babe.k-lined.com
127.0.0.1    www.babe.k-lined.com
127.0.0.1    did.i-used.cc
127.0.0.1    www.did.i-used.cc
127.0.0.1    coolwwwsearch.com
127.0.0.1    www.coolwwwsearch.com
127.0.0.1    coolwebsearch.com
127.0.0.1    www.coolwebsearch.com
127.0.0.1    hi.studioaperto.net
127.0.0.1    www.hi.studioaperto.net
127.0.0.1    wazzupnet.com
127.0.0.1    www.wazzupnet.com
127.0.0.1    gueb.com
127.0.0.1    www.gueb.com
127.0.0.1    kabex.com
127.0.0.1    www.kabex.com
127.0.0.1    hityou.com
127.0.0.1    www.hityou.com
127.0.0.1    miosearch.com
127.0.0.1    www.miosearch.com
127.0.0.1    blue-elefant.com
127.0.0.1    www.blue-elefant.com
127.0.0.1    babeweb.de
127.0.0.1    www.babeweb.de
127.0.0.1    start-seite.com
127.0.0.1    www.start-seite.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16C4E370-E6EC-4CC8-AC56-73EFFF6235FD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {228C0041-F747-4ED3-A345-D120C2BE7882} - System32\Tasks\Microsoft\Windows\RestartManager\{40FF92F9-5952-4115-A106-7A530C9EFA9F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {2D2A5167-F886-4751-B474-4F64CC32D776} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3409986712-3818737891-1182124187-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {2EBCA8EB-E63C-4B9C-BC70-138141499F35} - System32\Tasks\{A59FEC0E-20A6-4A52-8F43-B664F8BF1A8A} => pcalua.exe -a C:\Users\kir\Desktop\ComboFix.exe -d C:\Users\kir\Desktop
Task: {3F53BFEB-AF78-4DF5-8523-F600B9DACB38} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {47E7A8FF-F674-455E-A73F-3DA36CA74F2C} - System32\Tasks\Microsoft\Windows\RestartManager\{3F1DB646-2AC6-413b-AE84-09ECA4FBD948} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {665B26E7-3C0B-4268-959A-199585431F1C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {6B58BB98-6868-4309-B118-A08A4EAE2530} - System32\Tasks\Microsoft\Windows\RestartManager\{85BB0742-CBCC-49fa-B0C2-91CF9FCF11C3} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {841D2791-9E8A-44C7-ADDF-3C637FDFE49C} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - kir => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {88131826-F0A2-4A4B-AA56-840049560A8D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {B2F76297-BFEE-4D90-BA12-7BFE273416AD} - System32\Tasks\Microsoft\Windows\RestartManager\{B18D328B-2298-4de5-B450-16A2E8E8B2EE} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {E5706851-D6A5-42ED-A217-60A0E1EA333D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3409986712-3818737891-1182124187-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\{0CB00D08-A61A-4182-96EC-B43D9BB2AC7A}.job => C:\Program Files\BlazeVideo\BlazeDTV 2.5a\scheduleCall.exe
Task: C:\Windows\Tasks\{86B3E4E6-B77B-4110-A9D8-BCFC436CCC79}.job => C:\Program Files\BlazeVideo\BlazeDTV 2.5a\scheduleCall.exe
Task: C:\Windows\Tasks\{F800DEF9-BE9B-4A49-B488-98FD495915BB}.job => C:\Program Files\BlazeVideo\BlazeDTV 2.5a\scheduleCall.exe

==================== Loaded Modules (whitelisted) ==============

2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-07-27 19:51 - 2009-02-13 13:44 - 00117264 _____ () c:\Program Files\McAfee\SiteAdvisor\apengine.dll
2008-07-27 19:51 - 2009-02-13 13:44 - 00071696 _____ () c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
2008-07-27 19:51 - 2009-02-13 13:44 - 00207376 _____ () c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
2007-09-19 17:04 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2008-02-27 02:09 - 2008-02-27 02:09 - 02560000 _____ () C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll
2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2007-06-29 18:56 - 2007-04-30 21:06 - 05020160 _____ () C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
2013-10-01 02:36 - 2013-09-12 19:00 - 03502080 _____ () C:\Program Files\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:981884E7

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\kir\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^kir^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ViiKiiDesktopPlugin.lnk => C:\Windows\pss\ViiKiiDesktopPlugin.lnk.Startup
MSCONFIG\startupreg: BigFix => c:\program files\Bigfix\bigfix.exe /atstartup
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: CTSyncU.exe => "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files\Nuance\PDF Professional 5\pdfpro5hook.exe
MSCONFIG\startupreg: Sony Ericsson PC Suite => "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-3409986712-3818737891-1182124187-500 - Administrator - Disabled)
Guest (S-1-5-21-3409986712-3818737891-1182124187-501 - Limited - Disabled)
kir (S-1-5-21-3409986712-3818737891-1182124187-1000 - Administrator - Enabled) => C:\Users\kir

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/17/2015 00:57:43 AM) (Source: LoadPerf) (EventID: 3002) (User: )
Description: :16

Error: (04/17/2015 00:51:22 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index metadata cannot be read.   0xc0041801 (0xc0041801)

Error: (04/17/2015 00:50:23 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index metadata cannot be read.   (0xc0041801)

Error: (04/17/2015 00:50:23 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index metadata cannot be read.   (0xc0041801)

Error: (04/17/2015 00:50:23 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.   (0x80070490)

Error: (04/17/2015 00:50:01 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index metadata cannot be read.   (0xc0041801)

Error: (04/17/2015 00:50:01 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  )

Error: (04/17/2015 00:49:57 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  )

Error: (04/17/2015 00:32:08 AM) (Source: LoadPerf) (EventID: 3002) (User: )
Description: >16

Error: (04/17/2015 00:26:01 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (08/09/2011 02:15:03 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 146 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (02/20/2010 08:51:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7629 seconds with 1200 seconds of active time.  This session ended with a crash.

Error: (12/03/2009 01:52:47 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30596 seconds with 5160 seconds of active time.  This session ended with a crash.

Error: (11/25/2009 03:39:24 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16893 seconds with 10440 seconds of active time.  This session ended with a crash.

Error: (12/02/2008 09:11:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 28 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/30/2008 03:58:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 20 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/30/2008 03:16:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 13 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/29/2008 07:12:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 15 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/29/2008 06:57:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 85 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (11/29/2008 06:46:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 51 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-04-17 01:25:10.382
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-17 01:25:10.130
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-17 01:25:09.865
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-17 01:25:09.621
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-17 01:25:09.202
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-17 01:25:08.963
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-17 01:25:08.736
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-17 01:25:08.433
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-17 01:25:08.045
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80128.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-17 01:25:07.802
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80128.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T7100 @ 1.80GHz
Percentage of memory in use: 80%
Total physical RAM: 2037.69 MB
Available physical RAM: 406.46 MB
Total Pagefile: 4316.6 MB
Available Pagefile: 2321.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:139.2 GB) (Free:30.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (RECOVERY) (Fixed) (Total:9.85 GB) (Free:3.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 7BD1F01D)
Partition 1: (Not Active) - (Size=9.9 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=139.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 


  • 0

Advertisements


#2
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)


Truly you are infected with a Zero Access rootkit.



warning.gif Backdoor warning!

Unfortunately your machine seems to be heavy compromised by a Backdoor Trojan. This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files. My advice for this moment:
  • Disconnect this machine from the internet.
  • Change your online passwords from a well-known clean computer (not this one!).
  • It would be also wise to inform financial institutions about your situation - see here.
Many experts believe that the best action should be reformat and reinstall, but I think that we can still be able to clean this one and return it to its normal funcionality (with no security guarantee afterwards, as this is a very severe type of infection).
  • If you plan to rather reinstall your system, let me know if I could provide any help during that procedure.
  • If you wish to omit the reinstallation, just please proceed with the next steps directed.
I believe that we can kill this nasty bad guy :thumbsup:



MalwarebytesAntiRootkit.png Scan with Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save the file to your desktop.
Note that the tool is still in its BETA stage, therefore not all functionalities may be added.
  • Right-click on MalwarebytesAntiRootkit.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It will ask you for an extraction place - make sure you will unpack it to your desktop.
  • After the extraction, the tool should start itself (no action required).
  • On the Introduction screen click Next.
  • On the Update screen click Update.
  • When prompted about the succesful update, click Next.
  • On the Scan System screen, make sure that all three options
    • Drivers
    • Sectors
    • System
    are checked for scanning and press Scan.
Wait patiently and don't do anything on your machine while MBAR goes through your system!
  • If no infection is found, just close the tool.
  • If an infection is found, make sure that Create Restore Point is checked, then select Cleanup button to remove threats. The process will start and your machine will prompt you to reboot upon completion.
When finished (either with or without cleanup), please navigate to the MBAR directory.
Search there for these two files:
> mbar-log-date(time).txt
> system-log.txt
Please include the content of both files in your reply.
  • 0

#3
utcol2

utcol2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Hi Naat, thanks for your help.

 

If I did reinstall my system, would this wipe out all my program files and documents?

 

Anyway, I proceeded with the Malwarebytes Anti-Rootkit scan, and it said no infection was found. Here are the logs:

 

 

 

 

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.04.17.04
  rootkit: v2015.03.31.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
kir :: PC [administrator]

2015-04-17 19:26
mbar-log-2015-04-17 (19-26-30).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 370266
Time elapsed: 23 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 2136674304, free: 671064064

Downloaded database version: v2015.04.17.04
Downloaded database version: v2015.03.31.01
Downloaded database version: v2015.04.06.02
=======================================
Initializing...
------------ Kernel report ------------
     04/17/2015 19:25:31
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\NETw5v32.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\seehcri.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\stwrt.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\drivers\modem.sys
\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80128.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
\??\C:\Windows\system32\drivers\RapportBuka.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Windows\system32\BUFADPT.SYS
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\UVCFTR_S.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\adfs.SYS
\SystemRoot\system32\DRIVERS\IntelHaxm.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\drivers\RTSTOR.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.04.17.04
  rootkit: v2015.03.31.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff87909390, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87928d20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87909390, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff87342878, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff86e0f030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7BD1F01D

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 20659527

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 20659590  Numsec = 291917115
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-20659590-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 


  • 0

#4
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Yes, a complete reinstall requires a reformat so you'l lose all your program files, programs and all present there files.

I am quite surprised that MBAR wasn't able to catch ZA.

Should we proceed with the cleaning or you'd rather wish to reformat/reinstall?
  • 0

#5
utcol2

utcol2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Can we proceed with the cleaning please. I'd rather not lose my files unless it is absolutely necessary. Thanks again :)
  • 0

#6
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi :)


OK, let's continue fixing you up.



FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    CreateRestorePoint:
    CloseProcesses: 
    HKLM\...\Command Processor:  <======= ATTENTION
    HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\Run: [] => [X]
    HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
    HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
    HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\InprocServer32: [Default-pngfilt]  <==== ATTENTION!
    HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
    HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope value is missing.
    C:\Windows\Tasks\{0CB00D08-A61A-4182-96EC-B43D9BB2AC7A}.job
    C:\Windows\Tasks\{86B3E4E6-B77B-4110-A9D8-BCFC436CCC79}.job
    C:\Windows\Tasks\{F800DEF9-BE9B-4A49-B488-98FD495915BB}.job
    CMD: bitsadmin /reset /allusers
    RemoveProxy:
    EmptyTemp:
    Reboot: 
    end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.
  • 0

#7
utcol2

utcol2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Hi again :) I have finished running the fix. The Fixlog is as follows:

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-04-2015
Ran by kir at 2015-04-19 00:36:09 Run:1
Running from C:\Users\kir\Desktop
Loaded Profiles: kir (Available profiles: kir)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Command Processor:  <======= ATTENTION
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\Run: [] => [X]
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\InprocServer32: [Default-pngfilt]  <==== ATTENTION!
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
C:\Windows\Tasks\{0CB00D08-A61A-4182-96EC-B43D9BB2AC7A}.job
C:\Windows\Tasks\{86B3E4E6-B77B-4110-A9D8-BCFC436CCC79}.job
C:\Windows\Tasks\{F800DEF9-BE9B-4A49-B488-98FD495915BB}.job
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Command Processor\\AutoRun => value deleted successfully.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\Software\Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}" => Key deleted successfully.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 => Key not found.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\Tasks\{0CB00D08-A61A-4182-96EC-B43D9BB2AC7A}.job => Moved successfully.
C:\Windows\Tasks\{86B3E4E6-B77B-4110-A9D8-BCFC436CCC79}.job => Moved successfully.
C:\Windows\Tasks\{F800DEF9-BE9B-4A49-B488-98FD495915BB}.job => Moved successfully.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

{4CDB74E0-564E-4A20-A409-4B7E610DB957} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========

EmptyTemp: => Removed 166.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog 02:43:42 ====


  • 0

#8
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
OK, the fix went fine. Now time to take a look at the services.



FarbarServiceScanner.png Scan with Farbar Service Scanner

Download Farbar Service Scanner by Farbar and save it to your desktop.
  • Right-click on FarbarServiceScanner.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Make sure all of the options are checked!
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
Please include that log in your next reply.
  • 0

#9
utcol2

utcol2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Here's the service log. Thanks again!




Farbar Service Scanner Version: 17-01-2015
Ran by kir (administrator) on 20-04-2015 at 16:29:04
Running from "C:\Users\kir\Desktop"
Microsoft® Windows Vista Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll =&gt; File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys =&gt; File is digitally signed
C:\Windows\system32\dhcpcsvc.dll =&gt; File is digitally signed
C:\Windows\system32\Drivers\afd.sys =&gt; File is digitally signed
C:\Windows\system32\Drivers\tdx.sys =&gt; File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys =&gt; File is digitally signed
C:\Windows\system32\dnsrslvr.dll =&gt; File is digitally signed
C:\Windows\system32\mpssvc.dll =&gt; File is digitally signed
C:\Windows\system32\bfe.dll =&gt; File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys =&gt; File is digitally signed
C:\Windows\system32\SDRSVC.dll =&gt; File is digitally signed
C:\Windows\system32\vssvc.exe =&gt; File is digitally signed
C:\Windows\system32\wscsvc.dll =&gt; File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll =&gt; File is digitally signed
C:\Windows\system32\wuaueng.dll =&gt; File is digitally signed
C:\Windows\system32\qmgr.dll =&gt; File is digitally signed
C:\Windows\system32\es.dll =&gt; File is digitally signed
C:\Windows\system32\cryptsvc.dll =&gt; File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll =&gt; File is digitally signed
C:\Windows\system32\ipnathlp.dll =&gt; File is digitally signed
C:\Windows\system32\iphlpsvc.dll =&gt; File is digitally signed
C:\Windows\system32\svchost.exe =&gt; File is digitally signed
C:\Windows\system32\rpcss.dll =&gt; File is digitally signed


**** End of log ****

Edited by utcol2, 20 April 2015 - 09:34 AM.

  • 0

#10
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Great, looks like FixDamage from MBAR did it's job.



FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
  • 0

Advertisements


#11
utcol2

utcol2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Hi again. I have the logs below. I also noticed that my Windows Update always can't check for updates. Is this a related problem, or something different? Thank you for all the help :)

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-04-2015
Ran by kir (administrator) on PC on 21-04-2015 00:06:26
Running from C:\Users\kir\Desktop
Loaded Profiles: kir (Available profiles: kir)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Windows\System32\CTSVCCDA.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
(Absolute Software Corp.) C:\Windows\System32\rpcnet.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SigmaTel, Inc.) C:\Windows\sttray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-17] (Synaptics, Inc.)
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [638976 2007-04-03] (Chicony)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [56080 2007-04-11] (Logitech Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Windows\sttray.exe [303104 2007-01-30] (SigmaTel, Inc.)
HKLM\...\Run: [AdobeCS4ServiceManager] => C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-01] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [40072 2007-05-04] (soft thinks)
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\RunOnce: [Adobe Speed Launcher] => 1429539426
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\MountPoints2: {aa505fb2-82b7-11df-b7dd-00197edfd759} - F:\Startme.exe
Startup: C:\Users\kir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.google...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.google...q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...s=PTB&M=M-6821b
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> {B832163C-FC7D-4766-916D-D0727C113D57} URL = http://www.google.co...age={startPage}
SearchScopes: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000 -> {105D2601-A980-4C49-B0BF-B1E2B030E357} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000 -> {B832163C-FC7D-4766-916D-D0727C113D57} URL = http://www.google.co...age={startPage}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-15] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll [2008-02-20] (Zeon Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-15] (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll [2008-02-20] (Zeon Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: {142DC14B-63E4-453E-8B4B-AE36A52BF049} http://appdown.naver.../NLiveCastX.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} http://ac100web.lse....ull/awswaxf.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.3.0.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: {FE9CE737-7BA6-451D-A4E0-EB4599D46FD6} http://www.melon.com...eXInstaller.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: https://www.google.c...p_VGOOU0AWlooFA
FF Keyword.URL: https://uk.search.ya...370D20140714&p=
FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Content Uploader\npUpload.dll [2007-09-28] (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-05-16] ( )
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files\Sony\Media Go\npmediago.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3409986712-3818737891-1182124187-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\kir\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2011-03-02] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3409986712-3818737891-1182124187-1000: electronicarts.com/GameFacePlugin -> C:\Users\kir\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2010-12-13] (Electronic Arts)
FF Plugin HKU\S-1-5-21-3409986712-3818737891-1182124187-1000: sony.com/MediaGoDetector -> C:\Program Files\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2008-09-19] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-03-05] (Apple Inc.)
FF SearchPlugin: C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\searchplugins\siteadvisor.xml [2007-12-21]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-01-21]
FF Extension: Segurança do navegador Avira - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\[email protected] [2015-04-01]
FF Extension: Chromifox Basic - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\[email protected] [2010-03-10]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-06-08]
FF Extension: FoxyTunes - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2012-03-24]
FF Extension: EPUBReader - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-04-19]
FF Extension: Full Flat - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E} [2010-01-30]
FF Extension: QuickRestart - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD} [2010-01-30]
FF Extension: NoScript - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-01]
FF Extension: Adblock Plus - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-04-05]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-04-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-01]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2008-07-27]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-05]

Chrome:
=======
CHR DefaultSearchKeyword: Default -> google.co.uk
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-08]
CHR Extension: (Google Docs) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-08]
CHR Extension: (Google Drive) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-08]
CHR Extension: (YouTube) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-08]
CHR Extension: (Google Search) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-08]
CHR Extension: (Google Sheets) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-08]
CHR Extension: (SiteAdvisor) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-01-08]
CHR Extension: (Avira Browser Safety) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-08]
CHR Extension: (Bookmark Manager) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-08]
CHR Extension: (Gmail) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-08]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-02-08]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files\Sony\Media Go\MediaGoDetector.crx" [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [815352 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1004032 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2015-02-19] (McAfee, Inc.)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [144672 2008-02-27] (Nuance Communications, Inc.)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1943832 2015-03-11] (IBM Corp.)
R2 rpcnet; C:\Windows\system32\rpcnet.exe [69792 2014-06-04] (Absolute Software Corp.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-02] (Intel Corporation)
S3 AF05BDA; C:\Windows\System32\drivers\AF05BDA.sys [117376 2007-09-18] (AfaTech                  )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 BUFADPT; C:\Windows\system32\BUFADPT.SYS [11008 2007-01-11] (BUFFALO INC.) [File not signed]
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [78848 2014-11-18] (Intel  Corporation)
S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28688 2007-04-11] (Logitech, Inc.)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R1 RapportBuka; C:\Windows\system32\drivers\RapportBuka.sys [390528 2010-02-27] (Trusteer Ltd.) [File not signed]
R1 RapportCerberus_80128; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80128.sys [472152 2015-02-24] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2015-03-11] (IBM Corp.)
S3 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208856 2015-03-11] (IBM Corp.)
S3 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2015-03-11] (IBM Corp.)
S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [83336 2007-04-03] (MCCI Corporation)
S3 s116mdfl; C:\Windows\System32\DRIVERS\s116mdfl.sys [15112 2007-04-03] (MCCI Corporation)
S3 s116mdm; C:\Windows\System32\DRIVERS\s116mdm.sys [108680 2007-04-03] (MCCI Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [650240 2007-01-30] (SigmaTel, Inc.)
S3 tapvpn; C:\Windows\System32\DRIVERS\tapvpn.sys [27136 2008-01-23] (The OpenVPN Project) [File not signed]
S3 u2kg54l; C:\Windows\System32\DRIVERS\u2kg54l.sys [863288 2007-04-02] (Atheros Communications, Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [11776 2007-04-14] (Chicony Electronics Co., Ltd.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\kir\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 16:27 - 2015-04-20 16:29 - 00002353 _____ () C:\Users\kir\Desktop\FSS.txt
2015-04-20 16:26 - 2015-04-20 16:26 - 00415232 _____ (Farbar) C:\Users\kir\Desktop\FSS.exe
2015-04-17 19:25 - 2015-04-17 19:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-17 19:22 - 2015-04-17 19:49 - 00000000 ____D () C:\Users\kir\Desktop\mbar
2015-04-17 19:20 - 2015-04-17 19:21 - 16502728 _____ (Malwarebytes Corp.) C:\Users\kir\Desktop\mbar-1.09.1.1004.exe
2015-04-17 01:26 - 2015-04-17 01:42 - 00059257 _____ () C:\Users\kir\Desktop\Addition.txt
2015-04-17 01:24 - 2015-04-21 00:07 - 00028351 _____ () C:\Users\kir\Desktop\FRST.txt
2015-04-17 01:22 - 2015-04-19 00:35 - 01137664 _____ (Farbar) C:\Users\kir\Desktop\FRST.exe
2015-04-17 00:51 - 2015-04-21 00:06 - 00170572 _____ () C:\Windows\WindowsUpdate.log
2015-04-07 19:21 - 2015-04-07 19:21 - 00495294 _____ () C:\Users\kir\Desktop\what_a_girl_wants_kelk_lindsey.epub
2015-04-05 17:31 - 2015-04-05 17:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-21 00:06 - 2014-06-02 03:01 - 00000000 ____D () C:\FRST
2015-04-21 00:01 - 2011-04-26 13:13 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-21 00:00 - 2011-04-26 13:13 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-21 00:00 - 2007-03-20 00:01 - 00017408 _____ () C:\Windows\system32\rpcnetp.exe
2015-04-20 19:11 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-20 19:11 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-20 15:11 - 2014-05-16 13:42 - 00017408 _____ () C:\Windows\system32\rpcnetp.dll
2015-04-20 15:11 - 2007-03-20 00:07 - 00069792 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2015-04-20 15:11 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-20 05:55 - 2007-06-29 18:52 - 00007460 _____ () C:\Windows\bthservsdp.dat
2015-04-20 05:55 - 2006-11-02 14:01 - 00032552 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-17 20:02 - 2015-01-08 18:55 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-17 19:25 - 2014-04-16 16:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-17 19:22 - 2014-04-14 19:04 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-17 14:10 - 2014-12-28 19:12 - 00000000 ____D () C:\Users\kir\Desktop\New Folder (2)
2015-04-17 14:10 - 2014-09-12 16:15 - 00000000 ____D () C:\Users\kir\Desktop\New Folder
2015-04-17 00:48 - 2014-06-02 03:09 - 00000000 ____D () C:\AdwCleaner
2015-04-17 00:36 - 2008-06-12 15:40 - 00000000 ____D () C:\Windows\Minidump
2015-04-15 18:13 - 2012-04-11 09:45 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 18:13 - 2011-06-21 17:25 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-14 22:18 - 2011-11-28 21:41 - 00000000 ____D () C:\Users\kir\Documents\Lib Stuff
2015-04-14 18:29 - 2013-09-18 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-04-08 14:48 - 2015-02-09 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-08 14:48 - 2014-08-07 15:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-08 14:47 - 2012-10-17 00:44 - 00000000 ____D () C:\Program Files\Avira
2015-04-05 21:16 - 2012-04-26 01:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-05 16:42 - 2014-07-08 16:45 - 00000080 _____ () C:\Users\kir\Desktop\gn.txt
2015-04-04 23:01 - 2015-02-23 19:52 - 00000000 ____D () C:\Users\kir\Desktop\m
2015-04-01 15:05 - 2012-10-17 00:50 - 00000000 ____D () C:\Users\kir\AppData\Roaming\Avira
2015-04-01 15:03 - 2012-10-17 00:44 - 00000000 ____D () C:\ProgramData\Avira
2015-03-26 19:31 - 2007-09-22 16:16 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-26 01:02 - 2014-12-02 23:17 - 00000453 _____ () C:\Users\kir\Desktop\RenewDates.txt

==================== Files in the root of some directories =======

2011-08-30 19:17 - 2011-08-30 19:17 - 0000268 ___RH () C:\Users\kir\AppData\Roaming\Trumpet Section
2011-08-30 19:18 - 2011-08-30 19:18 - 0000268 ___RH () C:\Users\kir\AppData\Roaming\Tuner
2011-08-30 19:18 - 2011-08-30 19:18 - 0000268 ___RH () C:\Users\kir\AppData\Roaming\URLs
2007-09-05 17:47 - 2009-09-09 18:03 - 0000412 _____ () C:\Users\kir\AppData\Roaming\wklnhst.dat
2009-01-10 19:46 - 2013-07-29 18:28 - 0006648 _____ () C:\Users\kir\AppData\Local\d3d9caps.dat
2007-09-05 17:43 - 2013-02-01 17:08 - 0079872 _____ () C:\Users\kir\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-10-07 20:39 - 2009-05-05 21:48 - 0000600 _____ () C:\Users\kir\AppData\Local\PUTTY.RND
2012-02-03 07:07 - 2012-02-03 07:07 - 0003774 _____ () C:\ProgramData\114la.ico
2007-12-02 18:51 - 2013-05-22 20:51 - 0002137 _____ () C:\ProgramData\hpzinstall.log
2011-08-30 19:18 - 2011-08-30 19:18 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2011-08-30 19:17 - 2011-08-30 19:17 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2011-08-30 19:18 - 2011-08-30 19:18 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2011-08-30 19:17 - 2011-08-30 19:17 - 0000268 ___RH () C:\ProgramData\User Pictures
2011-08-30 19:18 - 2011-08-30 19:18 - 0000268 ___RH () C:\ProgramData\Utilities
2011-08-30 19:18 - 2011-08-30 19:18 - 0000268 ___RH () C:\ProgramData\Vocal Transformer

Some content of TEMP:
====================
C:\Users\kir\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-20 15:24

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-04-2015
Ran by kir at 2015-04-21 00:08:03
Running from C:\Users\kir\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe InDesign CS4 (HKLM\...\Adobe_1710d324011afc3e7658e969025f4ba) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AIO_Scan (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.1 - Auslogics Software Pty Ltd)
Avira (HKLM\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
C4380_Help (Version: 90.0.189.000 - Hewlett-Packard) Hidden
C5200 (Version: 100.0.206.000 - Hewlett-Packard) Hidden
C5200_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Camera Assistant Software for Gateway (HKLM\...\{39098402-3F7A-4257-A4AE-FC1181D1B40B}) (Version: 1.7.022.0430 - Chicony Electronics Co.,Ltd.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‪Canon Inc.‬)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.01 - Canon Inc.)
Canon MG4200 series On-screen Manual (HKLM\...\Canon MG4200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG4200 series User Registration (HKLM\...\Canon MG4200 series User Registration) (Version:  - Canon Inc.‎)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Chinese Simplified Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-2447-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Chinese Traditional Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-2448-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Copy (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Creative Removable Disk Manager (HKLM\...\Creative Removable Disk Manager) (Version:  - )
Creative System Information (HKLM\...\SysInfo) (Version:  - )
Crystal Ball (HKLM\...\{2967D5BC-740B-4422-B019-5560DA932F15}) (Version: 11.1.63.0 - Crystal Ball)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
Dia (remove only) (HKLM\...\Dia) (Version:  - )
DocProc (Version: 10.0.0.0 - Hewlett-Packard) Hidden
EA SPORTS Gameface Browser Plugin 1.3.1.0 (HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\EA SPORTS Gameface Browser Plugin) (Version: 1.3.1.0 - Electronic Arts)
Far Cry (Patch 1.4) (Version: 1.00.0000 - Ubisoft) Hidden
Fax (Version: 100.0.187.000 - Hewlett-Packard) Hidden
GanttProject (HKLM\...\GanttProject) (Version:  - )
GanttProject 2.0.9 (HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\GanttProject 2.0.9) (Version:  - GanttProject Team)
Gateway Recovery Center Installer (HKLM\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.027 - Gateway)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photosmart All-In-One Driver Software 10.0 Rel .2 (HKLM\...\{20B30DC1-E423-4939-B51D-05C58B0F9BBB}) (Version: 10.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
iPhone Configuration Utility (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180000}) (Version: 8.0.0 - Oracle Corporation)
K-Lite Mega Codec Pack 10.0.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.0.5 - )
Kotor Tool (HKLM\...\Kotor Tool) (Version:  - )
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Maple 11 (HKLM\...\Maple 11) (Version: 11.0.0.0 - Maplesoft)
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
Media Go (HKLM\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)
Media Go Network Downloader (HKLM\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.12.106.06300 (HKLM\...\{073B10F3-AD7B-4083-FDE4-EF552EA7362D}) (Version: 2.12.106.06300 - Sony)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version:  - )
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0080 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Moto Contacts Tool (HKLM\...\{018C7ADA-ED29-413F-BE57-2200A0FEFC06}) (Version: 1.00.0007 - Motorola)
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\Move Networks Player - IE) (Version:  - )
Mozilla Firefox 37.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 37.0.1 (x86 en-GB)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Server 4.1 (HKLM\...\{FF2705ED-8734-417D-A854-4EA3F679CCC5}) (Version: 4.1.22 - MySQL AB)
Network Play System (Patching) (HKLM\...\Network Play System (Patching)) (Version:  - )
Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.4.49.0 - Nokia)
Nokia Suite (Version: 3.4.49.0 - Nokia) Hidden
Nuance PDF Professional 5 (HKLM\...\{20ECF3EE-4F7B-40ED-98E7-8CA63FC69F14}) (Version: 5.00.3233 - Nuance Communications, Inc)
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PanoStandAlone (Version: 100.0.170.000 - Hewlett-Packard) Hidden
PC Connectivity Solution (HKLM\...\{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}) (Version: 12.0.17.0 - Nokia)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
PlayStation®Network Downloader (HKLM\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.03.00126 - Sony Computer Entertainment Inc.)
PlayStation®Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 3.2.11.09227 - Sony Computer Entertainment Inc.)
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
PS_AIO_02_ProductContext (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapport (Version: 3.5.1404.84 - Trusteer) Hidden
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
Scansoft PDF Professional (Version:  - ) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Sony Ericsson Device Data (Version: 1.0.32 - Sony Ericsson) Hidden
Sony Ericsson Drivers (Version: 1.0.28 - Sony Ericsson) Hidden
Sony Ericsson PC Suite (HKLM\...\{D6BF6477-8369-489F-8DE6-3731F4B88560}) (Version: 2.10.46 - )
Sony Ericsson PC Suite (Version: 2.10.37 - Sony Ericsson) Hidden
Sony PC Companion 2.10.197 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
Status (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.3.0 - Synaptics)
System Requirements Lab for Intel (HKLM\...\{EFE3D683-903C-4B58-AB8F-C68C69F33758}) (Version: 4.5.3.0 - Husdawg, LLC)
The Sims Livin' it up (HKLM\...\{49D4FCCF-45D6-11D4-8F73-0050DA0F6297}) (Version:  - )
The Sims Makin' Magic (HKLM\...\{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}) (Version:  - )
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1404.84 - Trusteer)
Unity Web Player (HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Service (HKLM\...\Update Service) (Version: 2.10.7.15 - Sony Ericsson Mobile Communications AB)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software 6.0.1.4900 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4900 -  )
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
ZEN Vision:M Series Media Explorer (HKLM\...\ZEN Vision:M Series Media Explorer) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00BB2764-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{067B4B81-B1EC-489F-B111-940EBDC44EBE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{0E890F83-5F79-11D1-9043-00C04FD9189D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{1DCB3A00-33ED-11D3-8470-00C04F79DBC0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{22D6F312-B0F6-11D0-94AB-0080C74C7E95}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{25BAAD81-3560-11D3-8471-00C04F79DBC0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F4CF-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F4F5-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{30C3B080-30FB-11D0-B724-00AA006C1A01}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3484F78F-F8CE-4CF3-914F-10F1A76BF0D5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{385A91BC-1E8A-4E4A-A7A6-F4FC1E6CA1BD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3F30C968-480A-4C6C-862D-EFC0897BB84B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4063BE15-3B08-470D-A0D5-B37161CFFD69}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\kir\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4657278A-411B-11D2-839A-00C04FD918D0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4CB26C03-FF93-11D0-817E-0000F87557DB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4DB26476-6787-4046-B836-E8412A9E8A27}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4FD2A832-86C8-11D0-8FCA-00C04FD9189D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{527C9A9B-B9A2-44B0-84F9-F0DC11C2BCFB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{5C4094D7-4213-4C40-9E33-16A2D2D69EF2}\InprocServer32 -> C:\Program Files\Sony\PlayStation Store\StoreDrmUtility.dll (Sony Computer Entertainment Inc.)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{5DC5B31E-0C28-4679-B8D8-32CF2F9BACED}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6263C176-0876-4B04-8DE0-44AB74489D72}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6935DB93-21E8-4CCC-BEB9-9FE3C77A297A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6A01FDA0-30DF-11D0-B724-00AA006C1A01}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6BF52A52-394A-11D3-B153-00C04F79FAA6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6E8D4A20-310C-11D0-B79A-00AA003767A7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{77F419AA-771A-45FF-AC66-7567FA3243D3}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{77F7F122-20B0-4117-A2FB-059D1FC88256}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{7D9070AB-371A-4614-A964-D21BDFE1030B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{81397204-F51A-4571-8D7B-DC030521AABD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{85E94D25-0712-47ED-8CDE-B0971177C6A1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{875CB1A1-0F29-45DE-A1AE-CFB4950D0B78}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{8E85D0CE-DEAF-4EA1-9410-FD1A2105CEB5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{8F170678-2A97-4D59-89A1-7A0A71C1B677}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{9B8C4620-2C1A-11D0-8493-00A02438AD48}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{A7EE7F34-3BD1-427F-9231-F941E9B7E1FE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{AB968F1E-E20B-403A-9EB8-72EB0EB6797E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{ADC6CB82-424C-11D2-952A-00C04FA34F05}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{C206F324-BB45-4765-93FF-3BCA7306FF2E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> C:\Windows\system32\actxprxy.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CBD32ACD-3033-5DC4-AF3E-A32955785032}\InprocServer32 -> C:\Users\kir\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CD8743A1-3736-11D0-9E69-00C04FD7C15B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CE292861-FC88-11D0-9E69-00C04FD7C15B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{D1FE6762-FC48-11D0-883A-3C8B00C10000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{DF2FCE13-25EC-45BB-9D4C-CECD47C2430C}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E03E85B0-7BE3-4000-BA98-6C13DE9FA486}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E1F1A0B8-BEEE-490D-BA7C-066C40B5E2B9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Users\kir\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E3E478D6-A2F2-4791-89A3-21F5C78DC3EC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Users\kir\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Users\kir\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{FCC152B7-F372-11D0-8E00-00C04FD7C08B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Users\kir\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InprocServer32 -> No File Path

==================== Restore Points  =========================

04-04-2015 02:05:08 Windows Update
05-04-2015 16:49:10 Scheduled Checkpoint
07-04-2015 20:07:31 Scheduled Checkpoint
08-04-2015 01:42:55 Windows Update
08-04-2015 15:49:02 Scheduled Checkpoint
10-04-2015 15:05:33 Scheduled Checkpoint
11-04-2015 01:22:51 Windows Update
12-04-2015 02:57:29 Installed Chinese Simplified Fonts Support For Adobe Reader X.
14-04-2015 18:28:43 Installed Rapport
15-04-2015 01:42:34 Windows Update
18-04-2015 01:48:24 Windows Update
19-04-2015 00:36:12 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2007-09-08 12:48 - 00178248 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1    babe.the-killer.bz
127.0.0.1    www.babe.the-killer.bz
127.0.0.1    babe.k-lined.com
127.0.0.1    www.babe.k-lined.com
127.0.0.1    did.i-used.cc
127.0.0.1    www.did.i-used.cc
127.0.0.1    coolwwwsearch.com
127.0.0.1    www.coolwwwsearch.com
127.0.0.1    coolwebsearch.com
127.0.0.1    www.coolwebsearch.com
127.0.0.1    hi.studioaperto.net
127.0.0.1    www.hi.studioaperto.net
127.0.0.1    wazzupnet.com
127.0.0.1    www.wazzupnet.com
127.0.0.1    gueb.com
127.0.0.1    www.gueb.com
127.0.0.1    kabex.com
127.0.0.1    www.kabex.com
127.0.0.1    hityou.com
127.0.0.1    www.hityou.com
127.0.0.1    miosearch.com
127.0.0.1    www.miosearch.com
127.0.0.1    blue-elefant.com
127.0.0.1    www.blue-elefant.com
127.0.0.1    babeweb.de
127.0.0.1    www.babeweb.de
127.0.0.1    start-seite.com
127.0.0.1    www.start-seite.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0DDC18C3-EE4C-4ACD-BBC9-3D7EC73E008C} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - kir => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {16C4E370-E6EC-4CC8-AC56-73EFFF6235FD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {228C0041-F747-4ED3-A345-D120C2BE7882} - System32\Tasks\Microsoft\Windows\RestartManager\{40FF92F9-5952-4115-A106-7A530C9EFA9F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {2D2A5167-F886-4751-B474-4F64CC32D776} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3409986712-3818737891-1182124187-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {2EBCA8EB-E63C-4B9C-BC70-138141499F35} - System32\Tasks\{A59FEC0E-20A6-4A52-8F43-B664F8BF1A8A} => pcalua.exe -a C:\Users\kir\Desktop\ComboFix.exe -d C:\Users\kir\Desktop
Task: {47E7A8FF-F674-455E-A73F-3DA36CA74F2C} - System32\Tasks\Microsoft\Windows\RestartManager\{3F1DB646-2AC6-413b-AE84-09ECA4FBD948} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {63F0888E-2C25-4113-9680-7BC1AAEDE350} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {665B26E7-3C0B-4268-959A-199585431F1C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {6B58BB98-6868-4309-B118-A08A4EAE2530} - System32\Tasks\Microsoft\Windows\RestartManager\{85BB0742-CBCC-49fa-B0C2-91CF9FCF11C3} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {88131826-F0A2-4A4B-AA56-840049560A8D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {B2F76297-BFEE-4D90-BA12-7BFE273416AD} - System32\Tasks\Microsoft\Windows\RestartManager\{B18D328B-2298-4de5-B450-16A2E8E8B2EE} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {E5706851-D6A5-42ED-A217-60A0E1EA333D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3409986712-3818737891-1182124187-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2007-09-19 17:04 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2008-02-27 02:09 - 2008-02-27 02:09 - 02560000 _____ () C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll
2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-07-27 19:51 - 2009-02-13 13:44 - 00117264 _____ () c:\Program Files\McAfee\SiteAdvisor\apengine.dll
2008-07-27 19:51 - 2009-02-13 13:44 - 00071696 _____ () c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
2008-07-27 19:51 - 2009-02-13 13:44 - 00207376 _____ () c:\Program Files\McAfee\SiteAdvisor\cntscan.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:981884E7

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\kir\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^kir^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ViiKiiDesktopPlugin.lnk => C:\Windows\pss\ViiKiiDesktopPlugin.lnk.Startup
MSCONFIG\startupreg: BigFix => c:\program files\Bigfix\bigfix.exe /atstartup
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: CTSyncU.exe => "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files\Nuance\PDF Professional 5\pdfpro5hook.exe
MSCONFIG\startupreg: Sony Ericsson PC Suite => "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-3409986712-3818737891-1182124187-500 - Administrator - Disabled)
Guest (S-1-5-21-3409986712-3818737891-1182124187-501 - Limited - Disabled)
kir (S-1-5-21-3409986712-3818737891-1182124187-1000 - Administrator - Enabled) => C:\Users\kir

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/21/2015 00:00:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16912989

Error: (04/21/2015 00:00:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16912989

Error: (04/21/2015 00:00:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/20/2015 04:23:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 315153

Error: (04/20/2015 04:23:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 315153

Error: (04/20/2015 04:23:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/20/2015 03:19:53 PM) (Source: LoadPerf) (EventID: 3002) (User: )
Description: < SQ舸ẶS谀군"er舾Ặ0蠀16

Error: (04/20/2015 03:09:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (03/20/2007 00:01:46 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (04/19/2015 07:34:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9906


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (08/09/2011 02:15:03 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 146 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (02/20/2010 08:51:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7629 seconds with 1200 seconds of active time.  This session ended with a crash.

Error: (12/03/2009 01:52:47 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30596 seconds with 5160 seconds of active time.  This session ended with a crash.

Error: (11/25/2009 03:39:24 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16893 seconds with 10440 seconds of active time.  This session ended with a crash.

Error: (12/02/2008 09:11:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 28 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/30/2008 03:58:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 20 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/30/2008 03:16:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 13 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/29/2008 07:12:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 15 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/29/2008 06:57:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 85 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (11/29/2008 06:46:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 51 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-04-21 00:07:45.971
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-21 00:07:45.753
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-21 00:07:45.534
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-21 00:07:45.300
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-21 00:07:11.246
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-21 00:07:11.043
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-21 00:07:10.840
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-21 00:07:10.637
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-21 00:07:10.294
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-21 00:07:10.091
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T7100 @ 1.80GHz
Percentage of memory in use: 51%
Total physical RAM: 2037.69 MB
Available physical RAM: 996.45 MB
Total Pagefile: 4316.6 MB
Available Pagefile: 2661.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:139.2 GB) (Free:29.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (RECOVERY) (Fixed) (Total:9.85 GB) (Free:3.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 7BD1F01D)
Partition 1: (Not Active) - (Size=9.9 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=139.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 


Edited by utcol2, 20 April 2015 - 05:28 PM.

  • 0

#12
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
We'll check Windows updates later, first I want to have a clean machine to install anything more there.



JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.


adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • The program will begin to update the database (if internet connection is operational). Please wait a little bit.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.
Please include the contents of that file in your reply.
  • 0

#13
utcol2

utcol2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

OK, thanks. Here are the logs:

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.0 (04.20.2015:1)
OS: Windows Vista ™ Home Premium x86
Ran by kir on 2015-04-22 at  0:37:45.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Program Files\bigfix



~~~ FireFox

Emptied folder: C:\Users\kir\AppData\Roaming\mozilla\firefox\profiles\uqbwghbl.default\minidumps [292 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-04-22 at  0:44:31.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

 

# AdwCleaner v4.201 - Logfile created 22/04/2015 at 01:01:34
# Updated 08/04/2015 by Xplode
# Database : 2015-04-21.3 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : kir - PC
# Running from : C:\Users\kir\Desktop\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\kir\AppData\Roaming\download Manager
Folder Deleted : C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C43F0D7D-78F0-47B8-954C-8FB36960B785}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C43F0D7D-78F0-47B8-954C-8FB36960B785}
Key Deleted : HKCU\Software\Local AppWizard-Generated Applications

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v37.0.1 (x86 en-GB)


-\\ Google Chrome v42.0.2311.90

[C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : flliilndjeohchalpbbcdekjklbdgfkk
[C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] :

*************************

AdwCleaner[R6].txt - [1227 bytes] - [15/03/2015 03:43:50]
AdwCleaner[R7].txt - [1034 bytes] - [17/04/2015 00:47:18]
AdwCleaner[R8].txt - [15619 bytes] - [22/04/2015 00:55:22]
AdwCleaner[S6].txt - [1296 bytes] - [15/03/2015 03:47:36]
AdwCleaner[S7].txt - [1096 bytes] - [17/04/2015 00:48:15]
AdwCleaner[S8].txt - [1960 bytes] - [22/04/2015 01:01:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [2019  bytes] ##########
 


  • 0

#14
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Go to the C:\AdwCleaner folder and post me please these logfiles:

R7
R8
S7
  • 0

#15
utcol2

utcol2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

OK, here they are:

 

 

# AdwCleaner v3.216 - Report created 17/04/2015 at 00:47:18
# Updated 17/07/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : kir - PC
# Running from : C:\Users\kir\Desktop\adwcleaner_3.216.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v37.0.1 (x86 en-GB)

[ File : C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\prefs.js ]


-\\ Google Chrome v41.0.2272.118

[ File : C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R6].txt - [1227 octets] - [15/03/2015 03:43:50]
AdwCleaner[R7].txt - [836 octets] - [17/04/2015 00:47:18]
AdwCleaner[S6].txt - [1296 octets] - [15/03/2015 03:47:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R7].txt - [955 octets] ##########
 

 

 

 

 

 

# AdwCleaner v4.201 - Logfile created 22/04/2015 at 00:55:22
# Updated 08/04/2015 by Xplode
# Database : 2015-04-21.3 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : kir - PC
# Running from : C:\Users\kir\Desktop\adwcleaner_4.201.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js
Folder Found : C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
Folder Found : C:\Users\kir\AppData\Roaming\download Manager

***** [ Scheduled tasks ] *****

Task Found : Express FilesUpdate
Task Found : RunAsStdUser Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Local AppWizard-Generated Applications
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C43F0D7D-78F0-47B8-954C-8FB36960B785}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C43F0D7D-78F0-47B8-954C-8FB36960B785}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v37.0.1 (x86 en-GB)


-\\ Google Chrome v42.0.2311.90

[C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : flliilndjeohchalpbbcdekjklbdgfkk
[C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Default_Search_Provider_Data] : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}",
         "usage_count": 0
      }
   },
   "extensions": {
      "settings": {
         "aapocclcgogkmnckokdopfmhonfmgoek": {
            "ack_external": true,
            "active_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "zm",
            "commands": {

            },
            "content_settings": [  ],
            "creation_flags": 137,
            "disable_reasons": 1,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": true,
            "granted_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {

            },
            "initial_keybindings_set": true,
            "install_time": "13067631497468000",
            "lastpingday": "13072950007518788",
            "location": 1,
            "manifest": {
               "api_console_project_id": "889782162350",
               "app": {
                  "launch": {
                     "local_path": "main.html"
                  }
               },
               "container": "GOOGLE_DRIVE",
               "current_locale": "en_US",
               "default_locale": "en_US",
               "description": "Create and edit presentations ",
               "icons": {
                  "128": "icon_128.png",
                  "16": "icon_16.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLOGW2Hoztw8m2z6SmCjm7y4Oe2o6aRqO+niYKCXhZab572by7acqFIFF0On3e3a967SwNijsTx2n+7Mt3KqWzEKtnwUZqzHYSsdZZK64vWIHIduawP0EICWRMf2RGIBEdDC6I1zErtcDiSrJWeRlnb0DHWXDXlt1YseM7RiON9wIDAQAB",
               "manifest_version": 2,
               "name": "Google Slides",
               "offline_enabled": true,
               "update_url": "hxxps://clients2.google.com/service/update2/crx",
               "version": "0.9"
            },
            "page_ordinal": "n",
            "path": "aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0",
            "preferences": {

            },
            "regular_only_preferences": {

            },
            "state": 0,
            "was_installed_by_default": true,
            "was_installed_by_oem": false
         },
         "ahfgeienlihckogmohjhadlkjgocpleb": {
            "active_permissions": {
               "api": [ "management", "system.display", "system.storage", "webstorePrivate", "system.cpu", "system.memory", "system.network" ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "t",
            "commands": {

            },
            "content_settings": [  ],
            "creation_flags": 1,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": false,
            "incognito_content_settings": [  ],
            "incognito_preferences": {

            },
            "install_time": "13065213381178781",
            "location": 5,
            "manifest": {
               "app": {
                  "launch": {
                     "web_url": "hxxps://chrome.google.com/webstore"
                  },
                  "urls": [ "hxxps://chrome.google.com/webstore" ]
               },
               "description": "Discover great apps, games, extensions and themes for Google Chrome.",
               "icons": {
                  "128": "webstore_icon_128.png",
                  "16": "webstore_icon_16.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB",
               "name": "Web Store",
               "permissions": [ "webstorePrivate", "management", "system.cpu", "system.display", "system.memory", "system.network", "system.storage" ],
               "version": "0.2"
            },
            "page_ordinal": "n",
            "path": "C:\\Program Files\\Google\\Chrome\\Application\\39.0.2171.95\\resources\\web_store",
            "preferences": {

            },
            "regular_only_preferences": {

            },
            "state": 1,
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "aohghmighlieiainnegkcijnfilokake": {
            "ack_external": true,
            "active_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "w",
            "commands": {

            },
            "content_settings": [  ],
            "creation_flags": 137,
            "disable_reasons": 1,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": true,
            "granted_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {

            },
            "initial_keybindings_set": true,
            "install_time": "13067631508166000",
            "lastpingday": "13072950007518788",
            "location": 1,
            "manifest": {
               "api_console_project_id": "619683526622",
               "app": {
                  "launch": {
                     "local_path": "main.html"
                  }
               },
               "container": "GOOGLE_DRIVE",
               "current_locale": "en_US",
               "default_locale": "en_US",
               "description": "Create and edit documents ",
               "icons": {
                  "128": "icon_128.png",
                  "16": "icon_16.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJhLK6fk/BWTEvJhywpk7jDe4A2r0bGXGOLZW4/AdBp3IiD9o9nx4YjLAtv0tIPxi7MvFd/GUUbQBwHT5wQWONJj1z/0Rc2qBkiJA0yqXh42p0snuA8dCfdlhOLsp7/XTMEwAVasjV5hC4awl78eKfJYlZ+8fM/UldLWJ/51iBQwIDAQAB",
               "manifest_version": 2,
               "name": "Google Docs",
               "offline_enabled": true,
               "update_url": "hxxps://clients2.google.com/service/update2/crx",
               "version": "0.9"
            },
            "page_ordinal": "n",
            "path": "aohghmighlieiainnegkcijnfilokake\\0.9_0",
            "preferences": {

            },
            "regular_only_preferences": {

            },
            "state": 0,
            "was_installed_by_default": true,
            "was_installed_by_oem": false
         },
         "apdfllckaahabafndbhieahigkjlhalf": {
            "ack_external": true,
            "active_permissions": {
               "api": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "y",
            "commands": {

            },
            "content_settings": [  ],
            "creation_flags": 137,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": true,
            "granted_permissions": {
               "api": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {

            },
            "install_time": "13067631487996000",
            "lastpingday": "13072950007518788",
            "location": 1,
            "manifest": {
               "app": {
                  "launch": {
                     "web_url": "hxxps://drive.google.com/?usp=chrome_app"
                  },
                  "urls": [ "hxxp://docs.google.com/", "hxxp://drive.google.com/", "hxxps://docs.google.com/", "hxxps://drive.google.com/" ]
               },
               "background": {
                  "allow_js_access": false
               },
               "current_locale": "en_US",
               "default_locale": "en_US",
               "description": "Google Drive: create, share and keep all your stuff in one place.",
               "icons": {
                  "128": "128.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIl5KlKwL2TSkntkpY3naLLz5jsN0YwjhZyObcTOK6Nda4Ie21KRqZau9lx5SHcLh7pE2/S9OiArb+na2dn7YK5EvH+aRXS1ec3uxVlBhqLdnleVgwgwlg5fH95I52IeHcoeK6pR4hW/Nv39GNlI/Uqk6O6GBCCsAxYrdxww9BiQIDAQAB",
               "manifest_version": 2,
               "name": "Google Drive",
               "offline_enabled": true,
               "options_page": "hxxps://drive.google.com/settings",
               "permissions": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
               "update_url": "hxxps://clients2.google.com/service/update2/crx",
               "version": "6.4"
            },
            "page_ordinal": "n",
            "path": "apdfllckaahabafndbhieahigkjlhalf\\6.4_0",
            "preferences": {

            },
            "regular_only_preferences": {

            },
            "state": 1,
            "was_installed_by_default": true,
            "was_installed_by_oem": false
         },
         "bepbmhgboaologfdajaanbcjmnhjmhfn": {
            "disable_reasons": 1,
            "state": 0
         },
         "blpcfgokakmgnkcojhhkbfbldkacnbeo": {
            "ack_external": true,
            "active_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "z",
            "commands": {

            },
            "content_settings": [  ],
            "creation_flags": 153,
            "events": [  ],
            "from_bookmark": true,
            "from_webstore": true,
            "granted_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {

            },
            "install_time": "13067631515091000",
            "lastpingday": "13072950007518788",
            "location": 1,
            "manifest": {
               "app": {
                  "launch": {
                     "container": "tab",
                     "web_url": "hxxp://www.youtube.com/?feature=ytca"
                  },
                  "web_content": {
                     "enabled": true,
                     "origin": "hxxp://www.youtube.com"
                  }
               },
               "current_locale": "en_US",
               "default_locale": "en",
               "description": "The world's most popular online video community.",
               "icons": {
                  "128": "128.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB",
               "manifest_version": 2,
               "name": "YouTube",
               "update_url": "hxxp://clients2.google.com/service/update2/crx",
               "version": "4.2.7"
            },
            "page_ordinal": "n",
            "path": "blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.7_0",
            "preferences": {

            },
            "regular_only_preferences": {

            },
            "state": 1,
            "was_installed_by_default": true,
            "was_installed_by_oem": false
         },
         "coobgpohoikkiipiblmjeljniedjpjpf": {
            "ack_external": true,
            "active_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "yn",
            "commands": {

            },
            "content_settings": [  ],
            "creation_flags": 153,
            "events": [  ],
            "from_bookmark": true,
            "from_webstore": true,
            "granted_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {

            },
            "install_time": "13072297819166200",
            "lastpingday": "13072950007518788",
            "location": 1,
            "manifest": {
               "app": {
                  "launch": {
                     "web_url": "hxxp://www.google.com/webhp?source=search_app"
                  },
                  "urls": [ "*://www.google.com/search", "*://www.google.com/webhp", "*://www.google.com/imgres" ]
               },
               "current_locale": "en_US",
               "default_locale": "en",
               "description": "The fastest way to search the web.

*************************

AdwCleaner[R6].txt - [1227 bytes] - [15/03/2015 03:43:50]
AdwCleaner[R7].txt - [1034 bytes] - [17/04/2015 00:47:18]
AdwCleaner[R8].txt - [15361 bytes] - [22/04/2015 00:55:22]
AdwCleaner[S6].txt - [1296 bytes] - [15/03/2015 03:47:36]
AdwCleaner[S7].txt - [1096 bytes] - [17/04/2015 00:48:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R8].txt - [15539 bytes] ##########
 

 

 

 

# AdwCleaner v3.216 - Report created 17/04/2015 at 00:48:15
# Updated 17/07/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : kir - PC
# Running from : C:\Users\kir\Desktop\adwcleaner_3.216.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v37.0.1 (x86 en-GB)

[ File : C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\prefs.js ]


-\\ Google Chrome v41.0.2272.118

[ File : C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R6].txt - [1227 octets] - [15/03/2015 03:43:50]
AdwCleaner[R7].txt - [1034 octets] - [17/04/2015 00:47:18]
AdwCleaner[S6].txt - [1296 octets] - [15/03/2015 03:47:36]
AdwCleaner[S7].txt - [957 octets] - [17/04/2015 00:48:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1016 octets] ##########
 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP