Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bluescreen problem [Solved]


  • This topic is locked This topic is locked

#16
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
It's 2.30 am here and I am heading for bed. Will get through these tomorrow and I will come back to you :)
  • 0

Advertisements


#17
utcol2

utcol2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Ok thanks a lot. Good night :)


  • 0

#18
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi,

I am sorry - I went to visit my family living on Belarus, there was a huge storm, we had 3 days without any electricity and the internet connection was totally broken down for almost two weeks. It's the first day I am able to reply and I am really sorry for that. Nobody expected that :(




51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    autoclean;
    emptyclsid;
    firefoxlook;
    chromelook;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!
  • 0

#19
utcol2

utcol2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Hi it's really no problem at all :) Thanks for your reply as always. Here is the log:

 

 

Zoek.exe v5.0.0.0 Updated 05-March-2015
Tool run by kir on 2015-05-04 at 19:39:51.78.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\kir\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

2015-05-04 19:47:11 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Program Files\eGames deleted successfully
C:\Program Files\Gabest deleted successfully
C:\Program Files\Hewlett-Packard deleted successfully
C:\Program Files\Malwarebytes' Anti-Malware deleted successfully
C:\Program Files\MSN Games deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\Panda Security deleted successfully
C:\Program Files\TLI deleted successfully
C:\Program Files\Tudou deleted successfully
C:\Program Files\Yahoo! deleted successfully
C:\PROGRA~2\BlazeVideo deleted successfully
C:\PROGRA~2\BlueStacksSetup deleted successfully
C:\PROGRA~2\Canon IJ Network Tool deleted successfully
C:\PROGRA~2\NokiaAccount deleted successfully
C:\PROGRA~2\WebEx deleted successfully
C:\PROGRA~2\WLInstaller deleted successfully
C:\Users\kir\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\kir\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\kir\AppData\Roaming\Naver deleted successfully
C:\Users\kir\AppData\Roaming\SampleView deleted successfully
C:\Users\kir\AppData\Roaming\UDown deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3409986712-3818737891-1182124187-1000\Software\Microsoft\Internet Explorer\SearchScopes\{105D2601-A980-4C49-B0BF-B1E2B030E357} deleted successfully
HKEY_USERS\S-1-5-21-3409986712-3818737891-1182124187-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2776AC96-B892-4EAF-BC9D-E567B313D34B} deleted successfully
HKEY_USERS\S-1-5-21-3409986712-3818737891-1182124187-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2917327F-B496-446B-8A06-4AB915B4D315} deleted successfully
HKEY_USERS\S-1-5-21-3409986712-3818737891-1182124187-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62BDC5C4-662A-4068-95BB-ED941D83E115} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\eGames not found
C:\Program Files\Gabest not found
C:\Program Files\Hewlett-Packard not found
C:\Program Files\Malwarebytes' Anti-Malware not found
C:\Program Files\MSN Games not found
C:\Program Files\Panda Security not found
C:\Program Files\TLI not found
C:\Program Files\Tudou not found
C:\Program Files\Yahoo! not found
C:\Windows\system32\appdata deleted
C:\PROGRA~2\115 deleted
C:\Users\kir\.android deleted
C:\found.000 deleted
C:\found.001 deleted
C:\Users\kir\AppData\Roaming\Yahoo! deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\kir\Downloads\HSS-1.04-install-anchorfree-76-conduit.exe deleted
C:\Windows\system32\tasks\RunAsStdUser Task deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\extensions\[email protected] deleted
"C:\Users\kir\AppData\Roaming\Trumpet Section" deleted
"C:\Users\kir\AppData\Roaming\Tuner" deleted
"C:\Users\kir\AppData\Roaming\URLs" deleted
"C:\ProgramData\User Pictures" deleted
"C:\ProgramData\Utilities" deleted
"C:\ProgramData\Vocal Transformer" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default
user_pref("browser.startup.homepage", "https://www.google.c...GOOU0AWlooFA");
user_pref("searchreset.backup.browser.startup.homepage", "https://www.google.c...yT0QXnuYHAAQ");
user_pref("browser.search.selectedEngine", "Secure Search");
user_pref("keyword.URL", "https://uk.search.ya...D20140714&p=");
user_pref("searchreset.backup.keyword.URL", "http://uk.search.yah...fr=mcafee&p=");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files\McAfee\SiteAdvisor" [2007-03-20 00:01]

==== Firefox Extensions ======================

ProfilePath: C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default
- McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor
- Undetermined - {73a6fe31-595d-460b-a920-fcc0f8843232}
- Undetermined - {4ED1F68A-5463-4931-9384-8FFF5ED91D92}
- Chromifox Basic - %ProfilePath%\extensions\[email protected]
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- FoxyTunes - %ProfilePath%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
- EPUBReader - %ProfilePath%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
- Full Flat - %ProfilePath%\extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E}
- QuickRestart - %ProfilePath%\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default
1FBB6E454767A5B43DD980C7DE5D89F6    - C:\Program Files\QuickTime\Plugins\npqtplugin.dll -    QuickTime Plug-in 7.7.5
4AD1613FEDB87B4B18CADE745235A625    - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -    QuickTime Plug-in 7.7.5
81CB790A6AD230090086C644DC871FC3    - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -    QuickTime Plug-in 7.7.5
233F187A5425045011A0DD51F8B48E0F    - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -    QuickTime Plug-in 7.7.5
6B34823748BD3C10EB2816858025AFE9    - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -    QuickTime Plug-in 7.7.5
647670C013AD60DA6F94B6881E6AC9E4    - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll -    Adobe Acrobat
39309FEDDFA73FAE29EC99A07A55A3E8    - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll -    Adobe Acrobat
98137411B9C632095F919E2CE70B288A    - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll -    Google Update
CD15C606597287BE108CCC672D5793EF    - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll -    Nokia Suite Enabler Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67    - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -    Windows Presentation Foundation / Windows Presentation Foundation
F045DF7AF127DC4BCC53421850114E15    - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll -    Silverlight Plug-In
E7006BB5611298DBDD03FE3519C19AC2    - C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll -    Java™ Platform SE 8 U25
238F239EAEFF7E3E782913D599084E18    - C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll -    Java Deployment Toolkit 8.0.250.18
E14F0925B4ECE11FF0C1D53B155266C4    - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll -    DivX® Content Upload Plugin
3239619A441E23A20EC923DF92FF2D70    - C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll -    CANON iMAGE GATEWAY Album Plugin Utility for IJ
54740489C66AFC8B78CF9A2893A5DA63    - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -    iTunes Application Detector
66640A55AEFF3819C94E0A8D40D7E0AD    - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll -    Shockwave for Director / Shockwave for Director
9AE02005247DA91AB1743F5208DBEF76    - C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll -    Shockwave Flash
8B316809065BA74E3A4AE61EEB484076    - C:\Program Files\Sony\Media Go\npMediaGoDetector.dll -    Media Go Detector
E66945F023FC0B42DDCC81A37ED7E28F    - C:\Users\kir\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll -    Game Face Plugin
5EFDCE32D13D2C217BB9B1C0F8CBADB3    - C:\Users\kir\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll -    Unity Player
7D28153B7D586330678AD522B71D89CB    - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll -    Microsoft® Silverlight


==== Chromium Look ======================

Google Chrome Version: 42.0.2311.135 (Could not determine latest Stable Version)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx[2015-03-24 12:28]
ihenkjeihefokohmemphikjnjbmegdik - \C:\Program Files\Sony\Media Go\MediaGoDetector.crx\[]

SiteAdvisor - kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Bookmark Manager - kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Chrome Hotword Shared Module - kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Google Wallet - kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://search.google...={searchTerms}"
"Search Page"="http://search.google...={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
"CustomizeSearch"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft..../?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"Search Page"="http://go.microsoft..../?LinkId=54896"
"Start Page"="http://go.microsoft..../?LinkId=69157"
"Default_Page_URL"="http://go.microsoft..../?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn...t/srchcust.htm"
"SearchAssistant"="http://ie.search.msn...t/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IE8SRC"
{56B799F5-001C-4D51-B102-CB646059C307} Google  Url="http://www.google.co...=1I7GWYH_en-GB"
{B832163C-FC7D-4766-916D-D0727C113D57} Google  Url="http://www.google.co...ge={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ED292B4F-0409-E1C9-12A8-B50E00796067} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ihenkjeihefokohmemphikjnjbmegdik deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2 deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\kir\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=207 folders=54 1450415809 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\kir\AppData\Local\Temp will be emptied at reboot
C:\Users\TEMP\AppData\Local\Temp emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\kir\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\kir\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on 2015-05-04 at 20:55:59.27 ======================
 


  • 0

#20
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi :)
Thanks for understanding


Please update me now how is your machine behaving currently.


51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.


ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Enable detecion of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!
  • 0

#21
utcol2

utcol2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Hi, my machine had one bluescreen again before the time I ran the zoek scan. Windows Update still doesn't update, and Firefox is slow sometimes

 

I ran Malwarebytes and nothing was detected.

 

The ESET log is as follows:

 

 

 

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8b839a0d4d14e44db0545c9493dfbfaa
# engine=23708
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-06 04:19:52
# local_time=2015-05-06 05:19:52 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 0 268418720 0 0
# scanned=329635
# found=8
# cleaned=0
# scan_time=27442
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apnic.dll"
sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apnstub.exe"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe"
sh=CAEA90FF6AE35993D781796ACC6CC6AE32DEA915 ft=1 fh=df18cb28db7e8800 vn="a variant of Win32/HotSpotShield potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_kir_Downloads_HSS-1.04-install-anchorfree-76-conduit.exe.vir"
sh=CA459B0BCD6822AAFE10B31073CFB43376CEFC9B ft=1 fh=f0e2815e046880ef vn="a variant of Win32/CompuTrace.A potentially unsafe application" ac=I fn="E:\Windows\System32\autochk.exe"
sh=CA459B0BCD6822AAFE10B31073CFB43376CEFC9B ft=1 fh=f0e2815e046880ef vn="a variant of Win32/CompuTrace.A potentially unsafe application" ac=I fn="E:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe"
 


Edited by utcol2, 05 May 2015 - 10:38 PM.

  • 0

#22
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
OK, just to review the logfiles once again.



FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
  • 0

#23
utcol2

utcol2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Here are the logfiles :)

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2015 01
Ran by kir (administrator) on PC on 06-05-2015 18:40:34
Running from C:\Users\kir\Desktop
Loaded Profiles: kir (Available profiles: kir)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Windows\System32\CTSVCCDA.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
(Absolute Software Corp.) C:\Windows\System32\rpcnet.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SigmaTel, Inc.) C:\Windows\sttray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-17] (Synaptics, Inc.)
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [638976 2007-04-03] (Chicony)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [56080 2007-04-11] (Logitech Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Windows\sttray.exe [303104 2007-01-30] (SigmaTel, Inc.)
HKLM\...\Run: [AdobeCS4ServiceManager] => C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-01] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [40072 2007-05-04] (soft thinks)
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\RunOnce: [Adobe Speed Launcher] => 1430920466
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\MountPoints2: {aa505fb2-82b7-11df-b7dd-00197edfd759} - F:\Startme.exe
Startup: C:\Users\kir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2007-09-17]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...s=PTB&M=M-6821b
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> {B832163C-FC7D-4766-916D-D0727C113D57} URL = http://www.google.co...age={startPage}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000 -> {B832163C-FC7D-4766-916D-D0727C113D57} URL = http://www.google.co...age={startPage}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-15] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
BHO: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll [2008-02-20] (Zeon Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-15] (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Toolbar: HKLM - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll [2008-02-20] (Zeon Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: {142DC14B-63E4-453E-8B4B-AE36A52BF049} http://appdown.naver.../NLiveCastX.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} http://ac100web.lse....ull/awswaxf.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.3.0.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: {FE9CE737-7BA6-451D-A4E0-EB4599D46FD6} http://www.melon.com...eXInstaller.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: https://www.google.c...p_VGOOU0AWlooFA
FF Keyword.URL: https://uk.search.ya...370D20140714&p=
FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Content Uploader\npUpload.dll [2007-09-28] (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-05-16] ( )
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files\Sony\Media Go\npmediago.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3409986712-3818737891-1182124187-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\kir\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2011-03-02] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3409986712-3818737891-1182124187-1000: electronicarts.com/GameFacePlugin -> C:\Users\kir\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2010-12-13] (Electronic Arts)
FF Plugin HKU\S-1-5-21-3409986712-3818737891-1182124187-1000: sony.com/MediaGoDetector -> C:\Program Files\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2008-09-19] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-03-05] (Apple Inc.)
FF SearchPlugin: C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\searchplugins\siteadvisor.xml [2007-12-21]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-01-21]
FF Extension: Chromifox Basic - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\[email protected] [2010-03-10]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-06-08]
FF Extension: FoxyTunes - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2012-03-24]
FF Extension: EPUBReader - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-04-19]
FF Extension: Full Flat - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E} [2010-01-30]
FF Extension: QuickRestart - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD} [2010-01-30]
FF Extension: NoScript - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-01]
FF Extension: Adblock Plus - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\uqbwghbl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-04-22]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-04-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-01]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2008-07-27]

Chrome:
=======
CHR Profile: C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-04-25]
CHR Extension: (Bookmark Manager) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-25]
CHR Extension: (Google Wallet) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-25]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-02-08]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [815352 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1004032 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2015-04-10] (McAfee, Inc.)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [144672 2008-02-27] (Nuance Communications, Inc.)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1943832 2015-04-14] (IBM Corp.)
R2 rpcnet; C:\Windows\system32\rpcnet.exe [78032 2015-04-26] (Absolute Software Corp.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-02] (Intel Corporation)
S3 AF05BDA; C:\Windows\System32\drivers\AF05BDA.sys [117376 2007-09-18] (AfaTech                  )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 BUFADPT; C:\Windows\system32\BUFADPT.SYS [11008 2007-01-11] (BUFFALO INC.) [File not signed]
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [78848 2014-11-18] (Intel  Corporation)
S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28688 2007-04-11] (Logitech, Inc.)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R1 RapportBuka; C:\Windows\system32\drivers\RapportBuka.sys [390528 2010-02-27] (Trusteer Ltd.) [File not signed]
R1 RapportCerberus_80128; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80128.sys [472152 2015-02-24] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2015-04-14] (IBM Corp.)
S3 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208856 2015-04-14] (IBM Corp.)
S3 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2015-04-14] (IBM Corp.)
S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [83336 2007-04-03] (MCCI Corporation)
S3 s116mdfl; C:\Windows\System32\DRIVERS\s116mdfl.sys [15112 2007-04-03] (MCCI Corporation)
S3 s116mdm; C:\Windows\System32\DRIVERS\s116mdm.sys [108680 2007-04-03] (MCCI Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [650240 2007-01-30] (SigmaTel, Inc.)
S3 tapvpn; C:\Windows\System32\DRIVERS\tapvpn.sys [27136 2008-01-23] (The OpenVPN Project) [File not signed]
S3 u2kg54l; C:\Windows\System32\DRIVERS\u2kg54l.sys [863288 2007-04-02] (Atheros Communications, Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [11776 2007-04-14] (Chicony Electronics Co., Ltd.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\kir\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 18:40 - 2015-05-06 18:40 - 00000000 ____D () C:\Users\kir\Desktop\FRST-OlderVersion
2015-05-06 05:20 - 2015-05-06 05:20 - 00001050 _____ () C:\Users\kir\Desktop\mal.txt
2015-05-05 21:31 - 2015-05-05 21:31 - 00000000 ____D () C:\Program Files\ESET
2015-05-05 21:30 - 2015-05-05 21:30 - 02347384 _____ (ESET) C:\Users\kir\Desktop\esetsmartinstaller_enu.exe
2015-05-04 20:45 - 2015-05-04 19:39 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-05-04 19:46 - 2015-05-04 20:55 - 00015572 _____ () C:\zoek-results.log
2015-05-04 19:39 - 2015-05-04 20:31 - 00000000 ____D () C:\zoek_backup
2015-05-04 19:29 - 2015-05-04 19:35 - 01305600 _____ () C:\Users\kir\Desktop\zoek.exe
2015-05-01 01:14 - 2015-05-06 14:53 - 00246232 ____N () C:\Windows\WindowsUpdate.log
2015-04-22 14:41 - 2015-04-22 14:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-22 00:44 - 2015-04-22 01:16 - 00000796 _____ () C:\Users\kir\Desktop\JRT.txt
2015-04-22 00:38 - 2015-04-22 00:38 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PC-Windows-Vista-™-Home-Premium-(32-bit).dat
2015-04-22 00:37 - 2015-04-22 00:37 - 00000000 ____D () C:\RegBackup
2015-04-22 00:34 - 2015-04-22 00:34 - 02217984 _____ () C:\Users\kir\Desktop\adwcleaner_4.201.exe
2015-04-22 00:32 - 2015-04-22 00:33 - 02685507 _____ (Thisisu) C:\Users\kir\Desktop\JRT.exe
2015-04-20 16:27 - 2015-04-20 16:29 - 00002353 _____ () C:\Users\kir\Desktop\FSS.txt
2015-04-20 16:26 - 2015-04-20 16:26 - 00415232 _____ (Farbar) C:\Users\kir\Desktop\FSS.exe
2015-04-17 19:25 - 2015-04-17 19:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-17 19:22 - 2015-04-17 19:49 - 00000000 ____D () C:\Users\kir\Desktop\mbar
2015-04-17 19:20 - 2015-04-17 19:21 - 16502728 _____ (Malwarebytes Corp.) C:\Users\kir\Desktop\mbar-1.09.1.1004.exe
2015-04-17 01:26 - 2015-04-21 00:20 - 00056894 _____ () C:\Users\kir\Desktop\Addition.txt
2015-04-17 01:24 - 2015-05-06 18:41 - 00025678 _____ () C:\Users\kir\Desktop\FRST.txt
2015-04-17 01:22 - 2015-05-06 18:40 - 01141248 _____ (Farbar) C:\Users\kir\Desktop\FRST.exe
2015-04-14 13:14 - 2015-04-14 13:14 - 00208856 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKELL.sys
2015-04-07 19:21 - 2015-04-07 19:21 - 00495294 _____ () C:\Users\kir\Desktop\what_a_girl_wants_kelk_lindsey.epub

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 18:40 - 2014-06-02 03:01 - 00000000 ____D () C:\FRST
2015-05-06 18:36 - 2011-04-26 13:13 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-06 18:36 - 2007-03-20 00:01 - 00017408 _____ () C:\Windows\system32\rpcnetp.exe
2015-05-06 16:49 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-06 16:49 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-06 16:10 - 2014-12-28 19:12 - 00000000 ____D () C:\Users\kir\Desktop\New Folder (2)
2015-05-06 14:50 - 2014-05-16 13:42 - 00017408 _____ () C:\Windows\system32\rpcnetp.dll
2015-05-06 14:50 - 2007-03-20 00:07 - 00078032 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2015-05-06 14:49 - 2011-04-26 13:13 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-06 14:49 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-06 06:22 - 2007-06-29 18:52 - 00007460 _____ () C:\Windows\bthservsdp.dat
2015-05-06 06:22 - 2006-11-02 14:01 - 00032552 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-05 21:25 - 2014-04-16 16:36 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-04 20:55 - 2009-04-25 20:35 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-05-04 20:31 - 2007-09-05 17:27 - 00000000 ____D () C:\Users\kir
2015-05-04 20:31 - 2006-11-02 12:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-01 01:04 - 2008-06-12 15:40 - 00000000 ____D () C:\Windows\Minidump
2015-04-30 17:50 - 2015-01-08 18:55 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-27 14:32 - 2013-09-18 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-04-26 01:32 - 2014-06-04 02:15 - 00078032 ____N (Absolute Software Corp.) C:\Windows\system32\rpcnet.exe
2015-04-25 06:12 - 2007-09-22 16:16 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-22 15:35 - 2012-04-26 01:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-22 14:08 - 2008-07-27 19:51 - 00000000 ____D () C:\Program Files\McAfee
2015-04-22 01:01 - 2014-06-02 03:09 - 00000000 ____D () C:\AdwCleaner
2015-04-17 19:22 - 2014-04-14 19:04 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-17 14:10 - 2014-09-12 16:15 - 00000000 ____D () C:\Users\kir\Desktop\New Folder
2015-04-15 18:13 - 2012-04-11 09:45 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 18:13 - 2011-06-21 17:25 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-14 22:18 - 2011-11-28 21:41 - 00000000 ____D () C:\Users\kir\Documents\Lib Stuff
2015-04-08 14:48 - 2015-02-09 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-08 14:47 - 2012-10-17 00:44 - 00000000 ____D () C:\Program Files\Avira

==================== Files in the root of some directories =======

2007-09-05 17:47 - 2009-09-09 18:03 - 0000412 _____ () C:\Users\kir\AppData\Roaming\wklnhst.dat
2009-01-10 19:46 - 2013-07-29 18:28 - 0006648 _____ () C:\Users\kir\AppData\Local\d3d9caps.dat
2007-09-05 17:43 - 2013-02-01 17:08 - 0079872 _____ () C:\Users\kir\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-10-07 20:39 - 2009-05-05 21:48 - 0000600 _____ () C:\Users\kir\AppData\Local\PUTTY.RND
2012-02-03 07:07 - 2012-02-03 07:07 - 0003774 _____ () C:\ProgramData\114la.ico
2007-12-02 18:51 - 2013-05-22 20:51 - 0002137 _____ () C:\ProgramData\hpzinstall.log
2011-08-30 19:18 - 2011-08-30 19:18 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2011-08-30 19:17 - 2011-08-30 19:17 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2011-08-30 19:18 - 2011-08-30 19:18 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

Some content of TEMP:
====================
C:\Users\kir\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-06 14:58

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-05-2015 01
Ran by kir at 2015-05-06 18:42:17
Running from C:\Users\kir\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3409986712-3818737891-1182124187-500 - Administrator - Disabled)
Guest (S-1-5-21-3409986712-3818737891-1182124187-501 - Limited - Disabled)
kir (S-1-5-21-3409986712-3818737891-1182124187-1000 - Administrator - Enabled) => C:\Users\kir

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe InDesign CS4 (HKLM\...\Adobe_1710d324011afc3e7658e969025f4ba) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AIO_Scan (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.1 - Auslogics Software Pty Ltd)
Avira (HKLM\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
C4380_Help (Version: 90.0.189.000 - Hewlett-Packard) Hidden
C5200 (Version: 100.0.206.000 - Hewlett-Packard) Hidden
C5200_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Camera Assistant Software for Gateway (HKLM\...\{39098402-3F7A-4257-A4AE-FC1181D1B40B}) (Version: 1.7.022.0430 - Chicony Electronics Co.,Ltd.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‪Canon Inc.‬)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.01 - Canon Inc.)
Canon MG4200 series On-screen Manual (HKLM\...\Canon MG4200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG4200 series User Registration (HKLM\...\Canon MG4200 series User Registration) (Version:  - Canon Inc.‎)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Chinese Simplified Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-2447-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Chinese Traditional Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-2448-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Copy (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Creative Removable Disk Manager (HKLM\...\Creative Removable Disk Manager) (Version:  - )
Creative System Information (HKLM\...\SysInfo) (Version:  - )
Crystal Ball (HKLM\...\{2967D5BC-740B-4422-B019-5560DA932F15}) (Version: 11.1.63.0 - Crystal Ball)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
Dia (remove only) (HKLM\...\Dia) (Version:  - )
DocProc (Version: 10.0.0.0 - Hewlett-Packard) Hidden
EA SPORTS Gameface Browser Plugin 1.3.1.0 (HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\EA SPORTS Gameface Browser Plugin) (Version: 1.3.1.0 - Electronic Arts)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Far Cry (Patch 1.4) (Version: 1.00.0000 - Ubisoft) Hidden
Fax (Version: 100.0.187.000 - Hewlett-Packard) Hidden
GanttProject (HKLM\...\GanttProject) (Version:  - )
GanttProject 2.0.9 (HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\GanttProject 2.0.9) (Version:  - GanttProject Team)
Gateway Recovery Center Installer (HKLM\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.027 - Gateway)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photosmart All-In-One Driver Software 10.0 Rel .2 (HKLM\...\{20B30DC1-E423-4939-B51D-05C58B0F9BBB}) (Version: 10.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
iPhone Configuration Utility (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180000}) (Version: 8.0.0 - Oracle Corporation)
K-Lite Mega Codec Pack 10.0.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.0.5 - )
Kotor Tool (HKLM\...\Kotor Tool) (Version:  - )
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Maple 11 (HKLM\...\Maple 11) (Version: 11.0.0.0 - Maplesoft)
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Media Go (HKLM\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)
Media Go Network Downloader (HKLM\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.12.106.06300 (HKLM\...\{073B10F3-AD7B-4083-FDE4-EF552EA7362D}) (Version: 2.12.106.06300 - Sony)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version:  - )
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0080 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Moto Contacts Tool (HKLM\...\{018C7ADA-ED29-413F-BE57-2200A0FEFC06}) (Version: 1.00.0007 - Motorola)
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\Move Networks Player - IE) (Version:  - )
Mozilla Firefox 37.0.2 (x86 en-GB) (HKLM\...\Mozilla Firefox 37.0.2 (x86 en-GB)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Server 4.1 (HKLM\...\{FF2705ED-8734-417D-A854-4EA3F679CCC5}) (Version: 4.1.22 - MySQL AB)
Network Play System (Patching) (HKLM\...\Network Play System (Patching)) (Version:  - )
Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.4.49.0 - Nokia)
Nokia Suite (Version: 3.4.49.0 - Nokia) Hidden
Nuance PDF Professional 5 (HKLM\...\{20ECF3EE-4F7B-40ED-98E7-8CA63FC69F14}) (Version: 5.00.3233 - Nuance Communications, Inc)
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PanoStandAlone (Version: 100.0.170.000 - Hewlett-Packard) Hidden
PC Connectivity Solution (HKLM\...\{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}) (Version: 12.0.17.0 - Nokia)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
PlayStation®Network Downloader (HKLM\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.03.00126 - Sony Computer Entertainment Inc.)
PlayStation®Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 3.2.11.09227 - Sony Computer Entertainment Inc.)
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
PS_AIO_02_ProductContext (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapport (Version: 3.5.1404.88 - Trusteer) Hidden
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
Scansoft PDF Professional (Version:  - ) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.206 - McAfee, Inc.)
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Sony Ericsson Device Data (Version: 1.0.32 - Sony Ericsson) Hidden
Sony Ericsson Drivers (Version: 1.0.28 - Sony Ericsson) Hidden
Sony Ericsson PC Suite (HKLM\...\{D6BF6477-8369-489F-8DE6-3731F4B88560}) (Version: 2.10.46 - )
Sony Ericsson PC Suite (Version: 2.10.37 - Sony Ericsson) Hidden
Sony PC Companion 2.10.197 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
Status (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.3.0 - Synaptics)
System Requirements Lab for Intel (HKLM\...\{EFE3D683-903C-4B58-AB8F-C68C69F33758}) (Version: 4.5.3.0 - Husdawg, LLC)
The Sims Livin' it up (HKLM\...\{49D4FCCF-45D6-11D4-8F73-0050DA0F6297}) (Version:  - )
The Sims Makin' Magic (HKLM\...\{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}) (Version:  - )
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1404.88 - Trusteer)
Unity Web Player (HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Service (HKLM\...\Update Service) (Version: 2.10.7.15 - Sony Ericsson Mobile Communications AB)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software 6.0.1.4900 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4900 -  )
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
ZEN Vision:M Series Media Explorer (HKLM\...\ZEN Vision:M Series Media Explorer) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00BB2764-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{067B4B81-B1EC-489F-B111-940EBDC44EBE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{0E890F83-5F79-11D1-9043-00C04FD9189D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{1DCB3A00-33ED-11D3-8470-00C04F79DBC0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{22D6F312-B0F6-11D0-94AB-0080C74C7E95}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{25BAAD81-3560-11D3-8471-00C04F79DBC0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F4CF-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F4F5-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{30C3B080-30FB-11D0-B724-00AA006C1A01}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3484F78F-F8CE-4CF3-914F-10F1A76BF0D5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{385A91BC-1E8A-4E4A-A7A6-F4FC1E6CA1BD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3F30C968-480A-4C6C-862D-EFC0897BB84B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4063BE15-3B08-470D-A0D5-B37161CFFD69}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\kir\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4657278A-411B-11D2-839A-00C04FD918D0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4CB26C03-FF93-11D0-817E-0000F87557DB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4DB26476-6787-4046-B836-E8412A9E8A27}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4FD2A832-86C8-11D0-8FCA-00C04FD9189D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{527C9A9B-B9A2-44B0-84F9-F0DC11C2BCFB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{5C4094D7-4213-4C40-9E33-16A2D2D69EF2}\InprocServer32 -> C:\Program Files\Sony\PlayStation Store\StoreDrmUtility.dll (Sony Computer Entertainment Inc.)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{5DC5B31E-0C28-4679-B8D8-32CF2F9BACED}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6263C176-0876-4B04-8DE0-44AB74489D72}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6935DB93-21E8-4CCC-BEB9-9FE3C77A297A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6A01FDA0-30DF-11D0-B724-00AA006C1A01}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6BF52A52-394A-11D3-B153-00C04F79FAA6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6E8D4A20-310C-11D0-B79A-00AA003767A7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{77F419AA-771A-45FF-AC66-7567FA3243D3}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{77F7F122-20B0-4117-A2FB-059D1FC88256}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{7D9070AB-371A-4614-A964-D21BDFE1030B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{81397204-F51A-4571-8D7B-DC030521AABD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{85E94D25-0712-47ED-8CDE-B0971177C6A1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{875CB1A1-0F29-45DE-A1AE-CFB4950D0B78}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{8E85D0CE-DEAF-4EA1-9410-FD1A2105CEB5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{8F170678-2A97-4D59-89A1-7A0A71C1B677}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{9B8C4620-2C1A-11D0-8493-00A02438AD48}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{A7EE7F34-3BD1-427F-9231-F941E9B7E1FE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{AB968F1E-E20B-403A-9EB8-72EB0EB6797E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{ADC6CB82-424C-11D2-952A-00C04FA34F05}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{C206F324-BB45-4765-93FF-3BCA7306FF2E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> C:\Windows\system32\actxprxy.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CBD32ACD-3033-5DC4-AF3E-A32955785032}\InprocServer32 -> C:\Users\kir\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CD8743A1-3736-11D0-9E69-00C04FD7C15B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CE292861-FC88-11D0-9E69-00C04FD7C15B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{D1FE6762-FC48-11D0-883A-3C8B00C10000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{DF2FCE13-25EC-45BB-9D4C-CECD47C2430C}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E03E85B0-7BE3-4000-BA98-6C13DE9FA486}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E1F1A0B8-BEEE-490D-BA7C-066C40B5E2B9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Users\kir\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E3E478D6-A2F2-4791-89A3-21F5C78DC3EC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Users\kir\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Users\kir\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{FCC152B7-F372-11D0-8E00-00C04FD7C08B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Users\kir\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InprocServer32 -> No File Path

==================== Restore Points  =========================

27-04-2015 14:31:10 Installed Rapport
29-04-2015 01:40:31 Windows Update
29-04-2015 20:23:56 Scheduled Checkpoint
02-05-2015 01:18:10 Windows Update
02-05-2015 14:39:26 Scheduled Checkpoint
03-05-2015 15:10:28 Scheduled Checkpoint
04-05-2015 15:09:52 Scheduled Checkpoint
04-05-2015 19:46:44 zoek.exe restore point
06-05-2015 01:53:18 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2007-09-08 12:48 - 00178248 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1    babe.the-killer.bz
127.0.0.1    www.babe.the-killer.bz
127.0.0.1    babe.k-lined.com
127.0.0.1    www.babe.k-lined.com
127.0.0.1    did.i-used.cc
127.0.0.1    www.did.i-used.cc
127.0.0.1    coolwwwsearch.com
127.0.0.1    www.coolwwwsearch.com
127.0.0.1    coolwebsearch.com
127.0.0.1    www.coolwebsearch.com
127.0.0.1    hi.studioaperto.net
127.0.0.1    www.hi.studioaperto.net
127.0.0.1    wazzupnet.com
127.0.0.1    www.wazzupnet.com
127.0.0.1    gueb.com
127.0.0.1    www.gueb.com
127.0.0.1    kabex.com
127.0.0.1    www.kabex.com
127.0.0.1    hityou.com
127.0.0.1    www.hityou.com
127.0.0.1    miosearch.com
127.0.0.1    www.miosearch.com
127.0.0.1    blue-elefant.com
127.0.0.1    www.blue-elefant.com
127.0.0.1    babeweb.de
127.0.0.1    www.babeweb.de
127.0.0.1    start-seite.com
127.0.0.1    www.start-seite.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A25C042-256B-4559-B0B7-8A3FBBB1E076} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - kir => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {16C4E370-E6EC-4CC8-AC56-73EFFF6235FD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {228C0041-F747-4ED3-A345-D120C2BE7882} - System32\Tasks\Microsoft\Windows\RestartManager\{40FF92F9-5952-4115-A106-7A530C9EFA9F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {2D2A5167-F886-4751-B474-4F64CC32D776} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3409986712-3818737891-1182124187-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {2EBCA8EB-E63C-4B9C-BC70-138141499F35} - System32\Tasks\{A59FEC0E-20A6-4A52-8F43-B664F8BF1A8A} => pcalua.exe -a C:\Users\kir\Desktop\ComboFix.exe -d C:\Users\kir\Desktop
Task: {47E7A8FF-F674-455E-A73F-3DA36CA74F2C} - System32\Tasks\Microsoft\Windows\RestartManager\{3F1DB646-2AC6-413b-AE84-09ECA4FBD948} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {665B26E7-3C0B-4268-959A-199585431F1C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {6B58BB98-6868-4309-B118-A08A4EAE2530} - System32\Tasks\Microsoft\Windows\RestartManager\{85BB0742-CBCC-49fa-B0C2-91CF9FCF11C3} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {88131826-F0A2-4A4B-AA56-840049560A8D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {B2F76297-BFEE-4D90-BA12-7BFE273416AD} - System32\Tasks\Microsoft\Windows\RestartManager\{B18D328B-2298-4de5-B450-16A2E8E8B2EE} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {D0B7941C-30BD-4141-BD10-CEFFE4294D82} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {E5706851-D6A5-42ED-A217-60A0E1EA333D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3409986712-3818737891-1182124187-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2007-09-19 17:04 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2008-02-27 02:09 - 2008-02-27 02:09 - 02560000 _____ () C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-07-27 19:51 - 2009-02-13 13:44 - 00117264 _____ () c:\Program Files\McAfee\SiteAdvisor\apengine.dll
2008-07-27 19:51 - 2009-02-13 13:44 - 00071696 _____ () c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
2008-07-27 19:51 - 2009-02-13 13:44 - 00207376 _____ () c:\Program Files\McAfee\SiteAdvisor\cntscan.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:981884E7

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\.DEFAULT\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\.DEFAULT\...\132.com -> www.132.com
IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net
IE restricted site: HKU\.DEFAULT\...\139mm.com -> www.139mm.com
IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com
IE restricted site: HKU\.DEFAULT\...\1800searchonline.com -> www.1800searchonline.com

There are 4092 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\kir\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^kir^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ViiKiiDesktopPlugin.lnk => C:\Windows\pss\ViiKiiDesktopPlugin.lnk.Startup
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: CTSyncU.exe => "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files\Nuance\PDF Professional 5\pdfpro5hook.exe
MSCONFIG\startupreg: Sony Ericsson PC Suite => "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{B17EDA88-6A45-4159-8AF7-F1DC2E27DD13}] => (Allow) C:\Program Files\Kontiki\KService.exe
FirewallRules: [{8B966E14-C53E-485D-8691-3210EEBDC779}] => (Allow) C:\Program Files\Kontiki\KService.exe
FirewallRules: [{5AB3A7DC-9CA3-4853-B589-8E0E1DC01593}] => (Allow) C:\Program Files\Kontiki\KService.exe
FirewallRules: [{6EF503C1-A328-463D-83F1-47626B2BD98C}] => (Allow) C:\Program Files\Kontiki\KService.exe
FirewallRules: [{8FAC40D3-0372-461C-8B25-019397EDA1F6}] => (Allow) D:\setup\HPZnui01.exe
FirewallRules: [{65FC78E1-4F1A-4379-AF2A-7DE222F48F67}] => (Allow) D:\setup\HPZnui01.exe
FirewallRules: [{73B824AF-9950-4ABD-9797-623CC738594A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C8B75E10-92FF-4BD7-BEC7-AF56E6D8374F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{34C8F45F-DA89-4816-87ED-2DDEB233CF27}] => (Allow) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
FirewallRules: [{523590B5-CA26-4C0D-BB78-981A332FB686}] => (Allow) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
FirewallRules: [{ECD31D04-828A-4E57-BD3E-72B6718B2CA3}] => (Allow) svchost.exe
FirewallRules: [{EF9F3B6B-CC1F-4CFF-AC0D-EA82CDF46817}] => (Allow) LPort=5353
FirewallRules: [{291566A9-0D17-4DE4-92D9-863DB0DDBC99}] => (Allow) C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{B9C4FE3D-9B44-4D85-BCC4-D221B939D2B0}] => (Allow) C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [TCP Query User{E35849BF-3D91-44D1-9551-EB29E67B477D}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{028D4F89-40E4-4A6C-8EDE-33C0F160560D}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{8C343F67-6ABB-47D9-AE8F-5ED5226FE7A2}] => (Allow) C:\Program Files\Sony Ericsson\Update Service\Update Service.exe
FirewallRules: [{762ED2DB-2197-41B6-940D-BFDC5DF2014E}] => (Allow) C:\Program Files\Sony Ericsson\Update Service\Update Service.exe
FirewallRules: [{9F0B0A8F-2B0E-4BFB-BB4C-8E5F86C0E4DE}] => (Allow) LPort=80
FirewallRules: [{7F169EA9-A62A-42F3-882C-4C0B34867689}] => (Allow) LPort=80
FirewallRules: [{DEB3499F-82B4-455D-8302-E2A2C1396DDC}] => (Allow) LPort=80
FirewallRules: [{A162042A-D9E9-44DF-A424-C815F307EAEF}] => (Allow) C:\Windows\System32\sktvSvr.exe
FirewallRules: [{185DD51C-72C5-4290-A5C7-24262768D0F1}] => (Allow) C:\Windows\System32\sktvSvr.exe
FirewallRules: [{83DB817A-CC19-4F32-8C13-929EE1370BDA}] => (Allow) C:\Windows\system32\P3MelonSvr.exe
FirewallRules: [{55C0DEF6-432F-49D1-B95F-350A0DF03354}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{1A5C0934-9F88-48C2-8ECE-DDAA65E712C7}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{05AD8F20-D52E-4E56-8BB7-EC9AD82F0A3D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{5769DEF3-DB4E-42B6-AE82-AD4DC81F1A37}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{128C7A96-5EF1-4E57-8686-4E0E49E6D346}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{9398130D-3B82-4D09-95D6-A810E22B3E61}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{5356DC2B-D002-48E9-8EA6-74DF2EA0F937}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{61652D90-E73A-4E24-BF4C-4BCF3BA3BC8E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{38F3F3A0-C419-4E9E-9F25-3690EFDE99EB}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{3E9070F6-89D1-4A26-97B0-3F1102DBCD36}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{528AE7C3-167E-48FB-BA13-3A60F8C2E069}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{591F2678-566C-4430-80BF-B99C0466E0DD}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{7DD232AE-1375-411A-A9BD-BE3828E0CF2F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{BFEC20F8-DE27-45FA-B9D4-286BDE6AC4F7}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{7DA65D6A-6317-4232-8553-4940132A296A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{542565BE-5F01-47B7-95F8-E85D1EC2F467}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{6266F9EF-34E3-4B6F-B5CC-5C8DE7C65276}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{A15660E6-7BAD-4E1F-8352-04D6C166CCE5}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [TCP Query User{572F3047-EA31-4FD2-B3A2-34980D8B63D1}C:\users\kir\appdata\roaming\naver\nlivecast\nlivecast.exe] => (Block) C:\users\kir\appdata\roaming\naver\nlivecast\nlivecast.exe
FirewallRules: [UDP Query User{0F79C7AE-C788-44D5-9409-C8343EE45995}C:\users\kir\appdata\roaming\naver\nlivecast\nlivecast.exe] => (Block) C:\users\kir\appdata\roaming\naver\nlivecast\nlivecast.exe
FirewallRules: [{0DC76EC6-3CC4-47C0-8156-4EB10D73BE48}] => (Allow) C:\Program Files\ExpressFiles\expressdl.exe
FirewallRules: [{E267C089-9861-4B94-B0DB-FCC2D564E297}] => (Allow) C:\Program Files\ExpressFiles\expressdl.exe
FirewallRules: [{824CEBD6-FE62-49C0-BA7E-429C714569AA}] => (Allow) C:\Program Files\ExpressFiles\ExpressFiles.exe
FirewallRules: [{A7B70A3D-7F65-4880-B434-CDB2F37F378E}] => (Allow) C:\Program Files\ExpressFiles\ExpressFiles.exe
FirewallRules: [{64638FB9-A880-432E-BC77-9E8A256C2B7B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{662364C6-57AE-4C3E-A37E-4E390EFE96CE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B87F1ADB-9F40-44A0-9754-669C092DE5AE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{EF9EF1FB-0A1F-4FF6-9FDB-3AD4E039D907}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B523F6BA-9AEA-4BA9-A3BF-4B621CD3E35B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{96D779E9-0700-41D4-B475-417F6ECBEC17}C:\program files\java\jdk1.8.0\bin\java.exe] => (Block) C:\program files\java\jdk1.8.0\bin\java.exe
FirewallRules: [UDP Query User{0F6EC6B0-CE6B-4ADE-BF30-F6171DEDA67B}C:\program files\java\jdk1.8.0\bin\java.exe] => (Block) C:\program files\java\jdk1.8.0\bin\java.exe
FirewallRules: [TCP Query User{2915078E-18E6-43DA-B915-601D3402C42F}C:\program files\android\android studio\bin\studio.exe] => (Block) C:\program files\android\android studio\bin\studio.exe
FirewallRules: [UDP Query User{1F785B6E-1192-4DD4-90B1-CBDADE2F9B57}C:\program files\android\android studio\bin\studio.exe] => (Block) C:\program files\android\android studio\bin\studio.exe
FirewallRules: [TCP Query User{90C4A90D-ACAE-4DFA-BF9B-99AAF5B7386A}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F38FD74D-0B4C-4F46-AA9E-83BCC612DD4D}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{2D66272F-FA17-4073-B992-BFAC231DE67B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/06/2015 06:36:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3120301

Error: (05/06/2015 06:36:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3120301

Error: (05/06/2015 06:36:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/06/2015 04:06:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15631

Error: (05/06/2015 04:06:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15631

Error: (05/06/2015 04:06:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/06/2015 02:56:35 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\kir\APPDATA\LOCAL\TRUSTEER\RAPPORT\USER\STORE\USER\RAPPORT_VAR_1.CFG.DATA> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (05/06/2015 02:56:35 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\kir\APPDATA\LOCAL\TRUSTEER\RAPPORT\USER\STORE\USER\RAPPORT_VAR_1.CFG.DATA> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (03/20/2007 00:01:43 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/06/2015 01:53:23 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ab5876d9-8191-493b-a2df-000f8d9f5eb2}


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (08/09/2011 02:15:03 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 146 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (02/20/2010 08:51:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7629 seconds with 1200 seconds of active time.  This session ended with a crash.

Error: (12/03/2009 01:52:47 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30596 seconds with 5160 seconds of active time.  This session ended with a crash.

Error: (11/25/2009 03:39:24 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16893 seconds with 10440 seconds of active time.  This session ended with a crash.

Error: (12/02/2008 09:11:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 28 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/30/2008 03:58:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 20 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/30/2008 03:16:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 13 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/29/2008 07:12:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 15 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/29/2008 06:57:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 85 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (11/29/2008 06:46:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 51 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-05-06 18:42:01.415
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-06 18:42:01.197
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-06 18:42:01.010
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-06 18:42:00.807
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-06 18:42:00.105
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-06 18:41:59.902
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-06 18:41:59.699
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-06 18:41:59.309
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-06 18:41:22.446
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-06 18:41:22.244
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T7100 @ 1.80GHz
Percentage of memory in use: 56%
Total physical RAM: 2037.69 MB
Available physical RAM: 894.14 MB
Total Pagefile: 4318.6 MB
Available Pagefile: 2680.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:139.2 GB) (Free:29.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (RECOVERY) (Fixed) (Total:9.85 GB) (Free:3.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 7BD1F01D)
Partition 1: (Not Active) - (Size=9.9 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=139.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#24
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
The logfiles look fine. In case of a BSOD I'm gonna ask a technician to make some additional diagnostics, I do not see anything more from the malware end that could cause problems.


There are two fixes to de done now. Both need to be done separately and in the order mentioned.



FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\Run: [AdobeBridge] => [X]
    FF SearchEngineOrder.1: Secure Search
    FF SelectedSearchEngine: Secure Search
    S3 catchme; \??\C:\Users\kir\AppData\Local\Temp\catchme.sys [X]
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00BB2764-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{067B4B81-B1EC-489F-B111-940EBDC44EBE}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{0E890F83-5F79-11D1-9043-00C04FD9189D}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{1DCB3A00-33ED-11D3-8470-00C04F79DBC0}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{22D6F312-B0F6-11D0-94AB-0080C74C7E95}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{25BAAD81-3560-11D3-8471-00C04F79DBC0}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F4CF-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F4F5-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{30C3B080-30FB-11D0-B724-00AA006C1A01}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3484F78F-F8CE-4CF3-914F-10F1A76BF0D5}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{385A91BC-1E8A-4E4A-A7A6-F4FC1E6CA1BD}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3F30C968-480A-4C6C-862D-EFC0897BB84B}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4063BE15-3B08-470D-A0D5-B37161CFFD69}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4657278A-411B-11D2-839A-00C04FD918D0}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4CB26C03-FF93-11D0-817E-0000F87557DB}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4DB26476-6787-4046-B836-E8412A9E8A27}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4FD2A832-86C8-11D0-8FCA-00C04FD9189D}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{527C9A9B-B9A2-44B0-84F9-F0DC11C2BCFB}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{5DC5B31E-0C28-4679-B8D8-32CF2F9BACED}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6263C176-0876-4B04-8DE0-44AB74489D72}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6935DB93-21E8-4CCC-BEB9-9FE3C77A297A}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6A01FDA0-30DF-11D0-B724-00AA006C1A01}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6BF52A52-394A-11D3-B153-00C04F79FAA6}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6E8D4A20-310C-11D0-B79A-00AA003767A7}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{77F419AA-771A-45FF-AC66-7567FA3243D3}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{77F7F122-20B0-4117-A2FB-059D1FC88256}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{7D9070AB-371A-4614-A964-D21BDFE1030B}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{81397204-F51A-4571-8D7B-DC030521AABD}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{85E94D25-0712-47ED-8CDE-B0971177C6A1}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{875CB1A1-0F29-45DE-A1AE-CFB4950D0B78}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{8E85D0CE-DEAF-4EA1-9410-FD1A2105CEB5}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{8F170678-2A97-4D59-89A1-7A0A71C1B677}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{9B8C4620-2C1A-11D0-8493-00A02438AD48}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{A7EE7F34-3BD1-427F-9231-F941E9B7E1FE}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{AB968F1E-E20B-403A-9EB8-72EB0EB6797E}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{ADC6CB82-424C-11D2-952A-00C04FA34F05}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{C206F324-BB45-4765-93FF-3BCA7306FF2E}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CD8743A1-3736-11D0-9E69-00C04FD7C15B}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CE292861-FC88-11D0-9E69-00C04FD7C15B}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{D1FE6762-FC48-11D0-883A-3C8B00C10000}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E03E85B0-7BE3-4000-BA98-6C13DE9FA486}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E1F1A0B8-BEEE-490D-BA7C-066C40B5E2B9}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E3E478D6-A2F2-4791-89A3-21F5C78DC3EC}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{FCC152B7-F372-11D0-8E00-00C04FD7C08B}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InprocServer32 -> No File Path
    Hosts:
    end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.





FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    DeleteQuarantine:
    end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.
  • 0

#25
utcol2

utcol2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

OK thanks as always for the help. :)

I had to run the first fix twice, because the first time my antivirus prevented access to the hosts file. The second time I ran the first fix, I disabled the antivirus.

Here are the logs:



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-05-2015 01
Ran by kir at 2015-05-08 19:39:47 Run:2
Running from C:\Users\kir\Desktop
Loaded Profiles: kir (Available profiles: kir)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\Run: [AdobeBridge] => [X]
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
S3 catchme; \??\C:\Users\kir\AppData\Local\Temp\catchme.sys [X]
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00BB2764-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{067B4B81-B1EC-489F-B111-940EBDC44EBE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{0E890F83-5F79-11D1-9043-00C04FD9189D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{1DCB3A00-33ED-11D3-8470-00C04F79DBC0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{22D6F312-B0F6-11D0-94AB-0080C74C7E95}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{25BAAD81-3560-11D3-8471-00C04F79DBC0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F4CF-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F4F5-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{30C3B080-30FB-11D0-B724-00AA006C1A01}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3484F78F-F8CE-4CF3-914F-10F1A76BF0D5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{385A91BC-1E8A-4E4A-A7A6-F4FC1E6CA1BD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3F30C968-480A-4C6C-862D-EFC0897BB84B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4063BE15-3B08-470D-A0D5-B37161CFFD69}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4657278A-411B-11D2-839A-00C04FD918D0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4CB26C03-FF93-11D0-817E-0000F87557DB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4DB26476-6787-4046-B836-E8412A9E8A27}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4FD2A832-86C8-11D0-8FCA-00C04FD9189D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{527C9A9B-B9A2-44B0-84F9-F0DC11C2BCFB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{5DC5B31E-0C28-4679-B8D8-32CF2F9BACED}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6263C176-0876-4B04-8DE0-44AB74489D72}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6935DB93-21E8-4CCC-BEB9-9FE3C77A297A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6A01FDA0-30DF-11D0-B724-00AA006C1A01}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6BF52A52-394A-11D3-B153-00C04F79FAA6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6E8D4A20-310C-11D0-B79A-00AA003767A7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{77F419AA-771A-45FF-AC66-7567FA3243D3}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{77F7F122-20B0-4117-A2FB-059D1FC88256}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{7D9070AB-371A-4614-A964-D21BDFE1030B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{81397204-F51A-4571-8D7B-DC030521AABD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{85E94D25-0712-47ED-8CDE-B0971177C6A1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{875CB1A1-0F29-45DE-A1AE-CFB4950D0B78}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{8E85D0CE-DEAF-4EA1-9410-FD1A2105CEB5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{8F170678-2A97-4D59-89A1-7A0A71C1B677}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{9B8C4620-2C1A-11D0-8493-00A02438AD48}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{A7EE7F34-3BD1-427F-9231-F941E9B7E1FE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{AB968F1E-E20B-403A-9EB8-72EB0EB6797E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{ADC6CB82-424C-11D2-952A-00C04FA34F05}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{C206F324-BB45-4765-93FF-3BCA7306FF2E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CD8743A1-3736-11D0-9E69-00C04FD7C15B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CE292861-FC88-11D0-9E69-00C04FD7C15B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{D1FE6762-FC48-11D0-883A-3C8B00C10000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E03E85B0-7BE3-4000-BA98-6C13DE9FA486}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E1F1A0B8-BEEE-490D-BA7C-066C40B5E2B9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E3E478D6-A2F2-4791-89A3-21F5C78DC3EC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{FCC152B7-F372-11D0-8E00-00C04FD7C08B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InprocServer32 -> No File Path
Hosts:
end
*****************

HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
catchme => Service deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00BB2764-6A77-11D0-A535-00C04FD7D062}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{067B4B81-B1EC-489F-B111-940EBDC44EBE}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{0E890F83-5F79-11D1-9043-00C04FD9189D}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{1DCB3A00-33ED-11D3-8470-00C04F79DBC0}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{22D6F312-B0F6-11D0-94AB-0080C74C7E95}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{25BAAD81-3560-11D3-8471-00C04F79DBC0}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F4CF-98B5-11CF-BB82-00AA00BDCE0B}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F4F5-98B5-11CF-BB82-00AA00BDCE0B}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{30C3B080-30FB-11D0-B724-00AA006C1A01}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3484F78F-F8CE-4CF3-914F-10F1A76BF0D5}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{385A91BC-1E8A-4E4A-A7A6-F4FC1E6CA1BD}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3F30C968-480A-4C6C-862D-EFC0897BB84B}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4063BE15-3B08-470D-A0D5-B37161CFFD69}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4657278A-411B-11D2-839A-00C04FD918D0}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4CB26C03-FF93-11D0-817E-0000F87557DB}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4DB26476-6787-4046-B836-E8412A9E8A27}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4FD2A832-86C8-11D0-8FCA-00C04FD9189D}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{527C9A9B-B9A2-44B0-84F9-F0DC11C2BCFB}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{5DC5B31E-0C28-4679-B8D8-32CF2F9BACED}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6263C176-0876-4B04-8DE0-44AB74489D72}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6935DB93-21E8-4CCC-BEB9-9FE3C77A297A}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6A01FDA0-30DF-11D0-B724-00AA006C1A01}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6BF52A52-394A-11D3-B153-00C04F79FAA6}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6E8D4A20-310C-11D0-B79A-00AA003767A7}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{77F419AA-771A-45FF-AC66-7567FA3243D3}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{77F7F122-20B0-4117-A2FB-059D1FC88256}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{7D9070AB-371A-4614-A964-D21BDFE1030B}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{81397204-F51A-4571-8D7B-DC030521AABD}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{85E94D25-0712-47ED-8CDE-B0971177C6A1}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{875CB1A1-0F29-45DE-A1AE-CFB4950D0B78}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{8E85D0CE-DEAF-4EA1-9410-FD1A2105CEB5}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{8F170678-2A97-4D59-89A1-7A0A71C1B677}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{9B8C4620-2C1A-11D0-8493-00A02438AD48}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{A7EE7F34-3BD1-427F-9231-F941E9B7E1FE}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{AB968F1E-E20B-403A-9EB8-72EB0EB6797E}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{ADC6CB82-424C-11D2-952A-00C04FA34F05}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{C206F324-BB45-4765-93FF-3BCA7306FF2E}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CD8743A1-3736-11D0-9E69-00C04FD7C15B}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CE292861-FC88-11D0-9E69-00C04FD7C15B}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{D1FE6762-FC48-11D0-883A-3C8B00C10000}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E03E85B0-7BE3-4000-BA98-6C13DE9FA486}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E1F1A0B8-BEEE-490D-BA7C-066C40B5E2B9}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E3E478D6-A2F2-4791-89A3-21F5C78DC3EC}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{FCC152B7-F372-11D0-8E00-00C04FD7C08B}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}" => Key deleted successfully.
"HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}" => Key deleted successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.

==== End of Fixlog 19:39:49 ====





Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-05-2015 01
Ran by kir at 2015-05-08 20:21:34 Run:3
Running from C:\Users\kir\Desktop
Loaded Profiles: kir (Available profiles: kir)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\...\Run: [AdobeBridge] => [X]
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
S3 catchme; \??\C:\Users\kir\AppData\Local\Temp\catchme.sys [X]
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00BB2764-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{067B4B81-B1EC-489F-B111-940EBDC44EBE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{0E890F83-5F79-11D1-9043-00C04FD9189D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{1DCB3A00-33ED-11D3-8470-00C04F79DBC0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{22D6F312-B0F6-11D0-94AB-0080C74C7E95}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{25BAAD81-3560-11D3-8471-00C04F79DBC0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F4CF-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F4F5-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{30C3B080-30FB-11D0-B724-00AA006C1A01}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3484F78F-F8CE-4CF3-914F-10F1A76BF0D5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{385A91BC-1E8A-4E4A-A7A6-F4FC1E6CA1BD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3F30C968-480A-4C6C-862D-EFC0897BB84B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4063BE15-3B08-470D-A0D5-B37161CFFD69}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4657278A-411B-11D2-839A-00C04FD918D0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4CB26C03-FF93-11D0-817E-0000F87557DB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4DB26476-6787-4046-B836-E8412A9E8A27}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4FD2A832-86C8-11D0-8FCA-00C04FD9189D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{527C9A9B-B9A2-44B0-84F9-F0DC11C2BCFB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{5DC5B31E-0C28-4679-B8D8-32CF2F9BACED}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6263C176-0876-4B04-8DE0-44AB74489D72}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6935DB93-21E8-4CCC-BEB9-9FE3C77A297A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6A01FDA0-30DF-11D0-B724-00AA006C1A01}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6BF52A52-394A-11D3-B153-00C04F79FAA6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6E8D4A20-310C-11D0-B79A-00AA003767A7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{77F419AA-771A-45FF-AC66-7567FA3243D3}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{77F7F122-20B0-4117-A2FB-059D1FC88256}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{7D9070AB-371A-4614-A964-D21BDFE1030B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{81397204-F51A-4571-8D7B-DC030521AABD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{85E94D25-0712-47ED-8CDE-B0971177C6A1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{875CB1A1-0F29-45DE-A1AE-CFB4950D0B78}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{8E85D0CE-DEAF-4EA1-9410-FD1A2105CEB5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{8F170678-2A97-4D59-89A1-7A0A71C1B677}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{9B8C4620-2C1A-11D0-8493-00A02438AD48}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{A7EE7F34-3BD1-427F-9231-F941E9B7E1FE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{AB968F1E-E20B-403A-9EB8-72EB0EB6797E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{ADC6CB82-424C-11D2-952A-00C04FA34F05}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{C206F324-BB45-4765-93FF-3BCA7306FF2E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CD8743A1-3736-11D0-9E69-00C04FD7C15B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CE292861-FC88-11D0-9E69-00C04FD7C15B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{D1FE6762-FC48-11D0-883A-3C8B00C10000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E03E85B0-7BE3-4000-BA98-6C13DE9FA486}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E1F1A0B8-BEEE-490D-BA7C-066C40B5E2B9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E3E478D6-A2F2-4791-89A3-21F5C78DC3EC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{FCC152B7-F372-11D0-8E00-00C04FD7C08B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InprocServer32 -> No File Path
Hosts:
end
*****************

HKU\S-1-5-21-3409986712-3818737891-1182124187-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value not found.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
catchme => Service not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00BB2764-6A77-11D0-A535-00C04FD7D062} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{067B4B81-B1EC-489F-B111-940EBDC44EBE} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{0E890F83-5F79-11D1-9043-00C04FD9189D} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{1DCB3A00-33ED-11D3-8470-00C04F79DBC0} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{22D6F312-B0F6-11D0-94AB-0080C74C7E95} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{25BAAD81-3560-11D3-8471-00C04F79DBC0} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F4CF-98B5-11CF-BB82-00AA00BDCE0B} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3050F4F5-98B5-11CF-BB82-00AA00BDCE0B} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{30C3B080-30FB-11D0-B724-00AA006C1A01} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3484F78F-F8CE-4CF3-914F-10F1A76BF0D5} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{385A91BC-1E8A-4E4A-A7A6-F4FC1E6CA1BD} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{3F30C968-480A-4C6C-862D-EFC0897BB84B} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4063BE15-3B08-470D-A0D5-B37161CFFD69} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4657278A-411B-11D2-839A-00C04FD918D0} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4CB26C03-FF93-11D0-817E-0000F87557DB} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4DB26476-6787-4046-B836-E8412A9E8A27} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{4FD2A832-86C8-11D0-8FCA-00C04FD9189D} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{527C9A9B-B9A2-44B0-84F9-F0DC11C2BCFB} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{5DC5B31E-0C28-4679-B8D8-32CF2F9BACED} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6263C176-0876-4B04-8DE0-44AB74489D72} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6935DB93-21E8-4CCC-BEB9-9FE3C77A297A} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6A01FDA0-30DF-11D0-B724-00AA006C1A01} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6BF52A52-394A-11D3-B153-00C04F79FAA6} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{6E8D4A20-310C-11D0-B79A-00AA003767A7} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{77F419AA-771A-45FF-AC66-7567FA3243D3} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{77F7F122-20B0-4117-A2FB-059D1FC88256} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{7D9070AB-371A-4614-A964-D21BDFE1030B} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{81397204-F51A-4571-8D7B-DC030521AABD} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{85E94D25-0712-47ED-8CDE-B0971177C6A1} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{875CB1A1-0F29-45DE-A1AE-CFB4950D0B78} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{8E85D0CE-DEAF-4EA1-9410-FD1A2105CEB5} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{8F170678-2A97-4D59-89A1-7A0A71C1B677} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{9B8C4620-2C1A-11D0-8493-00A02438AD48} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{A7EE7F34-3BD1-427F-9231-F941E9B7E1FE} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{AB968F1E-E20B-403A-9EB8-72EB0EB6797E} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{ADC6CB82-424C-11D2-952A-00C04FA34F05} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{C206F324-BB45-4765-93FF-3BCA7306FF2E} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CD8743A1-3736-11D0-9E69-00C04FD7C15B} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{CE292861-FC88-11D0-9E69-00C04FD7C15B} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{D1FE6762-FC48-11D0-883A-3C8B00C10000} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E03E85B0-7BE3-4000-BA98-6C13DE9FA486} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E1F1A0B8-BEEE-490D-BA7C-066C40B5E2B9} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E3E478D6-A2F2-4791-89A3-21F5C78DC3EC} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{FCC152B7-F372-11D0-8E00-00C04FD7C08B} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C} => Key not found.
HKU\S-1-5-21-3409986712-3818737891-1182124187-1000_Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000} => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog 20:25:13 ====



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-05-2015 01
Ran by kir at 2015-05-08 20:27:03 Run:4
Running from C:\Users\kir\Desktop
Loaded Profiles: kir (Available profiles: kir)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
DeleteQuarantine:
end
*****************

"C:\FRST\Quarantine" => Removed successfully.

==== End of Fixlog 20:27:03 ====


 


  • 0

Advertisements


#26
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
OK. I guess that we are almost done here, after I clean you up I will ask a tech to look here and continue with the assistance.



51a5ce45263de-delfix.png Clean with DelFix

Please download DelFix by Xplode and save it to your desktop.
  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.
Include it for my review.
Please also manually reboot your machine after posting your logfile.
  • 0

#27
utcol2

utcol2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

OK thanks for all the help. :) Here is the log:

 

 

 

# DelFix v1.010 - Logfile created 10/05/2015 at 01:47:22
# Updated 26/04/2015 by Xplode
# Username : kir - PC
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\kir\Desktop\mbar
Deleted : C:\zoek-results.log
Deleted : C:\Users\kir\Desktop\Addition.txt
Deleted : C:\Users\kir\Desktop\adwcleaner_4.201.exe
Deleted : C:\Users\kir\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\kir\Desktop\Fixlog.txt
Deleted : C:\Users\kir\Desktop\Fixlog1.txt
Deleted : C:\Users\kir\Desktop\Fixlog2.txt
Deleted : C:\Users\kir\Desktop\FRST.exe
Deleted : C:\Users\kir\Desktop\FRST.txt
Deleted : C:\Users\kir\Desktop\FSS.exe
Deleted : C:\Users\kir\Desktop\FSS.txt
Deleted : C:\Users\kir\Desktop\JRT.exe
Deleted : C:\Users\kir\Desktop\JRT.txt
Deleted : C:\Users\kir\Desktop\zoek.exe
Deleted : C:\Windows\system32\SWReg.exe
Deleted : C:\Windows\system32\SWSC.exe
Deleted : C:\Windows\system32\SWXCacls.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware

~ Cleaning system restore ...

Deleted : RP #1964 [Windows Update | 04/29/2015 00:40:31]
Deleted : RP #1965 [Scheduled Checkpoint | 04/29/2015 19:23:56]
Deleted : RP #1966 [Windows Update | 05/02/2015 00:18:10]
Deleted : RP #1967 [Scheduled Checkpoint | 05/02/2015 13:39:26]
Deleted : RP #1968 [Scheduled Checkpoint | 05/03/2015 14:10:28]
Deleted : RP #1969 [Scheduled Checkpoint | 05/04/2015 14:09:52]
Deleted : RP #1970 [zoek.exe restore point | 05/04/2015 18:46:44]
Deleted : RP #1971 [Windows Update | 05/06/2015 00:53:18]
Deleted : RP #1972 [Windows Update | 05/09/2015 00:53:31]
Deleted : RP #1974 [Installed Rapport | 05/09/2015 14:28:10]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 


  • 0

#28
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.


Recommended reading:


icon_exclaim.gif MUST READ - security tips: Computer Security - a short guide to staying safer online.
icon_exclaim.gif MUST READ - general maintenance: What to do if your Computer is running slowly?


Recommended additional software:


icon_arrow.gif TFC - to clean unneeded temporary files.
icon_arrow.gif Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gif Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gif McShield - to prevent infections spread by removable media.
icon_arrow.gif CryptoPrevent - to secure yourself from very severe CryptoLocker infection.
icon_arrow.gif Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.




Now I will ask a tech colleague to take a look here and continue assisting you.


Stay safe,
Naat :)
  • 0

#29
utcol2

utcol2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Thanks so much for your help. :) Really appreciate it. I'll keep a look out for your colleague. Thanks again!
  • 0

#30
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi :)

I had a speak with Phill - he will be glad to continue assisting you. Please start a new thread in the Windows Vista™ and Windows 7™ forum, providing also the link to this topic so they are aware what exactly has been done and they have my approval on the malware side.


Best of luck! :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP